Messages

1

Tech Clinic / SmartSecurity and other problems

« on: December 01, 2005, 09:34:17 AM »

Guestolo,

Many thanks for the suggestions. It's an invaluable list when coupled with advice as to which to run realtime.
One day someone will develop a solution to cover everything. (Thought that's what I was buying when I purchased McAfee Internet Security, but not so). I'm now backing up to a new hard drive, prior to running the XP repair / reinstall. Will post how I get on.

Many thanks!
Jarcy.

2

Tech Clinic / SmartSecurity and other problems

« on: November 24, 2005, 07:21:13 PM »

Guestolo,

Do you have any recommendations for alternative Virus scan and firewall?

Many thanks,

Jarcy

3

Tech Clinic / SmartSecurity and other problems

« on: November 20, 2005, 07:22:12 PM »

Guestolo,

Will try the XP repair route. Need to spend time backing up now (if I could only get my new HDD to work. I'm sure it's faulty so am going to exchange it. - but that's another story!).

You mentioned that you have a recommendation for a free virus scanner. Is it as good as say McAfee or Norton? If so, yes please, could you post details. Also I think you've mentioned in the past a recommended firewall? I want to set up parental controls, as the kids are using the 'net more now. I was going to use the McAfee tools, but does your recommendation have an alternative solution?

Many thanks again.

Jarcy.

4

Tech Clinic / SmartSecurity and other problems

« on: November 15, 2005, 05:32:32 PM »

Guestolo,

Well, I tried to run Kaspersky's, but it crashes. To be more precise, once I click on OK, to install the ActiveX component, the usual prompt - "Internet Explorer has encounted a problem and needs to close. We are sorry for the inconvenience" appears and once I click on "don't send", Explorer closes down.

My guess is that a clever virus knows which virus scanners are likely to pick it up, and hence crashes them before they get a chance to open.

Here's the Hijackthis logs for the other 2 users:

Adam:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:12 PM, on 11/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.meshcomputers.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [IFSplash] ImmSplsh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Bln] C:\WINDOWS\Tnf.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\PROGRA~1\INTERN~2\IDMan.exe /onboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\PROGRA~1\INTERN~2\IEGetAll.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: KE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\KE.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

And Sam:

Logfile of HijackThis v1.99.1
Scan saved at 9:59:06 PM, on 11/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.meshcomputers.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [IFSplash] ImmSplsh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: KE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\KE.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)


Do you think this one has beaten me? Is it time to reinstall XP, or should I try anything else?

Many thanks for all your help. Jarcy

5

Tech Clinic / SmartSecurity and other problems

« on: November 14, 2005, 06:35:39 PM »

Guestolo,

I did originally run the cleandesktop against each of my 4 user accounts, but I've rerun it again against each. I also ran Hijackthis against the 2 remaining user accounts, and took the liberty of checking and removing the following:

User Adam,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/1076/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/1076/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/1076/search.php

User Sam,

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/1076/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/1076/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/1076/search.php?O4 - HKCU\..\Run: [Otl] C:\WINDOWS\System32\Vgm.exe
O4 - HKCU\..\Run: [Unf] C:\WINDOWS\System32\Rep.exe
O4 - HKCU\..\Run: [Uns] C:\WINDOWS\Hkt.exe
O4 - HKCU\..\Run: [Ana] C:\WINDOWS\System32\Fvq.exe
O4 - HKCU\..\Run: [Frp] C:\WINDOWS\System32\Nub.exe
O4 - HKCU\..\Run: [Fnn] C:\WINDOWS\System32\Eho.exe

I found the original Ewido log. Here it is:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         7:29:32 AM, 10/20/2005
 + Report-Checksum:      CDE33FDB

 + Scan result:

   HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\{8B0FEF15-54DC-49F5-8377-8172DE975F75} -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\{99A8E2B2-3405-4C0D-9110-131C14CAAF62} -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
   HKLM\SOFTWARE\Classes\GSDA.GSDACtl\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup
   HKLM\SOFTWARE\Classes\GSDA.GSDACtl.1\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{29E825AA-13BC-457C-806A-D72E4A25B3C5} -> Spyware.BrilliantDigital : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{29E825AA-13BC-457C-806A-D72E4A25B3C5}\TypeLib\\ -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438} -> Spyware.BrilliantDigital : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{E79DADC6-18D0-4A2A-831F-D196D41F8438}\TypeLib\\ -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\LocalNRDDll.LocalNRDDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\LocalNRDDll.LocalNRDDllObj.1\CLSID\\ -> Spyware.TwainTech : Cleaned with backup
   HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\\CLSID -> Spyware.Hijacker.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain\\CLSID -> Spyware.Hijacker.Generic : Cleaned with backup
   HKLM\SOFTWARE\Classes\SearchRelevant\CLSID\\ -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Classes\Updater.BHO\CLSID\\ -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72F75B8-93F3-429D-B13E-660B206D897A} -> Spyware.Hijacker.Generic : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1101.dll\\.Owner -> Spyware.Gator : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1101.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!! -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows ControlAd -> Spyware.BlazeFind : Cleaned with backup
   HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
   HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
   C:\Documents and Settings\John Canfield\My Documents\Download Software\backup-20040928-211232-167.dll -> Spyware.Wesbar : Cleaned with backup
   C:\Documents and Settings\John Canfield\My Documents\Download Software\backup-20040928-211232-841.dll -> Spyware.MyWebSearch : Cleaned with backup
   C:\Documents and Settings\John Canfield\My Documents\Download Software\backup-20040929-012615-805.dll -> Spyware.BiSpy : Cleaned with backup
   C:\Program Files\Kazaa\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
   C:\Program Files\SearchRelevant\SearchRelevant.dll -> Spyware.Relevance : Cleaned with backup
   C:\Program Files\Windows AdControl\WinAdShift.dll -> Spyware.WinAD : Cleaned with backup
   C:\Program Files\Windows TaskAd\WinProject.dll -> Spyware.WinAD : Cleaned with backup
   C:\Program Files\Windows TaskAd\WinTaskAd.exe -> Spyware.WinAD : Cleaned with backup
   C:\RECYCLER\S-1-5-21-4018580023-3645477719-86686005-1009\Dc7.exe -> Spyware.ConsCorr : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
   C:\WINDOWS\LastGood\ZServ.dll -> Spyware.BiSpy : Cleaned with backup
   C:\WINDOWS\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
   C:\WINDOWS\pss\winupdate25236385[1].exeStartup -> TrojanDownloader.Small.ait : Cleaned with backup
   C:\WINDOWS\pss\winupdate87250345[1].exeStartup -> TrojanDownloader.Small.ait : Cleaned with backup
   C:\WINDOWS\system32\20723828.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\20723968.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\315046.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\54885734.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\6148843.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\6149078.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\661218.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\78387359.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\8072218.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\82312.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\9101531.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\948609.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\949906.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\98671.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\f3pssavr.scr -> Spyware.MyWebSearch : Cleaned with backup
   C:\WINDOWS\system32\mszx23.exe -> Backdoor.Haxdoor.bh : Cleaned with backup
   C:\WINDOWS\system32\notepad.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\winlow.sys -> Backdoor.Haxdoor.bb : Cleaned with backup
   C:\WINDOWS\ZServ.dll_tobedeleted -> Spyware.DlMax : Cleaned with backup


::Report End

And I rerun the report today, and it still fixed 17 items. Here's the report:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         11:16:20 PM, 11/14/2005
 + Report-Checksum:      557CB4EE

 + Scan result:

   HKU\S-1-5-21-4018580023-3645477719-86686005-1007\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1008\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1008\Software\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1008\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1008\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1008\Software\ZServ -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1009\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1009\Software\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1009\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1009\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1010\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1010\Software\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1010\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1010\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1010\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
   HKU\S-1-5-21-4018580023-3645477719-86686005-1010\Software\ZServ -> Spyware.BetterInternet : Cleaned with backup


::Report End

Do you want me to post a new hijackthis for my other 2 user accounts?

Many thanks again.

Jarcy

6

Tech Clinic / SmartSecurity and other problems

« on: November 13, 2005, 06:49:24 PM »

Guestolo,

I've checked the items through Hijackthis under my wife's profile.
Blacklight didn't find any hidden items, but here's the log:

11/13/05 23:41:20 [Info]: BlackLight Engine 1.0.25 initialized
11/13/05 23:41:20 [Info]: OS: 5.1 build 2600 (Service Pack 1)
11/13/05 23:41:20 [Note]: 4019 4
11/13/05 23:41:20 [Note]: 4005 0
11/13/05 23:41:38 [Note]: 4006 0
11/13/05 23:41:38 [Note]: 4011 1832
11/13/05 23:41:39 [Note]: FSRAW library version 1.7.1013

Unfortunately none of the current problems have improved yet.

