CsrLiz344
-
Content Count
114 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by CsrLiz344
-
-
Everytime I try to use my floppy drive, I get this message:
A:\ is not accessible.
No ID address mark was found on the floppy disk.
Anybody have a clue? (I sure don't).
-
-
-
Maybe you could take her to their home page and let her read it for herself. If that doesn't work, let her go ahead and sue. It's gonna cost her money to have someone get into her PC to see what's loaded, and when they find nothing, you will be vindicated.
-
As of yesterday, in NE Ohio, it's 1.99. Seems like the good old days.........
-
Sidekick is right, there is only 1 place where you will find the peace you so desperately need. God promises us that He will give us love, peace, and a sound mind. I don't know how He does it, when our worlds are falling apart around us, but He does. All we need to do id trust in Him, and we find everything we need.
I will be praying for the family, and the 7 children, it's a horrible thing to go through. Accept my condolences, God bless.
-
I'm excited Call for Help is comin back!! I wonder if it will be as good, seeing as it's on that "other network"...............
-
Well, I got it to open one way, and that was by allowing all Java on every site. But, if there's another way to do it, it would be better.
-
Yes, it is, and the real whacky thing is, my hubby can get it to open on his screen (XP). What would be the diff?
-
I d/l'd Firefox as njustice suggested, but now I have a problem
When I try to go to my homepage (sbc yahoo dsl), I am not able to open the page. I get a red S on the left side, right above the page, that says Java is disabled. But, I have it enabled under Options. This is the message I get in the Javascript Console:
Warning: The stylesheet http://dsl.sbc.yahoo.com/ was loaded as CSS even though its MIME type, "text/html", is not "text/css".
I don't know what that means, but I can't access my homepage, which means I can't access my email, as I don't use OE.
Help (again)..........
P.S.
Ok, the exact thing I get is a big red S with a circle that says after it Javascript currently forbidden, then in parenthesis it says (21 <script>)
-
Thank you for all your help and time. You have been wonderful.
-
That kinda makes me chuckle-if you had said clean up your temp files, I woulda known what you meant. All that fancy tech language had me confused lol
Anyway, comp is running good, no dialer, no (so far) found new hardware comin up. I've got some fancy new programs if I ever need them again
Thanks again.
Anything else we need to do??
-
BTW, here's the last HijackFree scan results:
Switch language
a-squared HiJackFree Analysis
www.hijackfree.com
Version info: Result ToDo
Your used version of a-squared HiJackFree: 1.20
The current version of a-squared HiJackFree: 1.20
Your used operating system version: Windows XP Service Pack 2
The current version of your operating system: Windows XP Service Pack 2
Registry Autoruns: Result ToDo
Name: IntelliPoint
Path: C:\Program Files\Microsoft IntelliPoint\point32.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 0
View Details
Name: AVG7_CC
Path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: AVG7_EMC
Path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: Zone Labs Client
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: YBrowser
Path: C:\Program Files\Yahoo!\browser\ybrwicon.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: CursorXP
Path: C:\Program Files\CursorXP\CursorXP.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: PopUpStopperFreeEdition
Path: C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: AIM
Path: C:\Program Files\aim\aim.exe -cnetwait.odl
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: a-squared
Path: C:\Program Files\a2\a2guard.exe
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Tricky and Other Autoruns: Result ToDo
Name: load
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Name: run
Path:
Location: win.ini
Not checked Unknown Item
Search at Google
Name: shell
Path: Explorer.exe
Location: win.ini
Not checked Unknown Item
Search at Google
Name: scrnsave.exe
Path: C:\WINDOWS\system32\logon.scr
Location: win.ini
Not checked Unknown Item
Search at Google
Name: NUL
Path: îÂ|8‘|ÿÿÿÿ2‘|«‘|ë‘|
Location: win.ini
Not checked Unknown Item
Search at Google
Name: NUL
Path: îÂ|8‘|ÿÿÿÿ2‘|«‘|ë‘|
Location: win.ini
Not checked Unknown Item
Search at Google
Name: SBC Self Support Tool
Path:
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: AVG7_Run
Path: C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
Location: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Not checked Unknown Item
Search at Google
Name: Shell
Path: Explorer.exe
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Not checked Unknown Item
Search at Google
Name: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe /ShowWMP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\system32\system32\shmgrate.exe OCInstallUserConfigIE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: C:\WINDOWS\system32\system32\shmgrate.exe OCInstallUserConfigOE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: C:\WINDOWS\system32\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\system32\themeui.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: C:\Program Files\Outlook Express\setup50.exe /APP:OE /CALLER:WINNT /user /install
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {4b218e3e-bc98-4770-93d3-2731b9329278}
Path: C:\WINDOWS\system32\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\system32\inf\ie.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: C:\Program Files\Outlook Express\setup50.exe /APP:WAB /CALLER:WINNT /user /install
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\system32\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: VBScript Script File
Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %*
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: VBScript Encoded Script File
Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %*
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Script File
Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Encoded Script File
Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %*
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script Host Settings File
Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %*
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script File
Path: C:\Program Files\Script Sentry\ScriptSentry.exe %1 %*
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Application
Path: %1 %*
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Batch File
Path: %1 %*
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Screen Saver
Path: %1 /S
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Shortcut to MS-DOS Program
Path: %1 %*
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: wbsys.dll
Path: wbsys.dll
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
Not checked Unknown Item
Search at Google
Name: SCRNSAVE.EXE
Path: C:\WINDOWS\system32\logon.scr
Location: HKCU\Control Panel\Desktop\
Not checked Unknown Item
Search at Google
Name: BootExecute
Path: autocheck autochk *
Location: HKLM\System\CurrentControlSet\Control\Session Manager\
Not checked Unknown Item
Search at Google
Name: 0aMCPClient
Path: C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: PostBootReminder
Path: C:\WINDOWS\system32\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: CDBurn
Path: C:\WINDOWS\system32\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: WebCheck
Path: C:\WINDOWS\system32\System32\webcheck.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: SysTray
