Show Posts

1

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 30, 2005, 12:57:58 PM »

L2MFIX find log 1.04a
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read     BUILTIN\Users
(ID-IO) ALLOW Read     BUILTIN\Users
(ID-NI) ALLOW Full access    BUILTIN\Administrators
(ID-IO) ALLOW Full access    BUILTIN\Administrators
(ID-NI) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access    CREATOR OWNER

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A470D353-BFC3-CD9D-F4C7-914EC5B08072}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{063FDFED-6FD9-407C-8E6A-1EFA75CBCCD5}"=""
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shredding Utility"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler"

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

F:\WINDOWS\SYSTEM32\
cmdlin~1.dll Mon Oct 3 2005 7:21:06p A.... 43,520 42.50 K
cmdlin~2.dll Thu Sep 29 2005 5:36:32p A.... 98,304 96.00 K
msssc.dll Sat Oct 15 2005 8:42:00p A.... 44 0.04 K
sporder.dll Sat Sep 24 2005 3:17:28p A.... 8,464 8.27 K

4 items found: 4 files, 0 directories.
Total of file sizes: 150,332 bytes 146.81 K
Locate .tmp files:

No matches found.
********************************************************************************
**
Directory Listing of system files:
Volume in drive F has no label.
Volume Serial Number is DCD8-C4C7

Directory of F:\WINDOWS\System32

10/30/2005 09:52 AM <DIR> dllcache
06/18/2005 02:01 PM 475 oqjsiiz.dll
06/18/2005 01:23 PM 475 orokg.dll
06/18/2005 11:40 AM 475 jrdei.dll
06/18/2005 10:11 AM 475 glarjx.dll
06/17/2005 08:56 PM 475 vluoug.dll
06/17/2005 08:00 PM 475 nvip.dll
06/16/2005 10:08 PM 475 foit.dll
06/13/2005 05:51 AM 475 qzicfkb.dll
06/12/2005 06:38 PM 475 azcefal.dll
04/22/2005 10:45 PM 56 BECECFD760.sys
01/09/2005 06:02 PM <DIR> Microsoft
10 File(s) 4,331 bytes
2 Dir(s) 9,485,897,728 bytes free

2

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 29, 2005, 08:27:50 PM »

Volume in drive F has no label.
Volume Serial Number is DCD8-C4C7

Directory of F:\WINDOWS\Resources\Themes

07/12/2005 07:48 PM <DIR> .
07/12/2005 07:48 PM <DIR> ..
07/12/2005 07:01 PM <DIR> 521
01/10/2005 03:12 PM 432 521-advance4-2.theme
01/10/2005 03:12 PM 545 521-minus4-2.theme
07/12/2005 07:01 PM <DIR> Blade
01/10/2005 03:12 PM 1,091 Blade.Theme
01/10/2005 03:12 PM 937,299 Chronos.logonxp
07/12/2005 07:51 PM 1,212 Current.theme
07/12/2005 07:01 PM <DIR> Eclipse
01/10/2005 03:12 PM 549 Eclipse.Theme
07/12/2005 07:01 PM <DIR> Gem
01/10/2005 03:12 PM 2,915 Gem.Theme
10/23/2005 11:04 AM <DIR> Luna
09/03/2002 09:39 AM 1,222 Luna.theme
07/12/2005 07:01 PM <DIR> Panther
01/10/2005 03:12 PM 551 Panther.theme
01/10/2005 03:12 PM 552 Pantherg.theme
01/10/2005 03:12 PM 1,224,203 Sorrow Logon.logonxp
10/29/2005 03:15 PM <DIR> WaterColor
01/10/2005 03:12 PM 905 Watercolor Blue.theme
01/10/2005 03:12 PM 3,887 Watercolor Ergonomic.theme
01/10/2005 03:12 PM 899 Watercolor Olive Green.theme
01/10/2005 03:12 PM 3,884 Watercolor Silver.theme
09/03/2002 09:28 AM 3,025 Windows Classic.theme
07/12/2005 07:01 PM <DIR> Wisp
01/10/2005 03:12 PM 1,065 Wisp.Theme
17 File(s) 2,184,236 bytes