Many thanks, Jarcy.

7

Tech Clinic / SmartSecurity and other problems

« on: November 10, 2005, 04:53:50 PM »

Guestolo,

Sorry about running the wrong version of Hijackthis.
Here's my correct log:

Logfile of HijackThis v1.99.1
Scan saved at 8:57:46 PM, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\OSDEAX.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [IFSplash] ImmSplsh.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

And here's the log a run under my wife's profile:

Logfile of HijackThis v1.99.1
Scan saved at 8:56:41 PM, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\OSDEAX.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/1076/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/1076/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://bestsearch.cc/1076/search.php?qq=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [IFSplash] ImmSplsh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [Imv] C:\WINDOWS\Lmn.exe
O4 - HKCU\..\Run: [Hoe] C:\WINDOWS\Ume.exe
O4 - HKCU\..\Run: [Nns] C:\WINDOWS\System32\Ifc.exe
O4 - HKCU\..\Run: [Clp] C:\WINDOWS\Luu.exe
O4 - HKCU\..\Run: [Hub] C:\WINDOWS\Hio.exe
O4 - HKCU\..\Run: [Sre] C:\WINDOWS\Iki.exe
O4 - HKCU\..\Run: [Sci] C:\WINDOWS\Lbq.exe
O4 - HKCU\..\Run: [Gja] C:\WINDOWS\Udh.exe
O4 - HKCU\..\Run: [Lds] C:\WINDOWS\Oje.exe
O4 - HKCU\..\Run: [Kcm] C:\WINDOWS\System32\Tkf.exe
O4 - HKCU\..\Run: [Mes] C:\WINDOWS\Niu.exe
O4 - HKCU\..\Run: [Sbk] C:\WINDOWS\System32\Flv.exe
O4 - HKCU\..\Run: [Jtn] C:\WINDOWS\Nro.exe
O4 - HKCU\..\Run: [Tao] C:\WINDOWS\System32\Akf.exe
O4 - HKCU\..\Run: [Klt] C:\WINDOWS\Nbe.exe
O4 - HKCU\..\Run: [Ohn] C:\WINDOWS\System32\Neg.exe
O4 - HKCU\..\Run: [Bou] C:\WINDOWS\System32\Kme.exe
O4 - HKCU\..\Run: [Jek] C:\WINDOWS\System32\Icv.exe
O4 - HKCU\..\Run: [Pia] C:\WINDOWS\System32\Vgh.exe
O4 - HKCU\..\Run: [Hea] C:\WINDOWS\System32\Ubt.exe
O4 - HKCU\..\Run: [Jgc] C:\WINDOWS\System32\Vct.exe
O4 - HKCU\..\Run: [Evh] C:\WINDOWS\Jre.exe
O4 - HKCU\..\Run: [Sju] C:\WINDOWS\System32\Uva.exe
O4 - HKCU\..\Run: [Uai] C:\WINDOWS\Lfa.exe
O4 - HKCU\..\Run: [Mkh] C:\WINDOWS\System32\Pji.exe
O4 - HKCU\..\Run: [Qrh] C:\WINDOWS\Hfs.exe
O4 - HKCU\..\Run: [Ijo] C:\WINDOWS\Qaj.exe
O4 - HKCU\..\Run: [Osi] C:\WINDOWS\System32\Eqo.exe
O4 - HKCU\..\Run: [Bno] C:\WINDOWS\System32\Maa.exe
O4 - HKCU\..\Run: [Vfg] C:\WINDOWS\System32\Vbo.exe
O4 - HKCU\..\Run: [Jks] C:\WINDOWS\System32\Gje.exe
O4 - HKCU\..\Run: [Npr] C:\WINDOWS\Rvo.exe
O4 - HKCU\..\Run: [Mpu] C:\WINDOWS\System32\Niv.exe
O4 - HKCU\..\Run: [Rcq] C:\WINDOWS\System32\Irh.exe
O4 - HKCU\..\Run: [Mjm] C:\WINDOWS\Uon.exe
O4 - HKCU\..\Run: [Peh] C:\WINDOWS\Mhn.exe
O4 - HKCU\..\Run: [Hlk] C:\WINDOWS\Qne.exe
O4 - HKCU\..\Run: [Tsl] C:\WINDOWS\Mti.exe
O4 - HKCU\..\Run: [Dqm] C:\WINDOWS\System32\Tcq.exe
O4 - HKCU\..\Run: [Fqd] C:\WINDOWS\Sat.exe
O4 - HKCU\..\Run: [Huv] C:\WINDOWS\Roc.exe
O4 - HKCU\..\Run: [Mqa] C:\WINDOWS\Jom.exe
O4 - HKCU\..\Run: [Evs] C:\WINDOWS\Nda.exe
O4 - HKCU\..\Run: [Gqu] C:\WINDOWS\Ngp.exe
O4 - HKCU\..\Run: [Cid] C:\WINDOWS\System32\Ess.exe
O4 - HKCU\..\Run: [Gis] C:\WINDOWS\Acp.exe
O4 - HKCU\..\Run: [Rps] C:\WINDOWS\System32\Dtm.exe
O4 - HKCU\..\Run: [Jea] C:\WINDOWS\System32\Hdp.exe
O4 - HKCU\..\Run: [Pnd] C:\WINDOWS\System32\Nff.exe
O4 - HKCU\..\Run: [Bku] C:\WINDOWS\System32\Sca.exe
O4 - HKCU\..\Run: [Pad] C:\WINDOWS\System32\Psj.exe
O4 - HKCU\..\Run: [Cbh] C:\WINDOWS\Qnf.exe
O4 - HKCU\..\Run: [Bnu] C:\WINDOWS\Evh.exe
O4 - HKCU\..\Run: [Eer] C:\WINDOWS\Rgm.exe
O4 - HKCU\..\Run: [Bkj] C:\WINDOWS\System32\Arb.exe
O4 - HKCU\..\Run: [Eka] C:\WINDOWS\System32\Omr.exe
O4 - HKCU\..\Run: [Vme] C:\WINDOWS\Hun.exe
O4 - HKCU\..\Run: [Tva] C:\WINDOWS\System32\Uuu.exe
O4 - HKCU\..\Run: [Acb] C:\WINDOWS\System32\Bnf.exe
O4 - HKCU\..\Run: [Ldl] C:\WINDOWS\Kma.exe
O4 - HKCU\..\Run: [Mbs] C:\WINDOWS\System32\Ejo.exe
O4 - HKCU\..\Run: [Scn] C:\WINDOWS\Ibv.exe
O4 - HKCU\..\Run: [Ovn] C:\WINDOWS\Fjg.exe
O4 - HKCU\..\Run: [Omr] C:\WINDOWS\Ooi.exe
O4 - HKCU\..\Run: [Fji] C:\WINDOWS\Dbg.exe
O4 - HKCU\..\Run: [Jjr] C:\WINDOWS\Cvc.exe
O4 - HKCU\..\Run: [Esh] C:\WINDOWS\Ldg.exe
O4 - HKCU\..\Run: [Dcs] C:\WINDOWS\Nqd.exe
O4 - HKCU\..\Run: [Irt] C:\WINDOWS\Sqi.exe
O4 - HKCU\..\Run: [Lsl] C:\WINDOWS\System32\Juj.exe
O4 - HKCU\..\Run: [Lbr] C:\WINDOWS\System32\Ncj.exe