Path: C:\WINDOWS\system32\stobject.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Name: mswsock.dll
Path: C:\WINDOWS\system32\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Name: rsvpsp.dll
Path: C:\WINDOWS\system32\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Explorer And Browser Addons: Result ToDo
Name: Yahoo! Companion BHO
Path: C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {02478D38-C3F9-4efb-9B51-7695ECA05670}
Good: 1 - Bad: 0
View Details
Name: AcroIEHlprObj Class
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Good: 1 - Bad: 0
View Details
Name:
Path: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {53707962-6F74-2D53-2644-206D7942484F}
Good: 1 - Bad: 0
View Details
Name: URL Exec Hook
Path: shell32.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Yahoo! Companion
Path: C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
Location: HKLM\Software\Microsoft\Internet Explorer\Toolbar\
ClsID: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
Good: 1 - Bad: 0
View Details
Local Open Ports: Result ToDo
Port: 135 TCP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 772)
Good: 1 - Bad: 0
View Details
Port: 139 TCP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 TCP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 1027 TCP
Path: C:\WINDOWS\system32\alg.exe (Process ID: 924)
Good: 1 - Bad: 0
View Details
Port: 1051 TCP
Path: C:\Program Files\aim\aim.exe (Process ID: 128)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1059 TCP
Path: ? (Process ID: 128)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 5180 TCP
Path: ? (Process ID: 128)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 10110 TCP
Path: C:\Program Files\Grisoft\AVG Free\avgemc.exe (Process ID: 2000)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 123 UDP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 836)
Good: 1 - Bad: 0
View Details
Port: 123 UDP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 836)
Good: 1 - Bad: 0
View Details
Port: 137 UDP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 138 UDP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 UDP
Path: ? (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 500 UDP
Path: C:\WINDOWS\system32\lsass.exe (Process ID: 580)
Good: 1 - Bad: 0
View Details
Port: 1052 UDP
Path: C:\Program Files\Grisoft\AVG Free\avgemc.exe (Process ID: 128)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1900 UDP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 900)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1900 UDP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 900)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 4500 UDP
Path: C:\WINDOWS\system32\lsass.exe (Process ID: 580)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Running Processes: Result ToDo
Name: [system Process]
Process ID: 0
Path:
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: System
Process ID: 4
Path:
Info: Threads: 59 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: aim.exe
Process ID: 128
Path: C:\Program Files\aim\
Info: Threads: 11 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2guard.exe
Process ID: 148
Path: C:\Program Files\a2\
Info: Threads: 10 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: ycommon.exe
Process ID: 184
Path: C:\Program Files\Yahoo!\browser\
Info: Threads: 9 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: smss.exe
Process ID: 452
Path: C:\WINDOWS\system32\
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: csrss.exe
Process ID: 500
Path: C:\WINDOWS\system32\
Info: Threads: 11 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: winlogon.exe
Process ID: 524
Path: C:\WINDOWS\system32\
Info: Threads: 19 - Priority: High - Visible: No
Good: 1 - Bad: 0
View Details
Name: services.exe
Process ID: 568
Path: C:\WINDOWS\system32\
Info: Threads: 15 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: lsass.exe
Process ID: 580
Path: C:\WINDOWS\system32\
Info: Threads: 21 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 724
Path: C:\WINDOWS\system32\
Info: Threads: 19 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 772
Path: C:\WINDOWS\system32\
Info: Threads: 10 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 836
Path: C:\WINDOWS\system32\
Info: Threads: 85 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 900
Path: C:\WINDOWS\system32\
Info: Threads: 14 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: alg.exe
Process ID: 924
Path: C:\WINDOWS\system32\
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: mpbtn.exe
Process ID: 996
Path: C:\Program Files\SBC Self Support Tool\bin\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: spoolsv.exe
Process ID: 1132
Path: C:\WINDOWS\system32\
Info: Threads: 15 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: SDMCP.exe
Process ID: 1256
Path: C:\Program Files\Common Files\Stardock\
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: wbload.exe
Process ID: 1292
Path: C:\Program Files\Stardock\Object Desktop\WindowBlinds\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: avgamsvr.exe
Process ID: 1364
Path: C:\Program Files\Grisoft\AVG Free\
Info: Threads: 10 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: avgupsvc.exe
Process ID: 1380
Path: C:\Program Files\Grisoft\AVG Free\
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: KodakCCS.exe
Process ID: 1452
Path: C:\WINDOWS\system32\drivers\
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: ScsiAccess.EXE
Process ID: 1492
Path: C:\WINDOWS\system32\
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 1532
Path: C:\WINDOWS\system32\
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: wdfmgr.exe
Process ID: 1556
Path: C:\WINDOWS\system32\
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: vsmon.exe
Process ID: 1592
Path: C:\WINDOWS\system32\ZoneLabs\
Info: Threads: 22 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: Explorer.EXE
Process ID: 1788
Path: C:\WINDOWS\
Info: Threads: 13 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: point32.exe
Process ID: 1984
Path: C:\Program Files\Microsoft IntelliPoint\
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: avgcc.exe
Process ID: 1992
Path: C:\Program Files\Grisoft\AVG Free\
Info: Threads: 7 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: avgemc.exe
Process ID: 2000
Path: C:\Program Files\Grisoft\AVG Free\
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: zlclient.exe
Process ID: 2008
Path: C:\Program Files\Zone Labs\ZoneAlarm\
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: ybrwicon.exe
Process ID: 2016
Path: C:\Program Files\Yahoo!\browser\
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: jusched.exe
Process ID: 2024
Path: C:\Program Files\Java\jre1.5.0_04\bin\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 2 - Bad: 0
View Details
Name: CursorXP.exe
Process ID: 2032
Path: C:\Program Files\CursorXP\
Info: Threads: 2 - Priority: High - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: PSFree.exe
Process ID: 2044
Path: C:\Program Files\Panicware\Pop-Up Stopper Free Edition\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: wuauclt.exe
Process ID: 2052
Path: C:\WINDOWS\system32\
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2start.exe
Process ID: 2744
Path: C:\Program Files\a2\
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2sys.exe (a-squared HiJackFree)
Process ID: 2764
Path: C:\Program Files\a2\
Info: Threads: 2 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
This analysis is saved and available for at least 7 days at this website address.
