Messages

1

Tech Clinic / Wireless Network Problem

« on: April 23, 2006, 05:22:56 PM »

Hello,

My neighbor has a wireless network between a Windows XP computer (the main desktop) and a Windows 2000 laptop. It was a WEP key to protected it.

The problem is, all of a sudden the laptop will not recieve any signal from the main computer. All of the proper information is entered (SSID, WEP, Channel) but it still don't not recieve any signal even though it sees the network is there.

Any help would be appreciated.

Thanks.

2

Tech Clinic / Please Help Me

« on: March 19, 2006, 03:09:04 PM »

Ok, thank you so much!

3

Tech Clinic / Please Help Me

« on: March 19, 2006, 02:46:57 PM »

Here you go:


PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Alerter
   DEPENDENCIES     : LanmanWorkstation
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\alg.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Application Layer Gateway Service
   DEPENDENCIES     :
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Application Management
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : ASP.NET State Service
   DEPENDENCIES     :
   SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : AudioGroup
   TAG        : 0
   DISPLAY_NAME     : Windows Audio
   DEPENDENCIES     : PlugPlay
           : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Background Intelligent Transfer Service
   DEPENDENCIES     : Rpcss
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 60000 seconds
           : Restart   DELAY: 60000 seconds
           : Restart   DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Computer Browser
   DEPENDENCIES     : LanmanWorkstation
           : LanmanServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
   TYPE        : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\cisvc.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Indexing Service
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\clipsrv.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : ClipBook
   DEPENDENCIES     : NetDDE
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : COM+ System Application
   DEPENDENCIES     : rpcss
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 30 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 1000 seconds
           : Restart   DELAY: 5000 seconds
           : None   DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Cryptographic Services
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k DcomLaunch
   LOAD_ORDER_GROUP  : Event Log
   TAG        : 0
   DISPLAY_NAME     : DCOM Server Process Launcher
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS     : Reboot   DELAY: 60000 seconds