Directory of F:\WINDOWS\Resources\Themes\521

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 839,824 521.msstyles
01/10/2005 03:12 PM 52 521design.url
01/10/2005 03:12 PM 61 futuregraphicdesign.url
01/10/2005 03:12 PM 397 readme.txt
07/12/2005 07:01 PM <DIR> shell
07/12/2005 07:01 PM <DIR> wp
4 File(s) 840,334 bytes

Directory of F:\WINDOWS\Resources\Themes\521\shell

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> minus2
07/12/2005 07:01 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\521\shell\minus2

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 25,600 shellstyle.dll
1 File(s) 25,600 bytes

Directory of F:\WINDOWS\Resources\Themes\521\shell\normalcolor

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 26,112 shellstyle.dll
1 File(s) 26,112 bytes

Directory of F:\WINDOWS\Resources\Themes\521\wp

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 3,140 minus4-2.gif
1 File(s) 3,140 bytes

Directory of F:\WINDOWS\Resources\Themes\Blade

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 1,753,232 Blade.msstyles
07/12/2005 07:01 PM <DIR> Icons
07/12/2005 07:01 PM <DIR> shell
07/12/2005 07:01 PM <DIR> User Icon
07/12/2005 07:01 PM <DIR> Wallpaper
1 File(s) 1,753,232 bytes

Directory of F:\WINDOWS\Resources\Themes\Blade\Icons

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 159,990 BIN Empty.ico
01/10/2005 03:12 PM 159,990 BIN Full.ico
01/10/2005 03:12 PM 162,566 Internet Explorer.ico
01/10/2005 03:12 PM 162,566 My Computer.ico
01/10/2005 03:12 PM 162,566 My Documents.ico
01/10/2005 03:12 PM 162,566 My Network.ico
01/10/2005 03:12 PM 516 Permission.txt
7 File(s) 970,760 bytes

Directory of F:\WINDOWS\Resources\Themes\Blade\shell

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\Blade\shell\normalcolor

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 400,384 shellstyle.dll
1 File(s) 400,384 bytes

Directory of F:\WINDOWS\Resources\Themes\Blade\User Icon

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 6,966 Blade User Icon.bmp
1 File(s) 6,966 bytes

Directory of F:\WINDOWS\Resources\Themes\Blade\Wallpaper

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 61,239 Blade.jpg
1 File(s) 61,239 bytes

Directory of F:\WINDOWS\Resources\Themes\Eclipse

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 1,912,976 Eclipse.msstyles
07/12/2005 07:01 PM <DIR> shell
07/12/2005 07:01 PM <DIR> Wallpaper
1 File(s) 1,912,976 bytes

Directory of F:\WINDOWS\Resources\Themes\Eclipse\shell

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\Eclipse\shell\normalcolor

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 924,672 shellstyle.dll
1 File(s) 924,672 bytes

Directory of F:\WINDOWS\Resources\Themes\Eclipse\Wallpaper

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 113,897 Eclipse.jpg
1 File(s) 113,897 bytes

Directory of F:\WINDOWS\Resources\Themes\Gem

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 1,704,080 Gem.msstyles
07/12/2005 07:01 PM <DIR> Icons
07/12/2005 07:01 PM <DIR> shell
07/12/2005 07:01 PM <DIR> Wallpaper
1 File(s) 1,704,080 bytes

Directory of F:\WINDOWS\Resources\Themes\Gem\Icons

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 176,134 BIN Empty.ico
01/10/2005 03:12 PM 176,134 BIN Full.ico
01/10/2005 03:12 PM 176,134 Internet Explorer.ico
01/10/2005 03:12 PM 176,134 My Computer.ico
01/10/2005 03:12 PM 176,134 My Documents.ico
01/10/2005 03:12 PM 176,134 My Network.ico
01/10/2005 03:12 PM 307 Permission.txt
7 File(s) 1,057,111 bytes

Directory of F:\WINDOWS\Resources\Themes\Gem\shell

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\Gem\shell\normalcolor

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 282,624 shellstyle.dll
1 File(s) 282,624 bytes