Analysis generated on 7/19/2005 1:54:38 AM
-
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
[*]C:\Windows\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
[*]Empty your "Recycle Bin"
Can you explain that? I admit to being a little computer savvy, but that escapes me
Thanks!
-
Ok, these are the results, I don't understand them, hopefully you can figure it out.
Incident Status Location
Adware:adware/pacimedia No disinfected C:\WINDOWS\SYSTEM32\ps1.exe
Adware:adware/exactsearch No disinfected C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\blank.gif
Adware:adware/delfinmedia No disinfected C:\DOCUMENTS AND SETTINGS\LIZ\LOCAL SETTINGS\TEMP\motoin.exe
Adware:adware/nsearch No disinfected C:\sp.exe
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Adware:adware/myway No disinfected C:\PROGRAM FILES\MySearch
Spyware:spyware/media-motor No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/M67M.OCX
Adware:adware/wupd No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIAACCX.DLL
Adware:adware/wintools No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_WINTOOLSSVC
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Jade\Local Settings\Temporary Internet Files\Content.IE5\Q4LV5IYF\upd208[1].exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[beowser.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[cBbinet.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[cqutil.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[cwypt32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[dmsrslvr.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[doquery.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[dv16gt.dLL]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[dXvclnt.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[fedrclnr.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[ibcoin2.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[idetcfg.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[ksdsl1.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[kxcp32.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[kydhe220.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[lHprxy.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[lutif11n.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[mcident.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[mjprivs.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[mvdtclog.dll]
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Desktop\l2mfix\backup.zip[guard.tmp]
Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\Liz\Local Settings\Temp\motoin.exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Local Settings\Temp\upd208.exe
Adware:Adware/Look2Me No disinfected C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\DFBJLT8E\upd208[1].exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[drloader.dll]
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[iaxrip.dll]
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[iyfosoft.dll]
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[jkproxy.dll]
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[madtclog.dll]
Adware:Adware/Look2Me No disinfected C:\RECYCLER\S-1-5-21-654705994-3440055010-3760535603-1006\Dc3\l2mfix\backup.zip[guard.tmp]
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\cfgmgr52.dll
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\WONWebLauncherControl.ocx
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\WONWebLauncherControl.ocx
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.ocx
Adware:Adware/Pacimedia No disinfected C:\WINDOWS\Downloaded Program Files\pcs_0006.exe
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Adware:Adware/IWon No disinfected C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\lhzgzhbk.exe
Possible Virus. No disinfected C:\WINDOWS\Live_Sex.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system\UpdInst.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\temp\upd208.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe
I also d/l'd the other software, after the scan, this is the web addy to check the results
http://www.hijackfree.com/analyze/?id=a3ac...21-f1303aa2d81e
-
I got the Panda done, it found a bunch of spyware, will do the other in the morning. Do you want the names of them, I saved the report.
-
Service load: 0% 100%
File: pcconfig.dat
Status: OK
MD5 51ca4ba7556c2a4bb0e981da7bc8b907
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
Service load: 0% 100%
File: uccspecb.sys
Status: OK
MD5 0bd3364b4dd4cea7c2c7426598491a12
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
-
Ok, Skyes' account has been deleted, so we now have 3 to work with. All her files were deleted also.
mine
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! C:\log.txt
PEC2 C:\log.txt
PEC2 C:\win.txt
UPX! C:\windows.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PECompact2 C:\WINDOWS\lpt$vpn.731
qoologic C:\WINDOWS\lpt$vpn.731
SAHAgent C:\WINDOWS\lpt$vpn.731
abetterinternet.com C:\WINDOWS\ojojo.dll
web-nex C:\WINDOWS\ojojo.dll
UPX! C:\WINDOWS\RMAgentOutput.dll
UPX! C:\WINDOWS\tsc.exe
PECompact2 C:\WINDOWS\VPTNFILE.731
qoologic C:\WINDOWS\VPTNFILE.731
SAHAgent C:\WINDOWS\VPTNFILE.731
UPX! C:\WINDOWS\vsapi32.dll
aspack C:\WINDOWS\vsapi32.dll
Checking %System% folder...
PEC2 C:\WINDOWS\system32\dfrg.msc
UPX! C:\WINDOWS\system32\locate.com
PECompact2 C:\WINDOWS\system32\MRT.exe
aspack C:\WINDOWS\system32\MRT.exe
aspack C:\WINDOWS\system32\ntdll.dll
PEC2 C:\WINDOWS\system32\oembios.bin
Umonitor C:\WINDOWS\system32\rasdlg.dll
Checking %System%\Drivers folder and sub-folders...
UPX! C:\WINDOWS\system32\drivers\avg7core.sys
FSG! C:\WINDOWS\system32\drivers\avg7core.sys
aspack C:\WINDOWS\system32\drivers\avg7core.sys
PTech C:\WINDOWS\system32\drivers\mtlstrm.sys
Checking the Windows folder for system and hidden files within the last 60 days...