SERVICE_NAME: DefWatch
(null)
   TYPE        : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\Program Files\NavNT\defwatch.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : DefWatch
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : TDI
   TAG        : 0
   DISPLAY_NAME     : DHCP Client
   DEPENDENCIES     : Tcpip
           : Afd
           : NetBT
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\dmadmin.exe /com
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Logical Disk Manager Administrative Service
   DEPENDENCIES     : RpcSs
           : PlugPlay
           : DmServer
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Logical Disk Manager
   DEPENDENCIES     : RpcSs
           : PlugPlay
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k NetworkService
   LOAD_ORDER_GROUP  : TDI
   TAG        : 0
   DISPLAY_NAME     : DNS Client
   DEPENDENCIES     : Tcpip
   SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Error Reporting Service
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
   LOAD_ORDER_GROUP  : Event log
   TAG        : 0
   DISPLAY_NAME     : Event Log
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : Network
   TAG        : 0
   DISPLAY_NAME     : COM+ Event System
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ewido security suite control
(null)
   TYPE        : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\Program Files\ewido anti-malware\ewidoctrl.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : ewido security suite control
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Fast User Switching Compatibility
   DEPENDENCIES     : TermService
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\fxssvc.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Fax
   DEPENDENCIES     : TapiSrv
           : RpcSs
           : PlugPlay
           : Spooler
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Help and Support
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 100 seconds
           : Restart   DELAY: 100 seconds
           : None   DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Human Interface Device Access
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : HTTP SSL
   DEPENDENCIES     : HTTP
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: IDriverT
Provides support for the Running Object Table for InstallShield Drivers
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : InstallDriver Table Manager
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\imapi.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : IMAPI CD-Burning COM Service
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: iPodService
iPod hardware management services
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\Program Files\iPod\bin\iPodService.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : iPodService
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Server
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : NetworkProvider
   TAG        : 0
   DISPLAY_NAME     : Workstation
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP  : TDI
   TAG        : 0
   DISPLAY_NAME     : TCP/IP NetBIOS Helper
   DEPENDENCIES     : NetBT
           : Afd
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Messenger
   DEPENDENCIES     : LanmanWorkstation
           : NetBIOS
           : PlugPlay
           : RpcSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\mnmsrvc.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : NetMeeting Remote Desktop Sharing
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\msdtc.exe
   LOAD_ORDER_GROUP  : MS Transactions
   TAG        : 0
   DISPLAY_NAME     : Distributed Transaction Coordinator
   DEPENDENCIES     : RPCSS
           : SamSS
   SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\msiexec.exe /V
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Windows Installer
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
   LOAD_ORDER_GROUP  : NetDDEGroup
   TAG        : 0
   DISPLAY_NAME     : Network DDE
   DEPENDENCIES     : NetDDEDSDM
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Network DDE DSDM
   DEPENDENCIES     :
           : EGrLocalSystem
           : Network DDE DSDM
           : etwork DDE
           : workService
           : Distributed Transaction Coordinator
           : ion
           : gs\Micha‚
           : 
           : ú
           : 
           : ˆK6
           : x
6
           : ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
           :  
           : u
           : n
           : a
           : v
           : a
           : i
           : l
           : a
           : b
           : l
           : e
           : .
           :  
           : I
           : f
           :  
           : t
           : h
           : i
           : s
           :  
           : s
           : e
           : r
           : v
           : i
           : c
           : e
           :  
           : i
           : s
           :  
           : d
           : i
           : s
           : a
           : b
           : l
           : e
           : d
           : ,
           :  
           : a
           : n
           : y
           :  
           : s
           : e
           : r
           : v
           : i
           : c
           : e
           : s
           :  
           : t
           : h
           : a
           : t
           :  
           : e
           : x
           : p
           : l
           : i
           : c
           : i
           : t
           : l
           : y
           :  
           : d
           : e
           : p
           : e
           : n
           : d
           :  
           : o
           : n
           :  
           : i
           : t
           :  
           : w
           : i
           : l
           : l
           :  
           : f
           : a
           : i
           : l
           :  
           : t
           : o
           :  
           : s
           : t
           : a
           : r
           : t
           : .
           :  
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
   LOAD_ORDER_GROUP  : RemoteValidation
   TAG        : 0
   DISPLAY_NAME     : Net Logon
   DEPENDENCIES     : LanmanWorkstation
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
   TYPE        : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Network Connections
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Network Location Awareness (NLA)
   DEPENDENCIES     : Tcpip
           : Afd
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Norton AntiVirus Server
(null)
   TYPE        : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\Program Files\NavNT\rtvscan.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Norton AntiVirus Client
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : NT LM Security Support Provider