Directory of F:\WINDOWS\Resources\Themes\Gem\Wallpaper

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 54,703 Gem.jpg
1 File(s) 54,703 bytes

Directory of F:\WINDOWS\Resources\Themes\Luna

10/23/2005 11:04 AM <DIR> .
10/23/2005 11:04 AM <DIR> ..
01/09/2005 10:37 AM <DIR> Shell
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\Luna\Shell

01/09/2005 10:37 AM <DIR> .
01/09/2005 10:37 AM <DIR> ..
01/09/2005 10:38 AM <DIR> Homestead
01/09/2005 10:38 AM <DIR> Metallic
01/09/2005 10:37 AM <DIR> NormalColor
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

01/09/2005 10:38 AM <DIR> .
01/09/2005 10:38 AM <DIR> ..
09/03/2002 09:34 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes

Directory of F:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

01/09/2005 10:38 AM <DIR> .
01/09/2005 10:38 AM <DIR> ..
09/03/2002 09:41 AM 362,496 shellstyle.dll
1 File(s) 362,496 bytes

Directory of F:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

01/09/2005 10:37 AM <DIR> .
01/09/2005 10:37 AM <DIR> ..
09/03/2002 09:28 AM 361,472 shellstyle.dll
1 File(s) 361,472 bytes

Directory of F:\WINDOWS\Resources\Themes\Panther

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 2,801,808 Panther.msstyles
07/12/2005 07:01 PM <DIR> shell
07/12/2005 07:01 PM <DIR> Wallpaper
1 File(s) 2,801,808 bytes

Directory of F:\WINDOWS\Resources\Themes\Panther\shell

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> normalcolor
07/12/2005 07:01 PM <DIR> pantherb
07/12/2005 07:01 PM <DIR> pantherg
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\Panther\shell\normalcolor

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 939,008 shellstyle.dll
1 File(s) 939,008 bytes

Directory of F:\WINDOWS\Resources\Themes\Panther\shell\pantherb

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 939,008 shellstyle.dll
1 File(s) 939,008 bytes

Directory of F:\WINDOWS\Resources\Themes\Panther\shell\pantherg

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 939,008 shellstyle.dll
1 File(s) 939,008 bytes

Directory of F:\WINDOWS\Resources\Themes\Panther\Wallpaper

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 133,256 Aqua_Blue.jpg
01/10/2005 03:12 PM 115,821 Aqua_Graphite.jpg
2 File(s) 249,077 bytes

Directory of F:\WINDOWS\Resources\Themes\WaterColor

10/29/2005 03:15 PM <DIR> .
10/29/2005 03:15 PM <DIR> ..
01/10/2005 03:12 PM 5,358 ReadMe.html
01/10/2005 03:12 PM 25,214 RecycleBinEmpty.ico
01/10/2005 03:12 PM 25,214 RecycleBinFull.ico
07/12/2005 07:01 PM <DIR> shell
10/29/2005 03:15 PM 5,120 Thumbs.db
01/10/2005 03:12 PM 11,502 watercolor.ico
01/10/2005 03:12 PM 63,304 Watercolor.jpg
01/10/2005 03:12 PM 2,715,792 Watercolor.msstyles
7 File(s) 2,851,504 bytes

Directory of F:\WINDOWS\Resources\Themes\WaterColor\shell

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> Ergonomic
07/12/2005 07:01 PM <DIR> normalcolor
07/12/2005 07:01 PM <DIR> Olive
07/12/2005 07:01 PM <DIR> Silver
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\WaterColor\shell\Ergonomic

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 395,776 shellstyle.dll
1 File(s) 395,776 bytes

Directory of F:\WINDOWS\Resources\Themes\WaterColor\shell\normalcolor

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 397,312 shellstyle.dll
1 File(s) 397,312 bytes

Directory of F:\WINDOWS\Resources\Themes\WaterColor\shell\Olive

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 397,312 shellstyle.dll
1 File(s) 397,312 bytes

Directory of F:\WINDOWS\Resources\Themes\WaterColor\shell\Silver

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 390,656 shellstyle.dll
1 File(s) 390,656 bytes