6/18/2005 C:\WINDOWS\pcconfig.dat
7/13/2005 C:\WINDOWS\uccspecb.sys
7/13/2005 C:\WINDOWS\WindowsShellOld.Manifest
6/22/2005 C:\WINDOWS\inf\oem26.inf
5/28/2005 C:\WINDOWS\Minidump\Mini052805-01.dmp
6/1/2005 C:\WINDOWS\Minidump\Mini060105-01.dmp
6/17/2005 C:\WINDOWS\system32\AuxDrv32b_g.oxc
7/17/2005 C:\WINDOWS\system32\vsconfig.xml
5/28/2005 C:\WINDOWS\system32\zllictbl.dat
7/17/2005 C:\WINDOWS\system32\config\default.LOG
7/17/2005 C:\WINDOWS\system32\config\SAM.LOG
7/17/2005 C:\WINDOWS\system32\config\SECURITY.LOG
7/17/2005 C:\WINDOWS\system32\config\software.LOG
7/17/2005 C:\WINDOWS\system32\config\system.LOG
7/13/2005 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2e7a6763-87c2-428c-a82b-f5fa0d94af0b
7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/17/2005 C:\WINDOWS\Tasks\SA.DAT
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
Checking %ALLUSERSPROFILE%\Startup folder...
Checking %ALLUSERSPROFILE%\Application Data folder...
Checking %USERPROFILE%\Startup folder...
Checking %USERPROFILE%\Application Data folder...
»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»
*\shellex\ContextMenuHandlers
*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
*\shellex\ContextMenuHandlers\nfnfnsxg
{c5583504-9ba4-4eda-bb2d-5f62737ad84d} =
*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin =
SOFTWARE\Classes\Folder\shellex\ColumnHandlers
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
YBrowser C:\Program Files\Yahoo!\browser\ybrwicon.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
RegistryMechanic
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DW4 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient
= C:\Program Files\Common Files\Stardock\mcpstub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB
= C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\0aMCPClient
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs wbsys.dll
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.0.0.8 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Rick
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! C:\log.txt
PEC2 C:\log.txt
PEC2 C:\win.txt
UPX! C:\windows.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PECompact2 C:\WINDOWS\lpt$vpn.731
qoologic C:\WINDOWS\lpt$vpn.731
SAHAgent C:\WINDOWS\lpt$vpn.731
abetterinternet.com C:\WINDOWS\ojojo.dll
web-nex C:\WINDOWS\ojojo.dll
UPX! C:\WINDOWS\RMAgentOutput.dll
UPX! C:\WINDOWS\tsc.exe
PECompact2 C:\WINDOWS\VPTNFILE.731
qoologic C:\WINDOWS\VPTNFILE.731
SAHAgent C:\WINDOWS\VPTNFILE.731
UPX! C:\WINDOWS\vsapi32.dll
aspack C:\WINDOWS\vsapi32.dll
Checking %System% folder...
PEC2 C:\WINDOWS\system32\dfrg.msc
UPX! C:\WINDOWS\system32\locate.com
PECompact2 C:\WINDOWS\system32\MRT.exe
aspack C:\WINDOWS\system32\MRT.exe
aspack C:\WINDOWS\system32\ntdll.dll
PEC2 C:\WINDOWS\system32\oembios.bin
Umonitor C:\WINDOWS\system32\rasdlg.dll
Checking %System%\Drivers folder and sub-folders...
UPX! C:\WINDOWS\system32\drivers\avg7core.sys
FSG! C:\WINDOWS\system32\drivers\avg7core.sys
aspack C:\WINDOWS\system32\drivers\avg7core.sys
PTech C:\WINDOWS\system32\drivers\mtlstrm.sys
Checking the Windows folder for system and hidden files within the last 60 days...
6/18/2005 C:\WINDOWS\pcconfig.dat
7/13/2005 C:\WINDOWS\uccspecb.sys
7/13/2005 C:\WINDOWS\WindowsShellOld.Manifest
6/22/2005 C:\WINDOWS\inf\oem26.inf
5/28/2005 C:\WINDOWS\Minidump\Mini052805-01.dmp
6/1/2005 C:\WINDOWS\Minidump\Mini060105-01.dmp
6/17/2005 C:\WINDOWS\system32\AuxDrv32b_g.oxc
7/17/2005 C:\WINDOWS\system32\vsconfig.xml
5/28/2005 C:\WINDOWS\system32\zllictbl.dat
7/17/2005 C:\WINDOWS\system32\config\default.LOG
7/17/2005 C:\WINDOWS\system32\config\SAM.LOG
7/17/2005 C:\WINDOWS\system32\config\SECURITY.LOG
7/17/2005 C:\WINDOWS\system32\config\software.LOG
7/17/2005 C:\WINDOWS\system32\config\system.LOG
7/13/2005 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2e7a6763-87c2-428c-a82b-f5fa0d94af0b
7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/17/2005 C:\WINDOWS\Tasks\SA.DAT
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
Checking %ALLUSERSPROFILE%\Startup folder...
Checking %ALLUSERSPROFILE%\Application Data folder...
Checking %USERPROFILE%\Startup folder...
Checking %USERPROFILE%\Application Data folder...
»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»
*\shellex\ContextMenuHandlers
*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
*\shellex\ContextMenuHandlers\nfnfnsxg
{c5583504-9ba4-4eda-bb2d-5f62737ad84d} =
*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin =
SOFTWARE\Classes\Folder\shellex\ColumnHandlers
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
YBrowser C:\Program Files\Yahoo!\browser\ybrwicon.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
RegistryMechanic
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DW4 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient
= C:\Program Files\Common Files\Stardock\mcpstub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB
= C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\0aMCPClient
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs wbsys.dll
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.0.0.8 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Jade
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! C:\log.txt
PEC2 C:\log.txt
PEC2 C:\win.txt
UPX! C:\windows.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PECompact2 C:\WINDOWS\lpt$vpn.731
qoologic C:\WINDOWS\lpt$vpn.731
SAHAgent C:\WINDOWS\lpt$vpn.731
abetterinternet.com C:\WINDOWS\ojojo.dll
web-nex C:\WINDOWS\ojojo.dll
UPX! C:\WINDOWS\RMAgentOutput.dll
UPX! C:\WINDOWS\tsc.exe
PECompact2 C:\WINDOWS\VPTNFILE.731
qoologic C:\WINDOWS\VPTNFILE.731
SAHAgent C:\WINDOWS\VPTNFILE.731
UPX! C:\WINDOWS\vsapi32.dll
aspack C:\WINDOWS\vsapi32.dll
Checking %System% folder...