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Removable Storage
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
   LOAD_ORDER_GROUP  : PlugPlay
   TAG        : 0
   DISPLAY_NAME     : Plug and Play
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : IPSEC Services
   DEPENDENCIES     : RPCSS
           : Tcpip
           : IPSec
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
   TYPE        : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Protected Storage
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Remote Access Auto Connection Manager
   DEPENDENCIES     : RasMan
           : Tapisrv
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Remote Access Connection Manager
   DEPENDENCIES     : Tapisrv
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\sessmgr.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Remote Desktop Help Session Manager
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 4  DISABLED
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Routing and Remote Access
   DEPENDENCIES     : RpcSS
           : +NetBIOSGroup
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\locator.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Remote Procedure Call (RPC) Locator
   DEPENDENCIES     : LanmanWorkstation
   SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k rpcss
   LOAD_ORDER_GROUP  : COM Infrastructure
   TAG        : 0
   DISPLAY_NAME     : Remote Procedure Call (RPC)
   DEPENDENCIES     :
   SERVICE_START_NAME: NT Authority\NetworkService
   FAIL_RESET_PERIOD : 0 seconds
   FAILURE_ACTIONS     : Reboot   DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\rsvp.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : QoS RSVP
   DEPENDENCIES     : TcpIp
           : Afd
           : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
   LOAD_ORDER_GROUP  : LocalValidation
   TAG        : 0
   DISPLAY_NAME     : Security Accounts Manager
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\WINDOWS\System32\SCardSvr.exe
   LOAD_ORDER_GROUP  : SmartCardGroup
   TAG        : 0
   DISPLAY_NAME     : Smart Card
   DEPENDENCIES     : PlugPlay
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : SchedulerGroup
   TAG        : 0
   DISPLAY_NAME     : Task Scheduler
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Secondary Logon
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : Network
   TAG        : 0
   DISPLAY_NAME     : System Event Notification
   DEPENDENCIES     : EventSystem
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Windows Firewall/Internet Connection Sharing (ICS)
   DEPENDENCIES     : Netman
           : WinMgmt
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : ShellSvcGroup
   TAG        : 0
   DISPLAY_NAME     : Shell Hardware Detection
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
   TYPE        : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\spoolsv.exe
   LOAD_ORDER_GROUP  : SpoolerGroup
   TAG        : 0
   DISPLAY_NAME     : Print Spooler
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 60000 seconds
           : Restart   DELAY: 60000 seconds
           : None   DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : System Restore Service
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : SSDP Discovery Service
   DEPENDENCIES     : HTTP
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k imgsvc
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Windows Image Acquisition (WIA)
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3}
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : MS Software Shadow Copy Provider
   DEPENDENCIES     : rpcss
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\smlogsvc.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Performance Logs and Alerts
   DEPENDENCIES     :
   SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Telephony
   DEPENDENCIES     : PlugPlay
           : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost -k DComLaunch
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Terminal Services
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : UIGroup
   TAG        : 0
   DISPLAY_NAME     : Themes
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 60000 seconds
           : Restart   DELAY: 60000 seconds
           : None   DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Distributed Link Tracking Client
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Universal Plug and Play Device Host
   DEPENDENCIES     : SSDPSRV
           : HTTP
   SERVICE_START_NAME: NT AUTHORITY\LocalService
   FAIL_RESET_PERIOD : -1 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\ups.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Uninterruptible Power Supply
   DEPENDENCIES     :
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\vssvc.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Volume Shadow Copy
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: w32time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Windows Time
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 5 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 60000 seconds
           : Restart   DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
   LOAD_ORDER_GROUP  : NetworkProvider
   TAG        : 0
   DISPLAY_NAME     : WebClient
   DEPENDENCIES     : MRxDAV
   SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 0  IGNORE
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Windows Management Instrumentation
   DEPENDENCIES     : RPCSS
           : Eventlog
   SERVICE_START_NAME: LocalSystem
   FAIL_RESET_PERIOD : 86400 seconds
   FAILURE_ACTIONS     : Restart   DELAY: 60000 seconds
           : Restart   DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Portable Media Serial Number Service
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
   TYPE        : 10 WIN32_OWN_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\wbem\wmiapsrv.exe
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : WMI Performance Adapter
   DEPENDENCIES     : RPCSS
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Security Center
   DEPENDENCIES     : RpcSs
           : winmgmt
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Automatic Updates
   DEPENDENCIES     :
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 2  AUTO_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  : TDI
   TAG        : 0
   DISPLAY_NAME     : Wireless Zero Configuration
   DEPENDENCIES     : RpcSs
           : Ndisuio
   SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
   TYPE        : 20 WIN32_SHARE_PROCESS
   START_TYPE     : 3  DEMAND_START
   ERROR_CONTROL     : 1  NORMAL
   BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
   LOAD_ORDER_GROUP  :
   TAG        : 0
   DISPLAY_NAME     : Network Provisioning Service
   DEPENDENCIES     : RpcSs
   SERVICE_START_NAME: LocalSystem