Directory of F:\WINDOWS\Resources\Themes\Wisp

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> Icons
07/12/2005 07:01 PM <DIR> shell
07/12/2005 07:01 PM <DIR> User Icon
07/12/2005 07:01 PM <DIR> Wallpaper
01/10/2005 03:12 PM 1,716,368 Wisp.msstyles
1 File(s) 1,716,368 bytes

Directory of F:\WINDOWS\Resources\Themes\Wisp\Icons

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 159,990 BIN Empty.ico
01/10/2005 03:12 PM 159,990 BIN Full.ico
01/10/2005 03:12 PM 159,990 Internet Explorer.ico
01/10/2005 03:12 PM 159,990 My Computer.ico
01/10/2005 03:12 PM 159,990 My Documents.ico
01/10/2005 03:12 PM 159,990 My Network.ico
01/10/2005 03:12 PM 518 Permission.txt
7 File(s) 960,458 bytes

Directory of F:\WINDOWS\Resources\Themes\Wisp\shell

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
07/12/2005 07:01 PM <DIR> normalcolor
0 File(s) 0 bytes

Directory of F:\WINDOWS\Resources\Themes\Wisp\shell\normalcolor

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 458,240 shellstyle.dll
1 File(s) 458,240 bytes

Directory of F:\WINDOWS\Resources\Themes\Wisp\User Icon

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 7,654 Wisp User Icon.bmp
1 File(s) 7,654 bytes

Directory of F:\WINDOWS\Resources\Themes\Wisp\Wallpaper

07/12/2005 07:01 PM <DIR> .
07/12/2005 07:01 PM <DIR> ..
01/10/2005 03:12 PM 54,845 Wisp.jpg
1 File(s) 54,845 bytes

Total Files Listed:
79 File(s) 26,906,564 bytes
131 Dir(s) 9,463,525,376 bytes free

3

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 29, 2005, 05:20:07 PM »

THEMES FOLDER

Files: 521,Blade, Eclipse, GEm, Luna, Panther, Watercolor, WIsp
WIndows Theme Files: 521-advance4-2, 521-minus4-2, blade, current, eclipse, gem, luna, panther, pantherg, watercolor blue, Watercolor egonomic, watercolor olive green, watercolor silver, windows classic, wisp
PROGRAMS: chronos.logonxp, sorrow logon.logonxp

RESOURCE FOLDER

files: boot, cursors, exploerer bar, icons, screensavers, themes

4

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 28, 2005, 10:03:52 PM »

YEa i see the folder so what do i do now doc?

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

5

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 28, 2005, 07:44:31 PM »

UMMMMM IS EVERYTHING ALL GOOOOOD?

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wacko.gif\' class=\'bbc_emoticon\' alt=\':wacko:\' />

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

6

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 26, 2005, 07:37:04 PM »

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"

Volume in drive F has no label.
Volume Serial Number is DCD8-C4C7

Directory of F:\Documents and Settings\Owner\Desktop

10/26/2005 05:35 PM <DIR> .
10/26/2005 05:35 PM <DIR> ..
06/19/2005 11:43 AM 332 find.bat
10/26/2005 05:35 PM 450 find.zip
05/09/2005 09:51 AM 115 Find1.bat
01/14/2005 08:26 PM 2,429 Microsoft Publisher.lnk
10/25/2005 07:49 PM <DIR> rdrivRem
10/26/2005 06:21 AM 3,704,147 Skyline_GTR_R34.zip
01/09/2005 11:11 PM 739 Spy Sweeper.lnk
6 File(s) 3,708,212 bytes

Directory of F:\Documents and Settings\Owner\Desktop\rdrivRem

10/25/2005 07:49 PM <DIR> .
10/25/2005 07:49 PM <DIR> ..
10/25/2005 05:49 PM 279 rdriv.txt
06/21/2005 10:40 PM 10,378 rdrivRem.bat
12/15/2001 11:27 AM 3,254 RegSrch.vbs
3 File(s) 13,911 bytes

Total Files Listed:
9 File(s) 3,722,123 bytes
5 Dir(s) 9,712,807,936 bytes free

THe program was not found on my computer through search.