O4 - HKCU\..\Run: [Omv] C:\WINDOWS\System32\Efp.exe
O4 - HKCU\..\Run: [Ssa] C:\WINDOWS\Ugd.exe
O4 - HKCU\..\Run: [Lnp] C:\WINDOWS\Ofo.exe
O4 - HKCU\..\Run: [Tda] C:\WINDOWS\Ugg.exe
O4 - HKCU\..\Run: [Hgd] C:\WINDOWS\System32\Rfn.exe
O4 - HKCU\..\Run: [Amh] C:\WINDOWS\Pvb.exe
O4 - HKCU\..\Run: [Ofj] C:\WINDOWS\Muk.exe
O4 - HKCU\..\Run: [Jvf] C:\WINDOWS\System32\Feo.exe
O4 - HKCU\..\Run: [Fsl] C:\WINDOWS\Crl.exe
O4 - HKCU\..\Run: [Tur] C:\WINDOWS\Jfi.exe
O4 - HKCU\..\Run: [Mdd] C:\WINDOWS\Hjh.exe
O4 - HKCU\..\Run: [Lqe] C:\WINDOWS\Psp.exe
O4 - HKCU\..\Run: [Nqi] C:\WINDOWS\System32\Pts.exe
O4 - HKCU\..\Run: [Msf] C:\WINDOWS\Jbp.exe
O4 - HKCU\..\Run: [Dlu] C:\WINDOWS\System32\Vud.exe
O4 - HKCU\..\Run: [Okf] C:\WINDOWS\Veb.exe
O4 - HKCU\..\Run: [Hem] C:\WINDOWS\System32\Hib.exe
O4 - HKCU\..\Run: [Rli] C:\WINDOWS\System32\Cdr.exe
O4 - HKCU\..\Run: [Qdl] C:\WINDOWS\Lph.exe
O4 - HKCU\..\Run: [Qip] C:\WINDOWS\System32\Hve.exe
O4 - HKCU\..\Run: [Quj] C:\WINDOWS\Urk.exe
O4 - HKCU\..\Run: [Dqo] C:\WINDOWS\Qlm.exe
O4 - HKCU\..\Run: [Vov] C:\WINDOWS\Pou.exe
O4 - HKCU\..\Run: [Fec] C:\WINDOWS\System32\Bdn.exe
O4 - HKCU\..\Run: [Tqi] C:\WINDOWS\Jho.exe
O4 - HKCU\..\Run: [Gak] C:\WINDOWS\System32\Dgb.exe
O4 - HKCU\..\Run: [Fgm] C:\WINDOWS\Ldi.exe
O4 - HKCU\..\Run: [Rev] C:\WINDOWS\Kdk.exe
O4 - HKCU\..\Run: [Pmv] C:\WINDOWS\Rps.exe
O4 - HKCU\..\Run: [Hiq] C:\WINDOWS\System32\Uuc.exe
O4 - HKCU\..\Run: [Mjp] C:\WINDOWS\Dkm.exe
O4 - HKCU\..\Run: [Tmu] C:\WINDOWS\System32\Ele.exe
O4 - HKCU\..\Run: [Nto] C:\WINDOWS\Rlc.exe
O4 - HKCU\..\Run: [Qah] C:\WINDOWS\Rbk.exe
O4 - HKCU\..\Run: [Eae] C:\WINDOWS\Bqn.exe
O4 - HKCU\..\Run: [Crq] C:\WINDOWS\System32\Rtg.exe
O4 - HKCU\..\Run: [Ebd] C:\WINDOWS\System32\Tuo.exe
O4 - HKCU\..\Run: [Cnk] C:\WINDOWS\Bvi.exe
O4 - HKCU\..\Run: [Hku] C:\WINDOWS\System32\Pch.exe
O4 - HKCU\..\Run: [Rmm] C:\WINDOWS\Ugq.exe
O4 - HKCU\..\Run: [Jqm] C:\WINDOWS\System32\Grl.exe
O4 - HKCU\..\Run: [Lru] C:\WINDOWS\System32\Tqf.exe
O4 - HKCU\..\Run: [Pob] C:\WINDOWS\Dgo.exe
O4 - HKCU\..\Run: [Rkk] C:\WINDOWS\Veq.exe
O4 - HKCU\..\Run: [Evd] C:\WINDOWS\Fik.exe
O4 - HKCU\..\Run: [Irq] C:\WINDOWS\System32\Rhh.exe
O4 - HKCU\..\Run: [Gtg] C:\WINDOWS\System32\Dlu.exe
O4 - HKCU\..\Run: [Gbt] C:\WINDOWS\Vss.exe
O4 - HKCU\..\Run: [Men] C:\WINDOWS\System32\Mfs.exe
O4 - HKCU\..\Run: [Cov] C:\WINDOWS\System32\Hir.exe
O4 - HKCU\..\Run: [Ntj] C:\WINDOWS\System32\Hai.exe
O4 - HKCU\..\Run: [Lud] C:\WINDOWS\System32\Rgr.exe
O4 - HKCU\..\Run: [Eko] C:\WINDOWS\System32\Grp.exe
O4 - HKCU\..\Run: [Stl] C:\WINDOWS\Ilr.exe
O4 - HKCU\..\Run: [Jnb] C:\WINDOWS\Obq.exe
O4 - HKCU\..\Run: [Ism] C:\WINDOWS\Mtk.exe
O4 - HKCU\..\Run: [Mdl] C:\WINDOWS\System32\Fvq.exe
O4 - HKCU\..\Run: [Nba] C:\WINDOWS\System32\Gst.exe
O4 - HKCU\..\Run: [Joo] C:\WINDOWS\Gja.exe
O4 - HKCU\..\Run: [Ajt] C:\WINDOWS\Jao.exe
O4 - HKCU\..\Run: [Oce] C:\WINDOWS\System32\Fjm.exe
O4 - HKCU\..\Run: [Skp] C:\WINDOWS\System32\Eol.exe
O4 - HKCU\..\Run: [Krb] C:\WINDOWS\System32\Tmj.exe
O4 - HKCU\..\Run: [Ifv] C:\WINDOWS\Hqn.exe
O4 - HKCU\..\Run: [Miu] C:\WINDOWS\Gsu.exe
O4 - HKCU\..\Run: [Iqj] C:\WINDOWS\System32\Rcf.exe
O4 - HKCU\..\Run: [Pjp] C:\WINDOWS\Glt.exe
O4 - HKCU\..\Run: [Bht] C:\WINDOWS\System32\Brq.exe
O4 - HKCU\..\Run: [Pok] C:\WINDOWS\Sja.exe
O4 - HKCU\..\Run: [Ljk] C:\WINDOWS\System32\Ava.exe
O4 - HKCU\..\Run: [Clv] C:\WINDOWS\Qeu.exe
O4 - HKCU\..\Run: [Ibn] C:\WINDOWS\Vje.exe
O4 - HKCU\..\Run: [Hlr] C:\WINDOWS\System32\Cna.exe
O4 - HKCU\..\Run: [Trj] C:\WINDOWS\Fst.exe
O4 - HKCU\..\Run: [Jps] C:\WINDOWS\Vnc.exe
O4 - HKCU\..\Run: [Gvv] C:\WINDOWS\Mah.exe
O4 - HKCU\..\Run: [Glt] C:\WINDOWS\System32\Hkm.exe
O4 - HKCU\..\Run: [Ivd] C:\WINDOWS\System32\Jit.exe
O4 - HKCU\..\Run: [Vgm] C:\WINDOWS\System32\Iok.exe
O4 - HKCU\..\Run: [Kqt] C:\WINDOWS\System32\Rkd.exe
O4 - HKCU\..\Run: [Dgp] C:\WINDOWS\Ffk.exe
O4 - HKCU\..\Run: [Svj] C:\WINDOWS\System32\Vfe.exe
O4 - HKCU\..\Run: [Gvb] C:\WINDOWS\Sko.exe
O4 - HKCU\..\Run: [Dan] C:\WINDOWS\Djk.exe
O4 - HKCU\..\Run: [Nng] C:\WINDOWS\System32\Hjt.exe
O4 - HKCU\..\Run: [Vrf] C:\WINDOWS\System32\Pne.exe
O4 - HKCU\..\Run: [Qbf] C:\WINDOWS\System32\Oek.exe
O4 - HKCU\..\Run: [Ijs] C:\WINDOWS\System32\Rto.exe
O4 - HKCU\..\Run: [Hds] C:\WINDOWS\System32\Som.exe
O4 - HKCU\..\Run: [Eun] C:\WINDOWS\System32\Utb.exe