4

Tech Clinic / Please Help Me

« on: March 19, 2006, 02:25:55 PM »

The Mcafee programs are gone. The folder deleted fine in safe mode.

By the way, I am returning this computer back to my friend tonight.

Here is another HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:18:33 PM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

5

Tech Clinic / Please Help Me

« on: March 19, 2006, 01:33:15 PM »

I did everything you asked, but I do not have the original discs that came with the computer so that option is out. McAfee Security Center is now not on the add/ remove programs list, but the program is still there (along with the McAfee AntiVirus program).

Here is a HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:02 AM, on 3/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

6

Tech Clinic / Please Help Me

« on: March 18, 2006, 06:15:29 PM »

I deleted the files and ran ewido.

The computer is runnuing great. Thre are no prolems that I can see. The only thing is just the fact that McAfee will not uninstall and Windows Update does not install updates.

Here is the report:

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         2:20:01 PM, 3/18/2006
 + Report-Checksum:      675615BD

 + Scan result:

   C:\Documents and Settings\Andrea Sanders\Cookies\andrea [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Michael Sanders\Cookies\michael [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\WINDOWS\inst_adperform.exe -> Adware.BargainBuddy : Cleaned with backup


::Report End

7

Tech Clinic / Please Help Me

« on: March 18, 2006, 12:55:38 PM »

It all went very smoothly. Here are the logs:

USER 1:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:26 AM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qwinosag.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


USER 2:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:34 AM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\Regclean.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qwinosag.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


USER 3:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:41 AM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\SYSTEM32\Userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


USER 4:

Logfile of HijackThis v1.99.1
Scan saved at 10:52:32 AM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

8

Tech Clinic / Please Help Me

« on: March 17, 2006, 06:27:50 PM »

On this computer there are 4 users, alla with administrator privlages. Here are there logs:

USER 1 (the main user I have been using):

Logfile of HijackThis v1.99.1
Scan saved at 4:22:07 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\qwinosag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\qwinosag.exe TST001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


USER 2 (the user with the two file errors on start up:

Logfile of HijackThis v1.99.1
Scan saved at 4:16:44 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\qwinosag.exe TST001
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\Regclean.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000123.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qwinosag.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


USER 3 (no visable problems):

Logfile of HijackThis v1.99.1
Scan saved at 4:19:19 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50093
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quicksearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\qwinosag.exe TST001
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qwinosag.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


USER 4 (no visable problems):

Logfile of HijackThis v1.99.1
Scan saved at 4:20:59 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\qwinosag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\SYSTEM32\qwinosag.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50093
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\qwinosag.exe TST001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qwinosag.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

9

Tech Clinic / Please Help Me

« on: March 16, 2006, 11:42:24 PM »

Ok, after logging into another one of the accounts on the computer, the following two files are not able to be found so error messages come up:

C:\WINDOWS\inet20003\services.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe

10

Tech Clinic / Please Help Me

« on: March 16, 2006, 09:43:04 PM »

Okay, after installing SP2, I found out I had 7 critical updates, so I downloaded them, but they wouldn't install; however, they did install after I shut down the computer. When I try to install updates through the Windows Update in IE, the error I get says: "Problem: A problem on your computer is preventing updates from being downloaded or installed."

With McAfee, in that folder, there was no specific version number found, but in a readme.txt file it called the AntiVirus software "Mcafee.com AntiVirus Online." At THIS LINK I put up a picture to show you what the McAfee Security Center looks like. I hope that helps.

Here is the Hosts file from HJT:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