PEC2 C:\WINDOWS\system32\dfrg.msc
UPX! C:\WINDOWS\system32\locate.com
PECompact2 C:\WINDOWS\system32\MRT.exe
aspack C:\WINDOWS\system32\MRT.exe
aspack C:\WINDOWS\system32\ntdll.dll
PEC2 C:\WINDOWS\system32\oembios.bin
Umonitor C:\WINDOWS\system32\rasdlg.dll
Checking %System%\Drivers folder and sub-folders...
UPX! C:\WINDOWS\system32\drivers\avg7core.sys
FSG! C:\WINDOWS\system32\drivers\avg7core.sys
aspack C:\WINDOWS\system32\drivers\avg7core.sys
PTech C:\WINDOWS\system32\drivers\mtlstrm.sys
Checking the Windows folder for system and hidden files within the last 60 days...
6/18/2005 C:\WINDOWS\pcconfig.dat
7/13/2005 C:\WINDOWS\uccspecb.sys
7/13/2005 C:\WINDOWS\WindowsShellOld.Manifest
6/22/2005 C:\WINDOWS\inf\oem26.inf
5/28/2005 C:\WINDOWS\Minidump\Mini052805-01.dmp
6/1/2005 C:\WINDOWS\Minidump\Mini060105-01.dmp
6/17/2005 C:\WINDOWS\system32\AuxDrv32b_g.oxc
7/16/2005 C:\WINDOWS\system32\vsconfig.xml
5/28/2005 C:\WINDOWS\system32\zllictbl.dat
7/16/2005 C:\WINDOWS\system32\config\default.LOG
7/16/2005 C:\WINDOWS\system32\config\SAM.LOG
7/16/2005 C:\WINDOWS\system32\config\SECURITY.LOG
7/16/2005 C:\WINDOWS\system32\config\software.LOG
7/16/2005 C:\WINDOWS\system32\config\system.LOG
7/13/2005 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2e7a6763-87c2-428c-a82b-f5fa0d94af0b
7/2/2005 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/16/2005 C:\WINDOWS\Tasks\SA.DAT
7/6/2005 C:\WINDOWS\temp\History\History.IE5\desktop.ini
7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini
7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\9JGKA28P\desktop.ini
7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\H1WQ1U85\desktop.ini
7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\OTIR0D2B\desktop.ini
7/6/2005 C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\XBU7GHEZ\desktop.ini
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
Checking %ALLUSERSPROFILE%\Startup folder...
Checking %ALLUSERSPROFILE%\Application Data folder...
Checking %USERPROFILE%\Startup folder...
Checking %USERPROFILE%\Application Data folder...
»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»
*\shellex\ContextMenuHandlers
*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
*\shellex\ContextMenuHandlers\nfnfnsxg
{c5583504-9ba4-4eda-bb2d-5f62737ad84d} =
*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin =
SOFTWARE\Classes\Folder\shellex\ColumnHandlers
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
YBrowser C:\Program Files\Yahoo!\browser\ybrwicon.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
RegistryMechanic
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
AIM C:\Program Files\aim\aim.exe -cnetwait.odl
Yahoo! Pager "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient
= C:\Program Files\Common Files\Stardock\mcpstub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB
= C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\0aMCPClient
{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Salwrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs wbsys.dll
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.0.0.8 - Log file written to "WinPFind.Txt" in the WinPFind folder.
I haven't gotten the "new hardware" message the last couple times I was logging on and off the different accounts. Next time I do, I will let you know what they say.
Thanks!!
-
ok, here ya go:
mine
Logfile of HijackThis v1.99.1
Scan saved at 7:42:57 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\aim\aim.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Rick
Logfile of HijackThis v1.99.1
Scan saved at 7:49:37 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Jade
Logfile of HijackThis v1.99.1
Scan saved at 7:47:09 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/segmentation/welco...version=puccini
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Skye
Logfile of HijackThis v1.99.1
Scan saved at 7:51:37 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\aim\aim.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\DOCUME~1\Skye\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Also, I wanted to ask you, actually hubby did, we always have 2 'new hardware found' boxes come up when we all log on. One is CLID, or similiar, and the other is MSTREAM. How do you get rid of those? Not that they hurt anything, just a pain.
-
Okie dokie, here ya go:
C:\Documents and Settings\Liz\Desktop\rkfiles
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\oembios.bin: peC2"y)Q
Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\imgurla.exe: UPX!
C:\WINDOWS\RMAgentOutput.dll: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
-
Did the rkfiles thing, copied the log, hit paste, and when I got back here, there's nothing there. There wasn't a whole lot on it, I can do it again and write it down if you need it.
We are all admins, and I rebooted into his screen and that dialer didn't come up (woohoo)!!!!!
As far as how the comp is running, it's fine. Seems faster now then it was (DSL), maybe cause all that crap is gone.
The one thing I noticed, and I think I mentioned it earlier, is my system restore is whacked. I don't plan on restoring it, but the only date available is yesterday's. Nothing else is bold, and I can't switch months.
-
Ok, did all that. My original problem, which is on the support forum, is still there! UGH! It's the XXX Dialer on hubbys screen. I ran HJT on that one, and didn't see anything different than mine. The red app for Yahoo is still on his, but that's about it. ::sigh::
Decided to d/l a 30 day trial of PC_Cillin while I was waiting for the trend scan, but it kept making my computer reboot by itself. Needless to say, it's gone
Anyway, here's the latest log. And, BTW, I appreciate everybody's help, you guys rock!
Logfile of HijackThis v1.99.1
Scan saved at 9:45:17 AM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\aim\aim.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\drloader.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
-
Fix Log
L2Mfix 1.03a
Running From:
C:\Documents and Settings\Liz\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
C:\Documents and Settings\Liz\Desktop\l2mfix
System Rebooted!