O4 - HKCU\..\Run: [Mrd] C:\WINDOWS\Vor.exe
O4 - HKCU\..\Run: [Jvt] C:\WINDOWS\System32\Lot.exe
O4 - HKCU\..\Run: [Ver] C:\WINDOWS\System32\Ndc.exe
O4 - HKCU\..\Run: [Dct] C:\WINDOWS\System32\Sds.exe
O4 - HKCU\..\Run: [Kqi] C:\WINDOWS\Kss.exe
O4 - HKCU\..\Run: [Opj] C:\WINDOWS\System32\Ibr.exe
O4 - HKCU\..\Run: [Hht] C:\WINDOWS\System32\Mki.exe
O4 - HKCU\..\Run: [Gst] C:\WINDOWS\System32\Rhf.exe
O4 - HKCU\..\Run: [Nbp] C:\WINDOWS\System32\Vre.exe
O4 - HKCU\..\Run: [Pju] C:\WINDOWS\Fsk.exe
O4 - HKCU\..\Run: [Vim] C:\WINDOWS\System32\Ufn.exe
O4 - HKCU\..\Run: [Qfo] C:\WINDOWS\Bjd.exe
O4 - HKCU\..\Run: [Qmt] C:\WINDOWS\System32\Hgf.exe
O4 - HKCU\..\Run: [Fsn] C:\WINDOWS\Fic.exe
O4 - HKCU\..\Run: [Kpd] C:\WINDOWS\Evn.exe
O4 - HKCU\..\Run: [Ocr] C:\WINDOWS\System32\Por.exe
O4 - HKCU\..\Run: [Hdv] C:\WINDOWS\Rrf.exe
O4 - HKCU\..\Run: [Erk] C:\WINDOWS\System32\Jsb.exe
O4 - HKCU\..\Run: [Cng] C:\WINDOWS\Ffj.exe
O4 - HKCU\..\Run: [Fcb] C:\WINDOWS\Kpq.exe
O4 - HKCU\..\Run: [Frf] C:\WINDOWS\System32\Rpe.exe
O4 - HKCU\..\Run: [Bvr] C:\WINDOWS\Fun.exe
O4 - HKCU\..\Run: [Pma] C:\WINDOWS\System32\Gdt.exe
O4 - HKCU\..\Run: [Etr] C:\WINDOWS\Mep.exe
O4 - HKCU\..\Run: [Rjp] C:\WINDOWS\Igd.exe
O4 - HKCU\..\Run: [Boj] C:\WINDOWS\System32\Pnu.exe
O4 - HKCU\..\Run: [Obl] C:\WINDOWS\System32\Nli.exe
O4 - HKCU\..\Run: [Nem] C:\WINDOWS\System32\Pdh.exe
O4 - HKCU\..\Run: [Nnj] C:\WINDOWS\Nog.exe
O4 - HKCU\..\Run: [Lar] C:\WINDOWS\System32\Vvk.exe
O4 - HKCU\..\Run: [Npm] C:\WINDOWS\Mst.exe
O4 - HKCU\..\Run: [Tmq] C:\WINDOWS\System32\Uam.exe
O4 - HKCU\..\Run: [Kct] C:\WINDOWS\Hkk.exe
O4 - HKCU\..\Run: [Gml] C:\WINDOWS\Vea.exe
O4 - HKCU\..\Run: [Hfu] C:\WINDOWS\System32\Cft.exe
O4 - HKCU\..\Run: [Fef] C:\WINDOWS\Nff.exe
O4 - HKCU\..\Run: [Dao] C:\WINDOWS\System32\Sld.exe
O4 - HKCU\..\Run: [Csc] C:\WINDOWS\System32\Jtc.exe
O4 - HKCU\..\Run: [Hpn] C:\WINDOWS\Ehf.exe
O4 - HKCU\..\Run: [Tnc] C:\WINDOWS\System32\Rnl.exe
O4 - HKCU\..\Run: [Tkd] C:\WINDOWS\System32\Tfq.exe
O4 - HKCU\..\Run: [Cuf] C:\WINDOWS\Ijl.exe
O4 - HKCU\..\Run: [Ebk] C:\WINDOWS\System32\Vqr.exe
O4 - HKCU\..\Run: [Vep] C:\WINDOWS\System32\Rih.exe
O4 - HKCU\..\Run: [Odr] C:\WINDOWS\System32\Fti.exe
O4 - HKCU\..\Run: [Vsr] C:\WINDOWS\Ptp.exe
O4 - HKCU\..\Run: [Ker] C:\WINDOWS\System32\Olh.exe
O4 - HKCU\..\Run: [Oaa] C:\WINDOWS\System32\Ukl.exe
O4 - HKCU\..\Run: [Tod] C:\WINDOWS\Buc.exe
O4 - HKCU\..\Run: [Eed] C:\WINDOWS\System32\Lpi.exe
O4 - HKCU\..\Run: [Oae] C:\WINDOWS\System32\Geq.exe
O4 - HKCU\..\Run: [Sfb] C:\WINDOWS\System32\Fem.exe
O4 - HKCU\..\Run: [Hba] C:\WINDOWS\Tpm.exe
O4 - HKCU\..\Run: [Tup] C:\WINDOWS\Hcu.exe
O4 - HKCU\..\Run: [Ljh] C:\WINDOWS\Bun.exe
O4 - HKCU\..\Run: [Mlm] C:\WINDOWS\System32\Fdt.exe
O4 - HKCU\..\Run: [Jsr] C:\WINDOWS\System32\Uem.exe
O4 - HKCU\..\Run: [Erm] C:\WINDOWS\Min.exe
O4 - HKCU\..\Run: [Rar] C:\WINDOWS\System32\Vba.exe
O4 - HKCU\..\Run: [Vkl] C:\WINDOWS\Jfo.exe
O4 - HKCU\..\Run: [Ukv] C:\WINDOWS\System32\Gqr.exe
O4 - HKCU\..\Run: [Ace] C:\WINDOWS\Jjn.exe
O4 - HKCU\..\Run: [Llq] C:\WINDOWS\Nat.exe
O4 - HKCU\..\Run: [Qce] C:\WINDOWS\Uoj.exe
O4 - HKCU\..\Run: [Pmg] C:\WINDOWS\Erc.exe
O4 - HKCU\..\Run: [Jog] C:\WINDOWS\Dvd.exe
O4 - HKCU\..\Run: [Pba] C:\WINDOWS\System32\Iol.exe
O4 - HKCU\..\Run: [Vau] C:\WINDOWS\System32\Mpf.exe
O4 - HKCU\..\Run: [Gub] C:\WINDOWS\Rtf.exe
O4 - HKCU\..\Run: [Sjt] C:\WINDOWS\System32\Luc.exe
O4 - HKCU\..\Run: [Mel] C:\WINDOWS\Tch.exe
O4 - HKCU\..\Run: [Nal] C:\WINDOWS\System32\Ipc.exe
O4 - HKCU\..\Run: [Nok] C:\WINDOWS\Ial.exe
O4 - HKCU\..\Run: [Pto] C:\WINDOWS\Dda.exe
O4 - HKCU\..\Run: [Tko] C:\WINDOWS\Bfi.exe
O4 - HKCU\..\Run: [Ugl] C:\WINDOWS\System32\Vbg.exe
O4 - HKCU\..\Run: [Brm] C:\WINDOWS\System32\Oaq.exe
O4 - HKCU\..\Run: [Fio] C:\WINDOWS\Agb.exe
O4 - HKCU\..\Run: [Ohe] C:\WINDOWS\Rvu.exe
O4 - HKCU\..\Run: [Gut] C:\WINDOWS\Qbj.exe
O4 - HKCU\..\Run: [Iuu] C:\WINDOWS\Lkp.exe
O4 - HKCU\..\Run: [Cre] C:\WINDOWS\System32\Adk.exe
O4 - HKCU\..\Run: [Oqe] C:\WINDOWS\System32\Qut.exe
O4 - HKCU\..\Run: [Nci] C:\WINDOWS\Ejj.exe
O4 - HKCU\..\Run: [Fmn] C:\WINDOWS\Hnu.exe
O4 - HKCU\..\Run: [Pni] C:\WINDOWS\Uve.exe
O4 - HKCU\..\Run: [Qak] C:\WINDOWS\System32\Joo.exe
O4 - HKCU\..\Run: [Gpk] C:\WINDOWS\Fpn.exe
O4 - HKCU\..\Run: [Ntr] C:\WINDOWS\Fpc.exe