127.0.0.1       www.f1organizer.com #removed adware url
127.0.0.1       www.netpalnow.com   #removed adware url
127.0.0.1       www.addictivetechnologies.com #removed adware url
127.0.0.1       www.mindseti.com #removed adware url
127.0.0.1       www.mindsetinteractive.com #removed adware url
127.0.0.1  1-se.com #[cws.aboutblank][w32.tuoba.trojan]
127.0.0.1  www.1-se.com #[vbs.startpage.c]
127.0.0.1  1stpagehere.com
127.0.0.1  www.1stpagehere.com
127.0.0.1  www.31234.com #[cws.msconfig]
127.0.0.1  356563.net #[win32.winshow.g]
127.0.0.1  www.356563.net
127.0.0.1  4-counter.com #[cws.winproc32][icanfindit.net]
127.0.0.1  75tz.com #[win32.winshow.g]
127.0.0.1  www.75tz.com
127.0.0.1  8ad.com #[parasite.winshow]
127.0.0.1  www.8ad.com
127.0.0.1  adasearch.com
127.0.0.1  www.adasearch.com
127.0.0.1  adulthyperlinks.com #[parasite.coolwebsearch]
127.0.0.1  www.adulthyperlinks.com
127.0.0.1  acc.count-all.com #[cws.tapicfg]
127.0.0.1  aifind.biz
127.0.0.1  www.aifind.biz #[aifind.cc][troj/startpg-bg]
127.0.0.1  aifind.com
127.0.0.1  www.aifind.com
127.0.0.1  aifind.info #[cws.xmlmimefilter][trojan.bookmarker.b,f]
127.0.0.1  allhyperlinks.com #[cws.dnsrelay]
127.0.0.1  www.allhyperlinks.com #[cws.oslogo][cws.oemsyspnp]
127.0.0.1  alfa-search.com #[cws.alfasearch]
127.0.0.1  www.alfa-search.com
127.0.0.1  allneedsearch.com #[troj_startpage.b][find-itnow.com]
127.0.0.1  approvedlinks.com #[super-spider.com]
127.0.0.1  best-search.info #[cws.smartfinder.2]
127.0.0.1  blanksearch.biz #[cws.jksearch]
127.0.0.1  cashsearch.biz #[cws.jksearch]
127.0.0.1  www.clearsearch.net
127.0.0.1  www.coolfreehost.com
127.0.0.1  coolwebsearch.biz
127.0.0.1  www.crooder.com
127.0.0.1  defaultsearching.com #[cws.sounddrv][searchmeup.com]
127.0.0.1  www.e-finder.cc #[cws.addclass.2][startpage-da]
127.0.0.1  ehttp.cc #[cws.addclass][troj_startpage.d]
127.0.0.1  enjoysearch.info #[cws.xxxvideo]
127.0.0.1  www.enjoysearch.info
127.0.0.1  e-plus.cc #[adware.worldsearch]
127.0.0.1  fastsearch.cc #[cws.tapicfg.2][adware.searchcounter]
127.0.0.1  fast-search.us #[cws.docobj]
127.0.0.1  fastwebfinder.com #[app/fastweb-a][adware.fastwebfinder]
127.0.0.1  www.fastwebfinder.com #[cws.aff.tooncomics.2][search.targetwords.com]
127.0.0.1  findemnow.com
127.0.0.1  www.findemnow.com
127.0.0.1  find-itnow.com #[w32.bizten][cws.alfasearch.2]
127.0.0.1  just.find-itnow.com #[startpage-au]
127.0.0.1  www.find-itnow.com #[w32.hostidel.trojan][troj_hostidel.a]
127.0.0.1  findloss.com #[umaxsearch.com]
127.0.0.1  www.findloss.com
127.0.0.1  find-online.net #[troj_startpag.gy]
127.0.0.1  www.find-online.net
127.0.0.1  firstbookmark.com #[parasite.clientman]
127.0.0.1  www.firstbookmark.com
127.0.0.1  www.geo-traffic.com #[redirects to search.msmn.com]
127.0.0.1  globe-finder.cc #[win32.startpage.n]
127.0.0.1  globe-finder.net #[clearsearch.net]
127.0.0.1  www.globe-finder.net
127.0.0.1  global-finder.com #[cws.msinfo]
127.0.0.1  www.global-finder.com
127.0.0.1  gonnasearch.com #[cws.gonnasearch]
127.0.0.1  www.gonnasearch.com #[supaseek.com]
127.0.0.1  greatsearch.biz #[cws.jksearch]
127.0.0.1  greg-search.com #[trojandropper.win32.small.cw]
127.0.0.1  www.greg-search.com
127.0.0.1  hotbookmark.com #[troj/iestart-f]
127.0.0.1  www.hotbookmark.com
127.0.0.1  idgsearch.com #[googlems search helper][cws.googlems]
127.0.0.1  www.idgsearch.com #[trojan.digits]
127.0.0.1  icansearch.net
127.0.0.1  www.icansearch.net
127.0.0.1  ie-search.com #[cws.loadbat][umaxsearch.com]
127.0.0.1  www.ie-search.com
127.0.0.1  iefeadsl.com #[win32.winshow.g]
127.0.0.1  jksearch.biz #[cws.jksearch][startpage-dc]