Running From:
C:\Documents and Settings\Liz\Desktop\l2mfix
killing explorer and rundll32.exe
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1920 'explorer.exe'
Killing PID 1920 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1312 'rundll32.exe'
Killing PID 1684 'rundll32.exe'
Killing PID 196 'rundll32.exe'
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\beowser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\beowser.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cBbinet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cBbinet.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cqutil.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cqutil.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cwypt32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\cwypt32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmsrslvr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dmsrslvr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\doquery.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\doquery.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dv16gt.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dv16gt.dLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dXvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dXvclnt.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fedrclnr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fedrclnr.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibcoin2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ibcoin2.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\idetcfg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\idetcfg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ksdsl1.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxcp32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kxcp32.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kydhe220.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kydhe220.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lHprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lHprxy.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lutif11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\lutif11n.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcident.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mcident.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjprivs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mjprivs.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvdtclog.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvdtclog.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\beowser.dll
Successfully Deleted: C:\WINDOWS\system32\beowser.dll
deleting: C:\WINDOWS\system32\beowser.dll
Successfully Deleted: C:\WINDOWS\system32\beowser.dll
deleting: C:\WINDOWS\system32\cBbinet.dll
Successfully Deleted: C:\WINDOWS\system32\cBbinet.dll
deleting: C:\WINDOWS\system32\cBbinet.dll
Successfully Deleted: C:\WINDOWS\system32\cBbinet.dll
deleting: C:\WINDOWS\system32\cqutil.dll
Successfully Deleted: C:\WINDOWS\system32\cqutil.dll
deleting: C:\WINDOWS\system32\cqutil.dll
Successfully Deleted: C:\WINDOWS\system32\cqutil.dll
deleting: C:\WINDOWS\system32\cwypt32.dll
Successfully Deleted: C:\WINDOWS\system32\cwypt32.dll
deleting: C:\WINDOWS\system32\cwypt32.dll
Successfully Deleted: C:\WINDOWS\system32\cwypt32.dll
deleting: C:\WINDOWS\system32\dmsrslvr.dll
Successfully Deleted: C:\WINDOWS\system32\dmsrslvr.dll
deleting: C:\WINDOWS\system32\dmsrslvr.dll
Successfully Deleted: C:\WINDOWS\system32\dmsrslvr.dll
deleting: C:\WINDOWS\system32\doquery.dll
Successfully Deleted: C:\WINDOWS\system32\doquery.dll
deleting: C:\WINDOWS\system32\doquery.dll
Successfully Deleted: C:\WINDOWS\system32\doquery.dll
deleting: C:\WINDOWS\system32\dv16gt.dLL
Successfully Deleted: C:\WINDOWS\system32\dv16gt.dLL
deleting: C:\WINDOWS\system32\dv16gt.dLL
Successfully Deleted: C:\WINDOWS\system32\dv16gt.dLL
deleting: C:\WINDOWS\system32\dXvclnt.dll
Successfully Deleted: C:\WINDOWS\system32\dXvclnt.dll
deleting: C:\WINDOWS\system32\dXvclnt.dll
Successfully Deleted: C:\WINDOWS\system32\dXvclnt.dll
deleting: C:\WINDOWS\system32\fedrclnr.dll
Successfully Deleted: C:\WINDOWS\system32\fedrclnr.dll
deleting: C:\WINDOWS\system32\fedrclnr.dll
Successfully Deleted: C:\WINDOWS\system32\fedrclnr.dll
deleting: C:\WINDOWS\system32\ibcoin2.dll
Successfully Deleted: C:\WINDOWS\system32\ibcoin2.dll
deleting: C:\WINDOWS\system32\ibcoin2.dll
Successfully Deleted: C:\WINDOWS\system32\ibcoin2.dll
deleting: C:\WINDOWS\system32\idetcfg.dll
Successfully Deleted: C:\WINDOWS\system32\idetcfg.dll
deleting: C:\WINDOWS\system32\idetcfg.dll
Successfully Deleted: C:\WINDOWS\system32\idetcfg.dll
deleting: C:\WINDOWS\system32\ksdsl1.dll
Successfully Deleted: C:\WINDOWS\system32\ksdsl1.dll
deleting: C:\WINDOWS\system32\ksdsl1.dll
Successfully Deleted: C:\WINDOWS\system32\ksdsl1.dll
deleting: C:\WINDOWS\system32\kxcp32.dll
Successfully Deleted: C:\WINDOWS\system32\kxcp32.dll
deleting: C:\WINDOWS\system32\kxcp32.dll
Successfully Deleted: C:\WINDOWS\system32\kxcp32.dll
deleting: C:\WINDOWS\system32\kydhe220.dll
Successfully Deleted: C:\WINDOWS\system32\kydhe220.dll
deleting: C:\WINDOWS\system32\kydhe220.dll
Successfully Deleted: C:\WINDOWS\system32\kydhe220.dll
deleting: C:\WINDOWS\system32\lHprxy.dll
Successfully Deleted: C:\WINDOWS\system32\lHprxy.dll
deleting: C:\WINDOWS\system32\lHprxy.dll
Successfully Deleted: C:\WINDOWS\system32\lHprxy.dll
deleting: C:\WINDOWS\system32\lutif11n.dll
Successfully Deleted: C:\WINDOWS\system32\lutif11n.dll
deleting: C:\WINDOWS\system32\lutif11n.dll
Successfully Deleted: C:\WINDOWS\system32\lutif11n.dll
deleting: C:\WINDOWS\system32\mcident.dll
Successfully Deleted: C:\WINDOWS\system32\mcident.dll
deleting: C:\WINDOWS\system32\mcident.dll
Successfully Deleted: C:\WINDOWS\system32\mcident.dll
deleting: C:\WINDOWS\system32\mjprivs.dll
Successfully Deleted: C:\WINDOWS\system32\mjprivs.dll
deleting: C:\WINDOWS\system32\mjprivs.dll
Successfully Deleted: C:\WINDOWS\system32\mjprivs.dll
deleting: C:\WINDOWS\system32\mvdtclog.dll
Successfully Deleted: C:\WINDOWS\system32\mvdtclog.dll
deleting: C:\WINDOWS\system32\mvdtclog.dll
Successfully Deleted: C:\WINDOWS\system32\mvdtclog.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