O4 - HKCU\..\Run: [Fjv] C:\WINDOWS\System32\Nbn.exe
O4 - HKCU\..\Run: [Fce] C:\WINDOWS\Hph.exe
O4 - HKCU\..\Run: [Gjs] C:\WINDOWS\System32\Jld.exe
O4 - HKCU\..\Run: [Rfb] C:\WINDOWS\System32\Vhh.exe
O4 - HKCU\..\Run: [Ihq] C:\WINDOWS\Uvh.exe
O4 - HKCU\..\Run: [Tvk] C:\WINDOWS\Llv.exe
O4 - HKCU\..\Run: [Afe] C:\WINDOWS\System32\Api.exe
O4 - HKCU\..\Run: [Pkd] C:\WINDOWS\Hor.exe
O4 - HKCU\..\Run: [Gvc] C:\WINDOWS\Lnc.exe
O4 - HKCU\..\Run: [Uub] C:\WINDOWS\Ark.exe
O4 - HKCU\..\Run: [Ugp] C:\WINDOWS\Mbo.exe
O4 - HKCU\..\Run: [Rbb] C:\WINDOWS\Eug.exe
O4 - HKCU\..\Run: [Udk] C:\WINDOWS\Opa.exe
O4 - HKCU\..\Run: [Htk] C:\WINDOWS\System32\Atd.exe
O4 - HKCU\..\Run: [Gsd] C:\WINDOWS\Scd.exe
O4 - HKCU\..\Run: [Bdm] C:\WINDOWS\System32\Lev.exe
O4 - HKCU\..\Run: [Utp] C:\WINDOWS\System32\Ikf.exe
O4 - HKCU\..\Run: [Qqf] C:\WINDOWS\Oun.exe
O4 - HKCU\..\Run: [Nuf] C:\WINDOWS\Rhp.exe
O4 - HKCU\..\Run: [Jji] C:\WINDOWS\Cjc.exe
O4 - HKCU\..\Run: [Aki] C:\WINDOWS\System32\Sbg.exe
O4 - HKCU\..\Run: [Jcl] C:\WINDOWS\System32\Ihv.exe
O4 - HKCU\..\Run: [Mcc] C:\WINDOWS\Vmq.exe
O4 - HKCU\..\Run: [Kui] C:\WINDOWS\Bjh.exe
O4 - HKCU\..\Run: [Unk] C:\WINDOWS\Kqc.exe
O4 - HKCU\..\Run: [Fgv] C:\WINDOWS\System32\Usr.exe
O4 - HKCU\..\Run: [Stv] C:\WINDOWS\System32\Egl.exe
O4 - HKCU\..\Run: [Sth] C:\WINDOWS\System32\Pro.exe
O4 - HKCU\..\Run: [Pei] C:\WINDOWS\Bqp.exe
O4 - HKCU\..\Run: [Qmb] C:\WINDOWS\System32\Prs.exe
O4 - HKCU\..\Run: [Jlq] C:\WINDOWS\Kpp.exe
O4 - HKCU\..\Run: [Avp] C:\WINDOWS\Nlp.exe
O4 - HKCU\..\Run: [Lpi] C:\WINDOWS\Dqo.exe
O4 - HKCU\..\Run: [Iar] C:\WINDOWS\System32\Chb.exe
O4 - HKCU\..\Run: [Igo] C:\WINDOWS\System32\Ctt.exe
O4 - HKCU\..\Run: [Aak] C:\WINDOWS\Efv.exe
O4 - HKCU\..\Run: [Son] C:\WINDOWS\Ghd.exe
O4 - HKCU\..\Run: [Dep] C:\WINDOWS\Vpi.exe
O4 - HKCU\..\Run: [Lto] C:\WINDOWS\Naj.exe
O4 - HKCU\..\Run: [Svh] C:\WINDOWS\Nht.exe
O4 - HKCU\..\Run: [Hou] C:\WINDOWS\Bcn.exe
O4 - HKCU\..\Run: [Isj] C:\WINDOWS\Upu.exe
O4 - HKCU\..\Run: [Bsn] C:\WINDOWS\Imj.exe
O4 - HKCU\..\Run: [Qcc] C:\WINDOWS\Hvn.exe
O4 - HKCU\..\Run: [Vvp] C:\WINDOWS\Hct.exe
O4 - HKCU\..\Run: [Ttn] C:\WINDOWS\Bpv.exe
O4 - HKCU\..\Run: [Gah] C:\WINDOWS\Qvt.exe
O4 - HKCU\..\Run: [Pjv] C:\WINDOWS\Ebg.exe
O4 - HKCU\..\Run: [Qgl] C:\WINDOWS\Bhb.exe
O4 - HKCU\..\Run: [Vfd] C:\WINDOWS\Gha.exe
O4 - HKCU\..\Run: [Qol] C:\WINDOWS\Jid.exe
O4 - HKCU\..\Run: [Fag] C:\WINDOWS\System32\Sme.exe
O4 - HKCU\..\Run: [Peo] C:\WINDOWS\Bms.exe
O4 - HKCU\..\Run: [Lhd] C:\WINDOWS\System32\Ktc.exe
O4 - HKCU\..\Run: [Mjr] C:\WINDOWS\Dch.exe
O4 - HKCU\..\Run: [Knl] C:\WINDOWS\System32\Qlg.exe
O4 - HKCU\..\Run: [Emp] C:\WINDOWS\System32\Ord.exe
O4 - HKCU\..\Run: [Aru] C:\WINDOWS\Hpk.exe
O4 - HKCU\..\Run: [Jcn] C:\WINDOWS\System32\Iqg.exe
O4 - HKCU\..\Run: [Rlf] C:\WINDOWS\System32\Knn.exe
O4 - HKCU\..\Run: [Kjv] C:\WINDOWS\Mqq.exe
O4 - HKCU\..\Run: [Vda] C:\WINDOWS\Gqi.exe
O4 - HKCU\..\Run: [Tfk] C:\WINDOWS\System32\Vjl.exe
O4 - HKCU\..\Run: [Eob] C:\WINDOWS\System32\Tms.exe
O4 - HKCU\..\Run: [Eav] C:\WINDOWS\System32\Nnr.exe
O4 - HKCU\..\Run: [Vil] C:\WINDOWS\Npt.exe
O4 - HKCU\..\Run: [Fvi] C:\WINDOWS\Tik.exe
O4 - HKCU\..\Run: [Ifl] C:\WINDOWS\Kln.exe
O4 - HKCU\..\Run: [Old] C:\WINDOWS\Lol.exe
O4 - HKCU\..\Run: [Jao] C:\WINDOWS\System32\Ehi.exe
O4 - HKCU\..\Run: [Mte] C:\WINDOWS\Rtl.exe
O4 - HKCU\..\Run: [Qrm] C:\WINDOWS\System32\Lrk.exe
O4 - HKCU\..\Run: [Dfi] C:\WINDOWS\Usa.exe
O4 - HKCU\..\Run: [Tih] C:\WINDOWS\Nio.exe
O4 - HKCU\..\Run: [Ssc] C:\WINDOWS\Idp.exe
O4 - HKCU\..\Run: [Uqt] C:\WINDOWS\Ton.exe
O4 - HKCU\..\Run: [Bjd] C:\WINDOWS\System32\Qch.exe
O4 - HKCU\..\Run: [Uhb] C:\WINDOWS\System32\Ktt.exe
O4 - HKCU\..\Run: [Eti] C:\WINDOWS\System32\Qae.exe
O4 - HKCU\..\Run: [Gpb] C:\WINDOWS\System32\Vsq.exe
O4 - HKCU\..\Run: [Olf] C:\WINDOWS\Bfc.exe
O4 - HKCU\..\Run: [Ecp] C:\WINDOWS\Giu.exe
O4 - HKCU\..\Run: [Ere] C:\WINDOWS\System32\Fua.exe
O4 - HKCU\..\Run: [Sqv] C:\WINDOWS\System32\Pts.exe
O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Kvc.exe
O4 - HKCU\..\Run: [Kaj] C:\WINDOWS\Ivn.exe
O4 - HKCU\..\Run: [IDMan] C:\PROGRA~1\INTERN~2\IDMan.exe /onboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb033
O8 - Extra context menu item: Download All Links with IDM - C:\PROGRA~1\INTERN~2\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