127.0.0.1  lookfor.cc #[troj_iefeats.a]
127.0.0.1  www.lookfor.cc
127.0.0.1  luckysearch.net #[cws.tapicfg]
127.0.0.1  www.luckysearch.net
127.0.0.1  lustler.com
127.0.0.1  www.lustler.com
127.0.0.1  madfinder.com #[backdoor.madfind][madfinder]
127.0.0.1  www.madfinder.com #[cws.aff.madfinder][downloader-eu]
127.0.0.1  martfinder.com #[adware.startpage][troj/startpa-gh]
127.0.0.1  www.martfinder.com
127.0.0.1  404.msmn.com
127.0.0.1  search.msmn.com
127.0.0.1  gotosearch.msmn.com
127.0.0.1  bjvvhk.t.muxa.cc #[adware.raxums][random sub-domains]
127.0.0.1  myexexex.com #[cws.jsconsole]
127.0.0.1  www.myexexex.com
127.0.0.1  ntsearch.com
127.0.0.1  www.ntsearch.com #[trojan.win32.spooner.d][adware-nsearch]
127.0.0.1  omega-search.com #[cws.olehelp][trojan.bookmarker.d]
127.0.0.1  best.omega-search.com
127.0.0.1  www.omega-search.com
127.0.0.1  payfortraffic.net #[cws.dnsrelay.3][cws.msole]
127.0.0.1  www.payfortraffic.net
127.0.0.1  power-search.info #[trojan.bookmarker.g]
127.0.0.1  www.power-search.info
127.0.0.1  real-yellow-page.com #[cws.realyellowpage]
127.0.0.1  rightfinder.net #[cws.addclass.2]
127.0.0.1  www.rightfinder.net #[troj/startpg-ay]
127.0.0.1  riviera.cc
127.0.0.1  opti.riviera.cc
127.0.0.1  runsearch.com #[cws.mupdate]
127.0.0.1  www.runsearch.com
127.0.0.1  searchcentral.cc
127.0.0.1  searchdesire.com
127.0.0.1  search-dot.com #[cws.systeminit][adware.searchdot]
127.0.0.1  www.search-dot.com
127.0.0.1  searchx.cc #[cws.searchx][trojan.win32.startpage.fw]
127.0.0.1  searchpage.cc
127.0.0.1  search-town.net #[riviera.cc]
127.0.0.1  slawsearch.com #[cws.svchost32]
127.0.0.1  www.slawsearch.com #[cws.ctfmon32]
127.0.0.1  solongas.com #[cws.hputi]
127.0.0.1  start-space.com #[cws.qttasks]
127.0.0.1  www.start-space.com #[search-space.com][navext]
127.0.0.1  supersearch.com
127.0.0.1  www.supersearch.com #[cws.msoffice.3]
127.0.0.1  super-spider.com #[cws.control][troj_krepper.i]
127.0.0.1  tadstore.cc #[cws.addclass.2][rightfinder.net]
127.0.0.1  t.rack.cc #[troj_seeker.b]
127.0.0.1  roquvp.t.rack.cc
127.0.0.1  thebestse.com #[searchmeup.com]
127.0.0.1  www.thebestse.com
127.0.0.1  the-exit.com
127.0.0.1  www.the-exit.com
127.0.0.1  www.the-huns-yellow-pages.com
127.0.0.1  search.thestex.com #[cws.yexe]
127.0.0.1  topfivesearch.com
127.0.0.1  www.topfivesearch.com
127.0.0.1  toteen.com #[trojan.bookmarker.g]
127.0.0.1  out.true-counter.com #[trojan.bootconf][cws.msinfo]
127.0.0.1  true-counter.com #[trojan.slog]
127.0.0.1  www.true-counter.com
127.0.0.1  in.webcounter.cc #[cws.tapicfg.2][adware.searchcounter]
127.0.0.1  www.wholeworldmarket.com #[cws.systeminit.2]
127.0.0.1  www.windowws.cc #[cws.control][search2004.net]
127.0.0.1  world-search.biz #[adware.worldsearch][e-plus.cc]
127.0.0.1  yellow-pages.ws #[searchmeup.com]
127.0.0.1  adult.yellow-pages.ws
127.0.0.1  search.yellow-pages.ws
127.0.0.1  www.yellow500.com #[troj/iestart-f]
127.0.0.1  www.yopta.info #[trojan.bookmarker.c][smart-finder.biz]
127.0.0.1  www.youfindall.com #[cws.aff.winshow]
127.0.0.1  www.your-search.info #[trojan.bookmarker.gen][cws.systeminit]
127.0.0.1  xwebsearch.biz #[cws.svcinit][cws.dreplace][backdoor.sinit
127.0.0.1  search-1.net
127.0.0.1  search-about.net
127.0.0.1  www.search-about.net
127.0.0.1  search-aid.com
127.0.0.1  www.search-aid.com #[coolwebsearch.iefeatsl]
127.0.0.1  search-click.com
127.0.0.1  www.search-click.com
127.0.0.1  search-company.com
127.0.0.1  www.search-company.com
127.0.0.1  search-direct.net
127.0.0.1  www.search-direct.net
127.0.0.1  www.search-and-find.net