Zipping up files for submission:
adding: beowser.dll (164 bytes security) (deflated 48%)
adding: cBbinet.dll (164 bytes security) (deflated 48%)
adding: cqutil.dll (164 bytes security) (deflated 48%)
adding: cwypt32.dll (164 bytes security) (deflated 48%)
adding: dmsrslvr.dll (164 bytes security) (deflated 48%)
adding: doquery.dll (164 bytes security) (deflated 48%)
adding: dv16gt.dLL (164 bytes security) (deflated 48%)
adding: dXvclnt.dll (164 bytes security) (deflated 48%)
adding: fedrclnr.dll (164 bytes security) (deflated 48%)
adding: ibcoin2.dll (164 bytes security) (deflated 48%)
adding: idetcfg.dll (164 bytes security) (deflated 48%)
adding: ksdsl1.dll (164 bytes security) (deflated 48%)
adding: kxcp32.dll (164 bytes security) (deflated 48%)
adding: kydhe220.dll (164 bytes security) (deflated 48%)
adding: lHprxy.dll (164 bytes security) (deflated 48%)
adding: lutif11n.dll (164 bytes security) (deflated 48%)
adding: mcident.dll (164 bytes security) (deflated 48%)
adding: mjprivs.dll (164 bytes security) (deflated 48%)
adding: mvdtclog.dll (164 bytes security) (deflated 48%)
adding: guard.tmp (164 bytes security) (deflated 48%)
adding: clear.reg (164 bytes security) (deflated 58%)
adding: echo.reg (164 bytes security) (deflated 8%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 88%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 66%)
adding: test.txt (164 bytes security) (deflated 88%)
adding: test2.txt (164 bytes security) (deflated 40%)
adding: test3.txt (164 bytes security) (deflated 40%)
adding: test5.txt (164 bytes security) (deflated 40%)
adding: xfind.txt (164 bytes security) (deflated 85%)
adding: backregs/1109B115-12A5-4DB3-9934-B00A89CBAD99.reg (164 bytes security) (deflated 70%)
adding: backregs/1BD1FA66-A177-4DE0-8225-F838460CF2A4.reg (164 bytes security) (deflated 70%)
adding: backregs/81E4550B-A272-4A9F-A4EC-BE8F79D2481C.reg (164 bytes security) (deflated 70%)
adding: backregs/9650F943-878D-434C-BE40-0C26BBED2679.reg (164 bytes security) (deflated 70%)
adding: backregs/A6625691-0AF7-49AB-89BF-0211D60B9275.reg (164 bytes security) (deflated 70%)
adding: backregs/D251F2C0-ADC5-4A2C-9158-991DB6AF9003.reg (164 bytes security) (deflated 70%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
deleting local copy: beowser.dll
deleting local copy: beowser.dll
deleting local copy: cBbinet.dll
deleting local copy: cBbinet.dll
deleting local copy: cqutil.dll
deleting local copy: cqutil.dll
deleting local copy: cwypt32.dll
deleting local copy: cwypt32.dll
deleting local copy: dmsrslvr.dll
deleting local copy: dmsrslvr.dll
deleting local copy: doquery.dll
deleting local copy: doquery.dll
deleting local copy: dv16gt.dLL
deleting local copy: dv16gt.dLL
deleting local copy: dXvclnt.dll
deleting local copy: dXvclnt.dll
deleting local copy: fedrclnr.dll
deleting local copy: fedrclnr.dll
deleting local copy: ibcoin2.dll
deleting local copy: ibcoin2.dll
deleting local copy: idetcfg.dll
deleting local copy: idetcfg.dll
deleting local copy: ksdsl1.dll
deleting local copy: ksdsl1.dll
deleting local copy: kxcp32.dll
deleting local copy: kxcp32.dll
deleting local copy: kydhe220.dll
deleting local copy: kydhe220.dll
deleting local copy: lHprxy.dll
deleting local copy: lHprxy.dll
deleting local copy: lutif11n.dll
deleting local copy: lutif11n.dll
deleting local copy: mcident.dll
deleting local copy: mcident.dll
deleting local copy: mjprivs.dll
deleting local copy: mjprivs.dll
deleting local copy: mvdtclog.dll
deleting local copy: mvdtclog.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
"Asynchronous"=dword:00000000
"DllName"="C:\\Program Files\\Common Files\\Stardock\\mcpstub.dll"
"Startup"="MCPSystemStartup"
"Logon"="MCPLogonStartup"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
"Asynchronous"=dword:00000000
"DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll"
"Startup"="StartSys"
"Logon"="StartWB"
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\beowser.dll
C:\WINDOWS\system32\beowser.dll
C:\WINDOWS\system32\cBbinet.dll
C:\WINDOWS\system32\cBbinet.dll
C:\WINDOWS\system32\cqutil.dll
C:\WINDOWS\system32\cqutil.dll
C:\WINDOWS\system32\cwypt32.dll
C:\WINDOWS\system32\cwypt32.dll
C:\WINDOWS\system32\dmsrslvr.dll
C:\WINDOWS\system32\dmsrslvr.dll
C:\WINDOWS\system32\doquery.dll
C:\WINDOWS\system32\doquery.dll
C:\WINDOWS\system32\dv16gt.dLL
C:\WINDOWS\system32\dv16gt.dLL
C:\WINDOWS\system32\dXvclnt.dll
C:\WINDOWS\system32\dXvclnt.dll
C:\WINDOWS\system32\fedrclnr.dll
C:\WINDOWS\system32\fedrclnr.dll
C:\WINDOWS\system32\ibcoin2.dll
C:\WINDOWS\system32\ibcoin2.dll
C:\WINDOWS\system32\idetcfg.dll
C:\WINDOWS\system32\idetcfg.dll
C:\WINDOWS\system32\ksdsl1.dll
C:\WINDOWS\system32\ksdsl1.dll
C:\WINDOWS\system32\kxcp32.dll
C:\WINDOWS\system32\kxcp32.dll
C:\WINDOWS\system32\kydhe220.dll
C:\WINDOWS\system32\kydhe220.dll
C:\WINDOWS\system32\lHprxy.dll
C:\WINDOWS\system32\lHprxy.dll
C:\WINDOWS\system32\lutif11n.dll
C:\WINDOWS\system32\lutif11n.dll
C:\WINDOWS\system32\mcident.dll
C:\WINDOWS\system32\mcident.dll
C:\WINDOWS\system32\mjprivs.dll
C:\WINDOWS\system32\mjprivs.dll
C:\WINDOWS\system32\mvdtclog.dll
C:\WINDOWS\system32\mvdtclog.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}"=-
"{9650F943-878D-434C-BE40-0C26BBED2679}"=-
"{A6625691-0AF7-49AB-89BF-0211D60B9275}"=-
"{1109B115-12A5-4DB3-9934-B00A89CBAD99}"=-
"{1BD1FA66-A177-4DE0-8225-F838460CF2A4}"=-
"{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}]
[-HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}]
[-HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}]
[-HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}]
[-HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}]
[-HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 12:26:26 AM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Liz\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112485673484
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...02/cpbrkpie.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
-
Ok. here it is. I also noticed my system restore isn't working, and now my computer is real "jerky". If I try to play hearts, it looks like the cards are skipping, and that applies to everything I do.