Seems there's lots here that needs checking!!

Here's the result from Rootkitrevealer:

HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*   9/4/2005 3:16 PM   0 bytes   Key name contains embedded nulls (*)
HKLM\SOFTWARE\Sonic Desktop Software\Common\LibraryFilesFolder   9/5/2005 6:24 PM   87 bytes   Data mismatch between Windows API and raw hive data.

Thanks again,
Jarcy

8

Tech Clinic / SmartSecurity and other problems

« on: November 08, 2005, 06:39:35 PM »

Hi Guestolo,

I've contacted Mesh and got the full repair / XP reinstall instructions, so I'm prepared if this proves the best route to take. Have also ordered a second hard drive to archive all passive files prior to any reinstall (my existing drive was nearing full anyway). My recovery CD IS the full version of XP Pro, so no problems there. Should also have all drivers.

Have run  aproposfix.exe in Safe mode.
Here's the Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 10:58:48 PM, on 11/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\John Canfield\My Documents\Download Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [IFSplash] ImmSplsh.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab

And here is the log.txt file from aproposfix:

Log of AproposFix v1
 
************
 
Running from directory:  
C:\Documents and Settings\John Canfield\Desktop\aproposfix
 
************
 
Registry entries found:
 
 
************
 
No service found!
 
Removing hidden folder:
No folder found!
 
Deleting files:
 
 
Backing up files:
Done!
 
Removing registry entries:
 
REGEDIT4
 
 
Done!
 
Finished!

And here is Open Hosts file manager from Hijackthis:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

Nothing seems to indicate much to me.
However did notice a process running of:
Windows\Explorer.EXE
Isn't this likely to be a virus when running from this folder?

Regarding general system performance, the obvious problems are as follows:

1. McAfee Virus Scan can't be run and crashes every time you try to enable the tool. What's more, any automated instant update reminders also crash before they load. This leads me to believe I've got a nasty virus which targets McAfee to avoid me capturing it.

2. MS Word won't open and crashes. MS Excel will open and you can use a spreadsheet. However you can't open an existing saved file and Excel duly crashes. I have noticed that a comment in the bottom left hand corner say's "requesting virus scan" just prior to Excel crashing. Linked to McAfee perhaps? Powerpoint won't open any saved files.

3. The white borders around open windows has turned a grey/buff colour. This has occured only in the last 2 weeks since starting this troubleshooting! Looks quite nice, but not my doing!

4. If I switch user in XP to my wife's profile, the system slows considerably, and often stalls. (perhaps I know who to blame for dodgy files/emails or poor firewall decisions http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' /> ).

5. I received this email recently. Has someone hijacked my machine?:-
---------
Your question has been received. You should expect a response from us
within 24 hours.

You MUST enter your reply in the space below. Text entered into any
other part of this message will be discarded and your question may not
then be fully answered.

[===> Please enter your reply below this line <===]

[===> Please enter your reply above this line <===]

To update your question from our support site, click on the following
link or paste it into your Web browser.
http://holidayautos.custhelp.com/cgi-bin/h...ated=1131040545


question reference no051103-000544
---------------------------------------------------------------
           Summary: Mail System Error - Returned Mail
      date created: 03/11/2005 05:55 PM
      Last Updated: 03/11/2005 05:55 PM
            Status: Unresolved
Booking Reference :
Spain or Portugal?:

Discussion Thread
---------------------------------------------------------------
Customer - 03/11/2005 05:55 PM
Dear user [email protected],

We have found that your account was used to send a large amount of spam during this week.
Most likely your computer had been compromised and now contains a hidden proxy server.

Please follow instructions in order to keep your computer safe.

Best regards,
The mailnj.custhelp.com support team.

==================== application File Attachment ====================
[email protected], 28938 bytes, added to incident


[---001:001315:56836---]
-------------
I also received another email from Holiday Autos advising that an account had been set up in my name, listing my email address. I've never had any contact with this company!

All other software I've tried seems to run fine. Tried Pinnacle Studio 9 (which is very memory and power hungry) but this worked as usual.



Thanks for all your help. Any hope, or is it getting towards starting again from scratch?

Cheers, Jarcy.

9

Tech Clinic / SmartSecurity and other problems

« on: November 06, 2005, 07:55:52 PM »

Sorry, I managed to double post my last message!

I'm willing to pay for a further year's McAffee subscription, unless you recommend your other source in preference. However, I don't want to take down my firewall until I've got something to replace it with lined up.

My PC didn't come with the full CD version of XP, only a "Recovery CD-Rom". However I've browsed the contents and it looks to all intents and purposes like a proper XP installation disc. - It has the options Install, or Upgrade. I haven't followed through the procedure yet as I need to spend some time backing up files, but I didn't see the setup option to repair. Does it sound like this is the CD that I need for this procedure, or should I contact my PC manufacturers' support desk for confirmation?

Thanks, Jarcy.

10

Tech Clinic / SmartSecurity and other problems

« on: November 06, 2005, 07:22:25 PM »

Guestolo,

OK I've run the tool. It didn't find anything. (Just stopped when it had finished). Anything else to try?

Thanks
Jarcy

11

Tech Clinic / SmartSecurity and other problems

« on: November 06, 2005, 03:49:53 PM »

Guestolo,

OK I've run the tool. It didn't find anything. (Just stopped when it had finished). Anything else to try?

Thanks
Jarcy

12

Tech Clinic / SmartSecurity and other problems

« on: November 06, 2005, 02:34:26 PM »

Guestolo,
Many thanks for coming back to this.

I couldn't find Host file manager with Hijackthis. The only report I could find with Misc Tools was Gerenate Startuplist Log. Did you mean this? I'm posting the result here. (I did notice that c:windows\explorer.exe is running. Is this a virus in this location?):

StartupList report, 11/6/2005, 7:10:05 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\John Canfield\My Documents\Download Software\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\John Canfield\My Documents\Download Software\HijackThis.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

UpdReg = C:\WINDOWS\UpdReg.EXE
SBDrvDet = C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
CTSysVol = C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
CTHelper = CTHELPER.EXE
CTDVDDET = C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
Creative WebCam Tray = C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
Camera Detector = C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
AsioReg = REGSVR32.EXE /S CTASIO.DLL
HPHUPD05 = C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 = C:\WINDOWS\System32\hphmon05.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
HP Software Update = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
MCAgentExe = C:\Program Files\McAfee.com\Agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
McAfee Guardian = "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
VirusScanMSC = "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
IFSplash = ImmSplsh.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

RemoteCenter = C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll - {C56CB6B0-0D96-11D6-8C65-B2868B609932}

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (STUDYSERVER-Adam Canfield).job
McAfee.com Update Check (STUDYSERVER-John Canfield).job
McAfee.com Update Check (STUDYSERVER-Samuel Canfield).job
McAfee.com Update Check (STUDYSERVER-Sue Canfield).job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[UploaderCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\atl_uploader.dll
CODEBASE = http://members14.clubphoto.com/_img/upload...tl_uploader.cab

[PlxInstall Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PlaxoInstall.dll
CODEBASE = http://down.plaxo.com/down/release/PlaxoInstall.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[CheckNDownload Class]
CODEBASE = http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
OSD = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\TEInstallPlugIn.osd

[TerraExplorer Class]
CODEBASE = http://www.skylinesoft.com/interactive/ter.../install/TE.cab
OSD = C:\WINDOWS\Downloaded Program Files\TE.osd

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab

[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[Secure Delivery]
CODEBASE = http://www.gamespot.com/KDX22/download/kdx.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #22: xfire_lsp_9028.dll (file MISSING)
Protocol #23: xfire_lsp_9028.dll (file MISSING)
Protocol #24: xfire_lsp_9028.dll (file MISSING)
Protocol #25: xfire_lsp_9028.dll (file MISSING)
Protocol #26: xfire_lsp_9028.dll (file MISSING)
Protocol #48: xfire_lsp_9028.dll (file MISSING)

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,424 bytes
Report generated in 0.047 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

The file in Jotti seemed OK. Here's the result:

Jotti's malware scan 2.99-TRANSITION_TO_3.00
 
File to upload & scan:          
Service  
Service load:  0%        100%  
 
File:  WININET.DLL  
Status:  OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  4f64d1df989e3aa2fad91a2f1167b9c7  
Packers detected:  -
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing

I can't run Panda! when I try to install Panda ActiveScan, my browser crashes (as with Office McAfee etc) and I get the same old "Internet Explorer has encountered a problem and needs to close".
This is so frustrating!

Any other suggestions gratefully received.

Thanks again.
Jarcy

13

Tech Clinic / SmartSecurity and other problems

« on: November 06, 2005, 10:42:40 AM »

Guestolo / Anyone,

Has anyone got any ideas as to why my McAfee Virusscan and MS Office products (Word / Excel) crash every time I try to open them?

Thanks,

Jarcy

14

Tech Clinic / SmartSecurity and other problems

« on: November 02, 2005, 11:20:09 AM »

Guestolo,

I've also uninstalled Kazaa.
Any ideas what to try next?

Many thanks!

Jarcy

15

Tech Clinic / SmartSecurity and other problems

« on: October 31, 2005, 05:41:49 PM »

Here's the result from Jotti's malware scan of the suspicious file. Looks like a bug. Shall I delete the file?