7

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 26, 2005, 12:06:15 AM »

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WebrootDesktopFirewall] F:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Window Washer] F:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Webroot Desktop Firewall Data Service (WebrootDesktopFirewallDataService) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe (file missing)
O23 - Service: Webroot Desktop Firewall (WebrootFirewall) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - F:\WINDOWS\System32\wwSecure.exe

Things are running smoothly but i still have the classic windows toolbar because teh XP option is now non existant!

8

Tech Clinic / Strange error message when i try to install games

« on: October 25, 2005, 10:34:20 PM »

so when i try to install a game i get this error "F:\WINDOWS\SYSTEM32\AUTOEXEC.NT The system file is not suitable for running MS-DOS and Microsoft Windows applications." Im sure its not the program that i try to install but something is up with my computer. any help would be appreciated thanks!

9

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 25, 2005, 09:43:56 PM »

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!

10

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 25, 2005, 07:51:12 PM »

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "csrsssvc.exe" 10/25/2005 5:50:29 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Update Service 2005]
"command"="csrsssvc.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\OLE]
"Microsoft Update Service 2005"="csrsssvc.exe"

[HKEY_USERS\S-1-5-21-1757981266-1383384898-682003330-1003\Software\Microsoft\OLE]
"Microsoft Update Service 2005"="csrsssvc.exe"

[HKEY_USERS\S-1-5-21-1757981266-1383384898-682003330-1003\Software\Webroot\SpySweeper\Startup\2_Microsoft Update Service 2005]
"path"="csrsssvc.exe"

[HKEY_USERS\S-1-5-21-1757981266-1383384898-682003330-1003\Software\Webroot\SpySweeper\Startup\2_Microsoft Update Service 2005]
"command"="csrsssvc.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\OLE]
"Microsoft Update Service 2005"="csrsssvc.exe"

11

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 24, 2005, 11:54:25 PM »

i did

12

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 24, 2005, 08:21:00 AM »

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "csrsssvc.exe" 10/24/2005 6:20:07 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Update Service 2005]
"command"="csrsssvc.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\OLE]
"Microsoft Update Service 2005"="csrsssvc.exe"

[HKEY_USERS\S-1-5-21-1757981266-1383384898-682003330-1003\Software\Microsoft\OLE]
"Microsoft Update Service 2005"="csrsssvc.exe"

[HKEY_USERS\S-1-5-21-1757981266-1383384898-682003330-1003\Software\Webroot\SpySweeper\Startup\2_Microsoft Update Service 2005]
"path"="csrsssvc.exe"

[HKEY_USERS\S-1-5-21-1757981266-1383384898-682003330-1003\Software\Webroot\SpySweeper\Startup\2_Microsoft Update Service 2005]
"command"="csrsssvc.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\OLE]
"Microsoft Update Service 2005"="csrsssvc.exe"

13

Tech Clinic / sound help

« on: October 23, 2005, 08:11:34 PM »

ok so heres the problem. I had sound but then it like cut off. when i go to control panels and look at the sound file it says no sound device detected which is odd because my speakers are hooked. i tried to reinstall the driver but that didnt work. any ideas on how to fix this?

14

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 23, 2005, 08:01:26 PM »

Thank you so much for your help i now have 10 gigs of memory!!
um by the way when i un hid the folders my XP toolbar went back to teh classic one and i cant change it what shalll i do?

Logfile of HijackThis v1.99.1
Scan saved at 5:58:54 PM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\wwSecure.exe
F:\WINDOWS\System32\imapi.exe
F:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WebrootDesktopFirewall] F:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Window Washer] F:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Webroot Desktop Firewall Data Service (WebrootDesktopFirewallDataService) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe (file missing)
O23 - Service: Webroot Desktop Firewall (WebrootFirewall) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - F:\WINDOWS\System32\wwSecure.exe

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         5:52:51 PM, 10/23/2005
+ Report-Checksum:      A8352EA3

+ Scan result:

   :mozilla.6:F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m14j8t8q.dsfg\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.8:F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m14j8t8q.dsfg\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.9:F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m14j8t8q.dsfg\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.18:F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m14j8t8q.dsfg\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.19:F:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\m14j8t8q.dsfg\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   F:\Program Files\Yahoo!\YPSR\Quarantine\20050615212940.zip/thin-85-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
   F:\Program Files\Yahoo!\YPSR\Quarantine\20050616175032.zip/thin-85-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
   F:\Program Files\Yahoo!\YPSR\Quarantine\20050618100547.zip/thin-85-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
   F:\Program Files\Yahoo!\YPSR\Quarantine\20050618113440.zip/thin-85-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
   F:\Program Files\Yahoo!\YPSR\Quarantine\20050618124343.zip/thin-85-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
   F:\Program Files\Yahoo!\YPSR\Quarantine\20050618142625.zip/thin-85-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
   F:\Program Files\Yahoo!\YPSR\Quarantine\20050618150918.zip/thin-85-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup

::Report End

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 9/3/2002 9:30:40 AM 41397 F:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/9/2005 1:32:28 PM 692736 F:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/9/2005 1:32:28 PM 692736 F:\WINDOWS\SYSTEM32\DivX.dll
Umonitor 9/3/2002 9:54:44 AM 631808 F:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 9/3/2002 10:10:48 AM 1309184 F:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in F:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/23/2005 3:13:12 PM S 2048 F:\WINDOWS\bootstat.dat
10/16/2005 10:44:54 AM H 54156 F:\WINDOWS\QTFont.qfn
10/23/2005 9:57:04 AM H 0 F:\WINDOWS\inf\oem2.inf
9/10/2005 3:33:50 PM H 65536 F:\WINDOWS\Minidump\Mini091005-01.dmp
9/10/2005 3:36:24 PM H 65536 F:\WINDOWS\Minidump\Mini091005-02.dmp
9/22/2005 6:32:10 PM H 65536 F:\WINDOWS\Minidump\Mini092205-01.dmp
10/18/2005 7:36:52 PM H 65536 F:\WINDOWS\Minidump\Mini101805-01.dmp
10/23/2005 3:45:50 PM H 1024 F:\WINDOWS\system32\config\default.LOG
10/23/2005 3:13:14 PM H 1024 F:\WINDOWS\system32\config\SAM.LOG
10/23/2005 4:13:18 PM H 1024 F:\WINDOWS\system32\config\SECURITY.LOG
10/23/2005 4:11:56 PM H 1024 F:\WINDOWS\system32\config\software.LOG
10/23/2005 4:13:20 PM H 1024 F:\WINDOWS\system32\config\system.LOG
10/7/2005 1:36:12 PM HS 388 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\657d97a4-7f06-4ce9-b3ad-633af9e86cfb
10/7/2005 1:36:12 PM HS 24 F:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/23/2005 3:13:14 PM H 6 F:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 9/3/2002 9:26:48 AM 66048 F:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 9/3/2002 9:27:24 AM 578560 F:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 9/10/2002 4:07:54 PM 716800 F:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 9/3/2002 9:30:36 AM 129024 F:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 9/3/2002 9:34:00 AM 150016 F:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 1/13/2003 3:01:10 PM 94208 F:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 9/3/2002 9:35:14 AM 292352 F:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 9/3/2002 9:35:24 AM 121856 F:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 9/3/2002 9:37:12 AM 65536 F:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/6/2004 10:31:48 PM 49265 F:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 9/3/2002 9:40:02 AM 187904 F:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 9/3/2002 9:42:08 AM 559616 F:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 9/3/2002 9:47:04 AM 35840 F:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 9/3/2002 9:50:26 AM 256000 F:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 9/3/2002 9:50:44 AM 36864 F:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 9/3/2002 9:52:44 AM 109056 F:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 F:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 9/3/2002 10:05:50 AM 268288 F:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 9/3/2002 10:06:38 AM 28160 F:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 9/3/2002 10:06:48 AM 90112 F:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 F:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 9/3/2002 9:26:48 AM 66048 F:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 9/3/2002 9:27:24 AM 578560 F:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 9/3/2002 9:30:36 AM 129024 F:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 9/3/2002 9:34:00 AM 150016 F:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 9/3/2002 9:35:14 AM 292352 F:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 9/3/2002 9:35:24 AM 121856 F:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 9/3/2002 9:37:12 AM 65536 F:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 9/3/2002 9:40:02 AM 187904 F:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 9/3/2002 9:42:08 AM 559616 F:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 9/3/2002 9:47:04 AM 35840 F:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 9/3/2002 9:50:26 AM 256000 F:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 9/3/2002 9:50:44 AM 36864 F:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 9/3/2002 9:52:44 AM 109056 F:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 9/3/2002 9:57:12 AM 147456 F:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 9/3/2002 10:05:50 AM 268288 F:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 9/3/2002 10:06:38 AM 28160 F:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 9/3/2002 10:06:48 AM 90112 F:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Intel Corporation 1/13/2003 3:01:10 PM 94208 F:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/24/2005 6:34:44 PM 986 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
1/9/2005 10:07:12 PM 1757 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
1/9/2005 6:51:08 PM HS 84 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
1/9/2005 7:08:26 PM 493 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
7/9/2005 3:08:00 PM 1730 F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/9/2005 10:41:40 AM HS 62 F:\Documents and Settings\All Users\Application Data\desktop.ini
2/15/2005 7:13:10 PM 5 F:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt

Checking files in %USERPROFILE%\Startup folder...
1/9/2005 6:51:08 PM HS 84 F:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
1/9/2005 10:06:04 PM 1215 F:\Documents and Settings\Owner\Application Data\AdobeDLM.log
1/9/2005 10:41:40 AM HS 62 F:\Documents and Settings\Owner\Application Data\desktop.ini
1/9/2005 10:06:04 PM 0 F:\Documents and Settings\Owner\Application Data\dm.ini
5/22/2005 2:55:04 PM 65720 F:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
       =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
   {063FDFED-6FD9-407C-8E6A-1EFA75CBCCD5}    =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Washer
   {6EE51AA0-77A0-11D7-B4E1-000347126E46}    = F:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = F:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = F:\WINDOWS\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
   {7C9D5882-CB4A-4090-96C8-430BFE8B795B}    = F:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = F:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Washer
   {6EE51AA0-77A0-11D7-B4E1-000347126E46}    = F:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = F:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = F:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
   Yahoo! Companion BHO = F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : F:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : F:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : F:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   AdaptecDirectCD   "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
   WebrootDesktopFirewall   F:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
   KernelFaultCheck   %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   Window Washer   F:\Program Files\Webroot\Washer\wwDisp.exe
   ctfmon.exe   F:\WINDOWS\System32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BJCFD
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   CFD
   hkey   HKLM
   command   F:\Program Files\BroadJump\Client Foundation\CFD.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   CFD
   hkey   HKLM
   command   F:\Program Files\BroadJump\Client Foundation\CFD.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Update Service 2005
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   csrsssvc
   hkey   HKLM
   command   csrsssvc.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   csrsssvc
   hkey   HKLM
   command   csrsssvc.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   qttask
   hkey   HKLM
   command   "F:\Program Files\QuickTime\qttask.exe" -atboottime
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   qttask
   hkey   HKLM
   command   "F:\Program Files\QuickTime\qttask.exe" -atboottime
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   jusched
   hkey   HKLM
   command   F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   jusched
   hkey   HKLM
   command   F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   0
   services   0
   startup   2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = F:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = F:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = F:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/23/2005 4:13:55 PM

15

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 23, 2005, 04:34:23 PM »

Logfile of HijackThis v1.99.1
Scan saved at 12:51:20 PM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {AFEE564B-00AC-7030-0E3C-0C3FC8D51CC8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WebrootDesktopFirewall] F:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
O4 - HKLM\..\Run: [Windows DLL Loader] F:\WINDOWS\RUNDLL16.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Window Washer] F:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = F:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Webroot Desktop Firewall Data Service (WebrootDesktopFirewallDataService) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe (file missing)
O23 - Service: Webroot Desktop Firewall (WebrootFirewall) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - F:\WINDOWS\System32\wwSecure.exe

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         1:11:32 PM, 10/23/2005
+ Report-Checksum:      A8F76DD3