The system restore is turned back on, but there is no date in bold except today, I can't go back to June either. Grrr-this thing is aggravating me!!
L2MFIX find log 1.03
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\iaxrip.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
"Asynchronous"=dword:00000000
"DllName"="C:\\Program Files\\Common Files\\Stardock\\mcpstub.dll"
"Startup"="MCPSystemStartup"
"Logon"="MCPLogonStartup"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\iaxrip.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Themes]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\drloader.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\drloader.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
"Asynchronous"=dword:00000000
"DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll"
"Startup"="StartSys"
"Logon"="StartWB"
********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{3CFB6117-AB06-4CBB-D23B-E92DAB0565B5}"=""
********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension"
"{20082881-FC36-4E47-9A7A-644C95FF749F}"="IntelliPoint Wireless Control Panel Property Page"
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}"="IntelliPoint Wheel Control Panel Property Page"
"{653DCCC2-13DB-45B2-A389-427885776CFE}"="IntelliPoint Activities Control Panel Property Page"
"{124597D8-850A-41AE-849C-017A4FA99CA2}"="IntelliPoint Buttons Control Panel Property Page"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2F5AC606-70CF-461C-BFE1-734234536262}"="WindowBlinds CPL Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"="CopyToCD shell extension"
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}"=""
"{9650F943-878D-434C-BE40-0C26BBED2679}"=""
"{A6625691-0AF7-49AB-89BF-0211D60B9275}"=""
"{1109B115-12A5-4DB3-9934-B00A89CBAD99}"=""
"{1BD1FA66-A177-4DE0-8225-F838460CF2A4}"=""
"{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}"=""
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D251F2C0-ADC5-4A2C-9158-991DB6AF9003}\InprocServer32]
@="C:\\WINDOWS\\system32\\cwypt32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9650F943-878D-434C-BE40-0C26BBED2679}\InprocServer32]
@="C:\\WINDOWS\\system32\\idetcfg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A6625691-0AF7-49AB-89BF-0211D60B9275}\InprocServer32]
@="C:\\WINDOWS\\system32\\drloader.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1109B115-12A5-4DB3-9934-B00A89CBAD99}\InprocServer32]
@="C:\\WINDOWS\\system32\\ksdsl1.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD1FA66-A177-4DE0-8225-F838460CF2A4}\InprocServer32]
@="C:\\WINDOWS\\system32\\iaxrip.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81E4550B-A272-4A9F-A4EC-BE8F79D2481C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibcoin2.dll"
"ThreadingModel"="Apartment"
********************************************************************************
**
Files Found are not all bad files:
Locate .tmp files:
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 24BA-00FB
Directory of C:\WINDOWS\System32
07/14/2005 10:53 PM 417,792 ksdsl1.dll
07/14/2005 06:27 PM 417,792 ibcoin2.dll
07/14/2005 02:44 PM 417,792 kxcp32.dll
07/14/2005 01:57 PM 417,792 dmsrslvr.dll
07/14/2005 01:57 PM 417,792 drloader.dll
07/14/2005 12:48 PM 417,792 kydhe220.dll
07/14/2005 12:42 PM 417,792 lHprxy.dll
07/14/2005 12:29 PM 417,792 mcident.dll
07/14/2005 11:38 AM 417,792 mjprivs.dll
07/14/2005 08:24 AM 417,792 lutif11n.dll
07/11/2005 06:31 PM 417,792 fedrclnr.dll
07/10/2005 06:31 PM 417,792 iaxrip.dll
07/06/2005 09:46 PM 417,792 idetcfg.dll
07/06/2005 09:44 PM 417,792 guard.tmp
07/06/2005 01:42 PM 417,792 cwypt32.dll
06/22/2005 07:37 PM <DIR> dllcache
06/17/2005 06:31 PM 5 AuxDrv32b_g.oxc
11/01/2002 12:25 PM <DIR> Microsoft
16 File(s) 6,266,885 bytes
2 Dir(s) 29,284,995,072 bytes free
Floppy Question
in Windows 10, 8, 7, Vista, and XP
Posted
I might agree on the dirty part, it's not letting me do anything-as soon as I insert the disk I get the error, don't get far enough to format. (Guess it's time for early spring cleaning of the pc)
Thanks!