Service  
Service load:  0%        100%  
 
File:  745625.exe  
Status:  INFECTED/MALWARE  
MD5  92ec1464b5bc22a409d7ccd16439cce6  
Packers detected:  UPX
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found Dropped:Trojan.Small.DL  
ClamAV  Found Trojan.Clicker.Small-45  
Dr.Web  Found DLOADER.Trojan (probable variant)  
F-Prot Antivirus  Found unknown virus (probable variant)  
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
   
Regarding McAfee & Office, of course willing to reinstall. However tried this earlier (before asking for help here) and it made no difference.
With McAfee Internet Security, my annual subscription is due up sometime in October, so must be due for renewal now. However, when I last reinstalled (2 - 3 weeks ago) I WAS able to update Firewall. Only the Virus Scan fails to function. Whereas I usually get reminder popups from McAfee to purchase my annual renewal, these are also crashing every time I log on. This leads me to suspect that I've got a clever bug that prevents me from updating or using my virus scanner. Therefore I don't know if I'm even able to renew my McAfee license.
Why Office has started to behave in this manner, I have no idea.

Any more ideas would be gratefully received.

Many thanks again,
Jarcy.

16

Tech Clinic / SmartSecurity and other problems

« on: October 27, 2005, 06:52:21 PM »

I've deleted 150468.exe.
Also noticed 745625.exe in the same folder. Does this look suspicious?

Pretty sure I haven't truncated the Mwav report, but have rerun and posted the results here: This time 16 viruses and 157 errors:

Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "slchost Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tsl Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Ulead Systems\MPEG\uvAC3Enc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3AN32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\Hdk3anim.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3CTNT.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCIRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MFC42.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Support\Readme (CZ).rtf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "%JavaDir%\QTJava.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\arcsoft.exe" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\arcsoft.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CDWizard.exe" refers to invalid object "c:\program files\pinnacle\studio 8\programs\CDWizard.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CLaunch.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CMGrdian.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\GS4.exe" refers to invalid object "C:\Program Files\ubi.com\GS4.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Ipe40.exe" refers to invalid object "C:\WINDOWS\Ipe40.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nvarem.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVRemote\nvarem.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NvSkins.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVDVD\NvSkins.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer.exe" refers to invalid object "C:\Program Files\Infogrames\Grand Prix 4\Racer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer95.exe" refers to invalid object "C:\Program Files\Microprose\Grand Prix 3\Racer95.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Schedwiz.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Toca2.exe" refers to invalid object "C:\Codemasters\Toca2\Toca2.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\USB Driver for Panasonic DVC (with Web Camera)" refers to invalid object "C:\WINDOWS\INF\USB Driver for Panasonic DVC (with Web Camera)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Temporary File Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".016". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".05". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".axe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".conf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dtl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MRK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nv!". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pvm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".UK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vca". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VM1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".x32". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Best Search Engine!!!". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood FX 4.6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA nForce Drivers". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Search Relevancy". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali Internet Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali_uk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "untopr1150". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows ControlAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows TaskAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{53EF6570-21A4-47ED-A40A-E6470A5677A3}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{02D892F7-E5D4-41E3-9988-B9155BF800FE}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{07B18EA2-A523-4961-B6BB-170DE4475CCA}" refers to invalid object "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487523-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487524-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{27A9F557-B690-4798-BF58-EF69433366E6}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39B7FAEB-68FE-4A52-A25F-5F896B088C7E}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B4B40F0-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{578D8287-FB03-466E-A404-DD772E6CBEAE}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F474F98-82D9-4694-9073-54FBCE4C9035}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FFC1326-E077-44E7-8935-7F09F3F19FE4}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9502B2C1-553A-46AF-8F26-FE29CED44720}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9FECC4D5-A7AC-4C85-B15A-4B933AC0CD5D}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A48985C9-9602-412D-88CD-7E3D2E111C40}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B2EA5AEB-5BA3-47C9-95F3-42D63F2326AC}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE6663AD-B0FD-4BFA-AD94-CFD678B927C3}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD0F275B-050F-4568-8578-A852AC432622}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2295278-994F-42A7-BC23-5722CECA2063}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A6FAF0-072E-44CF-8957-5838F569A31D}" refers to invalid object "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06337C1A-C69C-4371-A2F7-A41DBAEAED49}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{07293E71-EAE0-4FEA-9F92-5BD92325E790}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{18331E46-35A5-4CEE-846C-BA7DB913865B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1A39043E-45C8-4075-867E-6D0E090A5DFA}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\InlineMultimedia.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B487520-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\Program Files\Superscape\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2D81B49D-4646-4CB1-AE1B-3F3CF6429134}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3905C537-264D-4350-A328-CC2DD483A9A4}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4B4B40F2-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{65A6BB6D-78D0-4E0A-824D-2DE1E0D154AF}" refers to invalid object "C:\PROGRA~1\SEARCH~1\SearchRelevancy1.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{71C7B265-C6F6-459A-929F-1E3085A3CB4B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{758767F5-A4A5-4935-BCB5-517387C78DB8}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MARQUEELib.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{86018373-D939-4CDA-A130-A7C4C1600C0F}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\PPT8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{920ED957-862F-4CCE-B168-0BA8451F3E1C}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A5E16CA3-1C8F-4DB0-BE3F-67E8E9FD593D}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CB850722-F2D1-4236-BB9D-85BDC2D7B854}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DBD9915A-C650-4CFE-AF5E-670A05AEF680}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FA91240E-B719-42B7-BB70-5908A0A5E776}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ATLPlugin.ATL3DPage_d2.1" refers to invalid object "{cc10ddda-2452-4598-a6c4-f9f2f0b6a758
}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\LeechGet Download Queue\shell\open\command" refers to invalid object ""C:\Program Files\LeechGet 2005\LeechGet.exe" -import "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\TesCsFile\shell\open\command" refers to invalid object "C:\Program Files\Bethesda Softworks\Morrowind\\TES3 Construction Set.exe". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.


P.S. Should I uninstall Kazaa? Have already removed P2PNetworking.
Thanks again, Jarcy.

17

Tech Clinic / SmartSecurity and other problems

« on: October 27, 2005, 02:57:30 PM »

Guestolo,

Excellent, my desktop is restored and all of the old icons have return! No more doubling up of icons. Big thank you!

Also notepad now works.

These problems still exists: Any ideas?

2. Word crashes each time I try to start it. Unistalling Office, and reinstalling didn't solve this problem.
3. Excel crashes every time I try to open a file, although you can successfully start and work on a new file.
5. McAfee Virus Scan crashes every time you try to enable it. Firewall appears to work fine though.

Here's the result of the Mwav virus scan. - 15 viruses and 157 errors.

Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "slchost Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tsl Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Ulead Systems\MPEG\uvAC3Enc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3AN32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\Hdk3anim.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\HDK3CTNT.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCIRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MFC42.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\FileGrp\MSVCRT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Support\Readme (CZ).rtf". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "%JavaDir%\QTJava.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\arcsoft.exe" refers to invalid object "C:\Program Files\ArcSoft\Software Suite\arcsoft.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CDWizard.exe" refers to invalid object "c:\program files\pinnacle\studio 8\programs\CDWizard.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CLaunch.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CMGrdian.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\GS4.exe" refers to invalid object "C:\Program Files\ubi.com\GS4.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Ipe40.exe" refers to invalid object "C:\WINDOWS\Ipe40.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\nvarem.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVRemote\nvarem.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NvSkins.exe" refers to invalid object "C:\Program Files\NVIDIA Corporation\NVDVD\NvSkins.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer.exe" refers to invalid object "C:\Program Files\Infogrames\Grand Prix 4\Racer.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Racer95.exe" refers to invalid object "C:\Program Files\Microprose\Grand Prix 3\Racer95.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Schedwiz.exe" refers to invalid object "". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Toca2.exe" refers to invalid object "C:\Codemasters\Toca2\Toca2.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\USB Driver for Panasonic DVC (with Web Camera)" refers to invalid object "C:\WINDOWS\INF\USB Driver for Panasonic DVC (with Web Camera)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe" refers to invalid object "C:\Program Files\EPSON\Smart Panel\yourapp.Exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Temporary File Cache\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".016". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".05". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".axe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".class". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".conf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dtl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lst". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MRK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nv!". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pk3". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pvm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".scn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".UK". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vca". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VM1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".x32". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Personal". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Best Search Engine!!!". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hollywood FX 4.6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA nForce Drivers". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Search Relevancy". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali Internet Access". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tiscali_uk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "untopr1150". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows ControlAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows TaskAd". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{53EF6570-21A4-47ED-A40A-E6470A5677A3}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600211}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{02D892F7-E5D4-41E3-9988-B9155BF800FE}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{07B18EA2-A523-4961-B6BB-170DE4475CCA}" refers to invalid object "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487523-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1B487524-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\PROGRA~1\SUPERS~1\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{27A9F557-B690-4798-BF58-EF69433366E6}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39B7FAEB-68FE-4A52-A25F-5F896B088C7E}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B4B40F0-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{578D8287-FB03-466E-A404-DD772E6CBEAE}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F474F98-82D9-4694-9073-54FBCE4C9035}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FFC1326-E077-44E7-8935-7F09F3F19FE4}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9502B2C1-553A-46AF-8F26-FE29CED44720}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9FECC4D5-A7AC-4C85-B15A-4B933AC0CD5D}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A48985C9-9602-412D-88CD-7E3D2E111C40}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B2EA5AEB-5BA3-47C9-95F3-42D63F2326AC}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE6663AD-B0FD-4BFA-AD94-CFD678B927C3}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CD0F275B-050F-4568-8578-A852AC432622}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2295278-994F-42A7-BC23-5722CECA2063}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A6FAF0-072E-44CF-8957-5838F569A31D}" refers to invalid object "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06337C1A-C69C-4371-A2F7-A41DBAEAED49}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{07293E71-EAE0-4FEA-9F92-5BD92325E790}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{18331E46-35A5-4CEE-846C-BA7DB913865B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1A39043E-45C8-4075-867E-6D0E090A5DFA}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\InlineMultimedia.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B487520-BEC2-11CF-BF9E-0020AF998FF5}" refers to invalid object "C:\Program Files\Superscape\Viscape\vrtocx.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2D81B49D-4646-4CB1-AE1B-3F3CF6429134}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3905C537-264D-4350-A328-CC2DD483A9A4}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4B4B40F2-C9DF-11D4-AA54-00104B49C4F0}" refers to invalid object "D:\R2ctlNS.OCX". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{65A6BB6D-78D0-4E0A-824D-2DE1E0D154AF}" refers to invalid object "C:\PROGRA~1\SEARCH~1\SearchRelevancy1.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{71C7B265-C6F6-459A-929F-1E3085A3CB4B}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{758767F5-A4A5-4935-BCB5-517387C78DB8}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Word8.0\MARQUEELib.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{86018373-D939-4CDA-A130-A7C4C1600C0F}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\PPT8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{920ED957-862F-4CCE-B168-0BA8451F3E1C}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A5E16CA3-1C8F-4DB0-BE3F-67E8E9FD593D}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CB850722-F2D1-4236-BB9D-85BDC2D7B854}" refers to invalid object "C:\Program Files\Internet\setupctl.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DBD9915A-C650-4CFE-AF5E-670A05AEF680}" refers to invalid object "C:\DOCUME~1\JOHNCA~1\LOCALS~1\Temp\Excel8.0\SHDocVw.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FA91240E-B719-42B7-BB70-5908A0A5E776}" refers to invalid object "C:\DOCUME~1\SUECAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.
Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\ATLPlugin.ATL3DPage_d2.1" refers to invalid object "{cc10ddda-2452-4598-a6c4-f9f2f0b6a758
}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\LeechGet Download Queue\shell\open\command" refers to invalid object ""C:\Program Files\LeechGet 2005\LeechGet.exe" -import "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\TesCsFile\shell\open\command" refers to invalid object "C:\Program Files\Bethesda Softworks\Morrowind\\TES3 Construction Set.exe". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\System32\150468.exe infected by "Trojan.Win32.Zapchast" Virus! Action Taken: No Action Taken.

Thanks again for your help.

Jarcy

18

Tech Clinic / SmartSecurity and other problems

« on: October 26, 2005, 03:11:23 PM »

Gustolo,

OK, here goes with my progress:

Could open fix.zip using the windows XP tool, but not smitRem.zip, so unzipped at work, and copied to my machine by memory stick.

SmitRem ran, but the disk cleanup seemed to crash - just exited and didn't even complete the initial disc scan.
So restarted disk cleanup from System Tools. I left it running for 24 hours, but still seemed nowhere near finished, so cancelled the operation. (it seemed to have stopped doing anything, and hadn't moved for a good 12 hours). Initial scan reported 40odd gig of files to clean!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> If I restart now, still 27gig found.
Should I persevere to the end with disk cleanup? Is it ok to run it overnight repeatedly until it's worked it's way throught the files? i.e. keep starting and stopping it.

Good news is that Right Click on the desk top now works! Thanks!!

Problems that still exist are:

1. Doubled desktop icons (legacy of SmartSecurity)
2. Word crashes each time I try to start it. Unistalling Office, and reinstalling didn't solve this problem.
3. Excel crashes every time I try to open a file, although you can successfully start and work on a new file.
4. Notepad.exe seems to be missing. Notepad won't start.
5. McAfee Virus Scan crashes every time you try to enable it. Firewall appears to work fine though.

Here's Smitfile.txt


   smitRem log file
     version 2.7

     by noahdfear

The current date is: Tue 10/25/2005
The current time is: 23:08:10.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files

 ~~~ Program Files ~~~
 ~~~ Shortcuts ~~~
 ~~~ Favorites ~~~
 ~~~ system32 folder ~~~
 ~~~ Icons in System32 ~~~
 ~~~ Windows directory ~~~
 ~~~ Drive root ~~~
 ~~~ Miscellaneous Files/folders ~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Remaining Post-run Files

 ~~~ Program Files ~~~
 ~~~ Shortcuts ~~~
 ~~~ Favorites ~~~
 ~~~ system32 folder ~~~
 ~~~ Icons in System32 ~~~
 ~~~ Windows directory ~~~
 ~~~ Drive root ~~~
 ~~~ Miscellaneous Files/folders ~~~
 ~~~ Wininet.dll ~~~

 CLEAN! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

And HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:04:53 PM, on 10/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

Thanks again for your help.
Jarcy.

19

Tech Clinic / SmartSecurity and other problems

« on: October 24, 2005, 05:02:12 PM »

Guestolo,

Thanks again. Had a problem opening the 2 files:- Smitrem.zip and Fix.zip. Winzip failed to open these and stated "Does not appear to be a valid archive". Do I need to buy the full version of Winzip in order to open these files? I thought anyone should be able to open a downloaded zipped file.

Thanks, Jarcy.

20

Tech Clinic / SmartSecurity and other problems

« on: October 23, 2005, 04:14:04 PM »

Hi Gustolo,

Thanks again for your continued support!

Here's my HijactThis log and Search.bat:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:25 PM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LeechGet 2005\LeechGet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2005\\Parser.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9646D4D8-EAA9-43AC-BD57-FC13D25381EE} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members14.clubphoto.com/_img/upload...tl_uploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/ter...stallPlugIn.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.skylinesoft.com/interactive/ter.../install/TE.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Internet Security (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsu[censored]a Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

SEARCH.BAT:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTHelper"="CTHELPER.EXE"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"Camera Detector"="C:\\PROGRA~1\\ACDSYS~1\\DEVDET~1\\DEVDET~1.EXE -autorun"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MCAgentExe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\mcupdate.exe"
"McAfee Guardian"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU"
"VirusScanMSC"="\"C:\\Program Files\\McAfee\\McAfee VirusScan\\VSStat.exe\" /EMBEDDING"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoHTMLWallPaper"=dword:00000000
"NoChangingWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoViewContextMenu"=dword:00000002
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"LoadedBefore"="1"
"ThemeActive"="1"
"LastUserLangID"="1033"
"DllName"=hex(2):25,00,00,00,53,00,00,00,79,00,00,00,73,00,00,00,74,00,00,00,\
  65,00,00,00,6d,00,00,00,52,00,00,00,6f,00,00,00,6f,00,00,00,74,00,00,00,25,\
  00,00,00,5c,00,00,00,72,00,00,00,65,00,00,00,73,00,00,00,6f,00,00,00,75,00,\
  00,00,72,00,00,00,63,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,54,00,00,\
  00,68,00,00,00,65,00,00,00,6d,00,00,00,65,00,00,00,73,00,00,00,5c,00,00,00,\
  6c,00,00,00,75,00,00,00,6e,00,00,00,61,00,00,00,5c,00,00,00,6c,00,00,00,75,\
  00,00,00,6e,00,00,00,61,00,00,00,2e,00,00,00,6d,00,00,00,73,00,00,00,73,00,\
  00,00,74,00,00,00,79,00,00,00,6c,00,00,00,65,00,00,00,73,00,00,00,00,00,00,\
  00
"ColorName"="NormalColor"
"SizeName"="NormalSize"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
  00,00,01,00,00,00

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallpaper"=dword:00000000
"NoComponents"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoHTMLWallPaper"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoViewContextMenu"=dword:00000002

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000


There was plenty to check through HijackThis. Hopefully you can see the wood for the trees now!
Many thanks again.

Jarcy.