+ Scan result:

   F:\WINDOWS\lsass.exe -> Backdoor.SdBot.xd : Cleaned with backup
   F:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
   F:\WINDOWS\system32\213vmVnzH.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\31.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\7.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\aim.exe -> Backdoor.SdBot.yn : Cleaned with backup
   F:\WINDOWS\system32\brbOBV6M.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\CVo.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\E.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\fUc6.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\ib3.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\J.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\JFms8.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\K22lffm.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\K7ygoCr3.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\L7.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\lASkrLeLj.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\M2FbUOI6f.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\qOPgLxF.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\rdriv.sys -> Trojan.Rootkit.k : Cleaned with backup
   F:\WINDOWS\system32\uAbmzn.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\system32\zBLMJ1Yo.exe -> Spyware.WinFetcher : Cleaned with backup
   F:\WINDOWS\temp.bat -> Trojan.Zapchast : Cleaned with backup

::Report End
the ewido report is from fast scan because in system scan. after scanning all of teh files, an error message pops up for all of the infected files which is about 16000.It says:F/Documents and Settings/Owner/complete...... cannot be removed because it is enbedded in the archive...... Do you want to remove the whole archive? and this is for all of the files inside of complete. I get an error message that says file not found when i run winpfind.exe. thanks for your help so far.

16

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 22, 2005, 11:27:08 PM »

sorry that was me not logged in above.
I did all u have told me. but in ewido after the scan i had to delete everything manually meaning i had to delte 16000 files all by clicking yes. is there another way to fix the problem? has anyone else have the problem?

Logfile of HijackThis v1.99.1
Scan saved at 11:57:33 PM, on 10/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\WINDOWS\RUNDLL16.EXE
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\wwSecure.exe
F:\Program Files\AIM\aim.exe
F:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido\security suite\securitysuite.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {AFEE564B-00AC-7030-0E3C-0C3FC8D51CC8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WebrootDesktopFirewall] F:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
O4 - HKLM\..\Run: [Windows DLL Loader] F:\WINDOWS\RUNDLL16.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Window Washer] F:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = F:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Windows Packet Driver (packet) - Unknown owner - F:\WINDOWS\System32\packet.exe (file missing)
O23 - Service: Webroot Desktop Firewall Data Service (WebrootDesktopFirewallDataService) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe (file missing)
O23 - Service: Webroot Desktop Firewall (WebrootFirewall) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - F:\WINDOWS\System32\wwSecure.exe

17

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

« on: October 21, 2005, 11:42:12 PM »

Well all of the sudden my F: drive is out of memory even though i had a bout 4gigs left a few days ago. Webroot didnt detect anything but im not sure so any help would be appreciated.

logfile of HijackThis v1.99.1
Scan saved at 9:37:35 PM, on 10/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\Program Files\winupdates\winupdates.exe
F:\WINDOWS\RUNDLL16.EXE
F:\Program Files\MsMovies\MsMovies.exe
F:\WINDOWS\System32\winlogi.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Digital Line Detect\DLG.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\System32\packet.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\wwSecure.exe
F:\Program Files\AIM\aim.exe
C:\firefox.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CD23G56J\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {AFEE564B-00AC-7030-0E3C-0C3FC8D51CC8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [winupdates] F:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [WebrootDesktopFirewall] F:\Program Files\Webroot\Desktop Firewall\webrootdesktopfirewall.exe -t
O4 - HKLM\..\Run: [Windows DLL Loader] F:\WINDOWS\RUNDLL16.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MsMovies] F:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [Window Washer] F:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = F:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Windows Packet Driver (packet) - Unknown owner - F:\WINDOWS\System32\packet.exe
O23 - Service: Webroot Desktop Firewall Data Service (WebrootDesktopFirewallDataService) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe (file missing)
O23 - Service: Webroot Desktop Firewall (WebrootFirewall) - Unknown owner - F:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - F:\WINDOWS\System32\wwSecure.exe

TheTechGuide Forum

News:

Messages - skyline

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Strange error message when i try to install games

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / sound help

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!

Tech Clinic / Virtual-IE eating up F: drive memory PLEASE HELP!