127.0.0.1  audioseek.net
127.0.0.1  www.audioseek.net
127.0.0.1  conspy.com
127.0.0.1  conf.conspy.com
127.0.0.1  www.conspy.com
127.0.0.1  searchmyrequest.com #[startpage-bs]
127.0.0.1  conf.searchmyrequest.com #[cws.therealsearch.2]
127.0.0.1  therealsearch.com #[cws.therealsearch]
127.0.0.1  conf.therealsearch.com
127.0.0.1  www.therealsearch.com #[fastwebfinder.com][trojan.realsrch.a]
127.0.0.1  any-find.com
127.0.0.1  www.any-find.com
127.0.0.1  bizonio.com
127.0.0.1  www.bizonio.com
127.0.0.1  dubolom.com
127.0.0.1  www.dubolom.com
127.0.0.1  find4u.net #[cws.ieengine]
127.0.0.1  pilot.find4u.net
127.0.0.1  www.find4u.net
127.0.0.1  free-spy-cam.net
127.0.0.1  getthis4free.com
127.0.0.1  www.getthis4free.com
127.0.0.1  terra.hbison.com
127.0.0.1  hcworld.com
127.0.0.1  free.hcworld.com
127.0.0.1  terra.hcworld.com
127.0.0.1  klounada.com
127.0.0.1  www.klounada.com
127.0.0.1  mypoiskovik.com
127.0.0.1  www.mypoiskovik.com
127.0.0.1  topotun.com #[adware.topotun]
127.0.0.1  www.topotun.com
127.0.0.1  web-cams-chat.com
127.0.0.1  your-searcher.com #[cws.ieengine]
127.0.0.1  activexupdate.com #[cws.oemsyspnp]
127.0.0.1  www.activexupdate.com
127.0.0.1  adult-friends-finder.net
127.0.0.1  coolsearcher.info #[coolsearcher toolbar]
127.0.0.1  www.coolsearcher.info
127.0.0.1  www.coolwebsearch.org
127.0.0.1  fdadfswr.com #[adware.freecomm]
127.0.0.1  www.fdadfswr.com
127.0.0.1  www.netcross.cz #[netcross.cz toolbar]
127.0.0.1  searchcomplete.com #[adware.yellowpages]
127.0.0.1  www.searchcomplete.com
127.0.0.1  searchforge.com
127.0.0.1  ie.searchforge.com #[cws.oemsyspnp.3]
127.0.0.1  www.searchforge.com
127.0.0.1  coolpage.cc #[cws.realyellowpage]
127.0.0.1  ww11.coolpage.cc
127.0.0.1  here4search.com #[downloader.tooncom][cws.aff.tooncomics]
127.0.0.1  www.here4search.com
127.0.0.1  hugesearch.net #[cws.msoffice.3]
127.0.0.1  www.hugesearch.net
127.0.0.1  icanfindit.net
127.0.0.1  www.icanfindit.net #[cws.winproc32]
127.0.0.1  list2004.com #[cws.realyellowpage]
127.0.0.1  linklist.cc #[cws.realyellowpage][adware.raxums][coolpage.cc]
127.0.0.1  ww9.linklist.cc
127.0.0.1  www.linklist.cc
127.0.0.1  my-find.com
127.0.0.1  www.my-find.com
127.0.0.1  royalsearch.net
127.0.0.1  www.royalsearch.net #[vbs.bootconf][cws.msoffice.2]
127.0.0.1  www.search-and-go.com
127.0.0.1  searchdot.net #[cws.msoffice]
127.0.0.1  www.searchdot.net
127.0.0.1  searchmeup.com #[cws.svcinit.3]
127.0.0.1  www.searchmeup.com
127.0.0.1  searchmeup.net
127.0.0.1  www.searchmeup.net
127.0.0.1  thesten.com #[cws.aff.winshow.3]
127.0.0.1  umaxsearch.com #[troj_esepor.a][cws.xplugin]
127.0.0.1  affiliates.umaxsearch.com
127.0.0.1  www.umaxsearch.com
127.0.0.1  uni-dialer.com
127.0.0.1  www.uni-dialer.com
127.0.0.1  00hq.com #[adware.winshow][parasite.winshow]
127.0.0.1  www.00hq.com
127.0.0.1  008k.com
127.0.0.1  www.008k.com
127.0.0.1  008i.com
127.0.0.1  www.008i.com
127.0.0.1  opsex.com
127.0.0.1  www.opsex.com
127.0.0.1  searchv.com #[troj_startpage.u][cws.mupdate]
127.0.0.1  www.searchv.com #[cws.bootconf][searchv.winshow]
127.0.0.1  searchxp.com #[cws.bootconf]
127.0.0.1  www.searchxp.com
127.0.0.1  v61.com #[win32.winshow.g]
127.0.0.1  www.v61.com
127.0.0.1  windowupdate.ws #[cws.aboutblank]
127.0.0.1  winshow.biz
127.0.0.1  www.winshow.biz
127.0.0.1  freescratchandwin.com #[parasite.freescratchandwin]
127.0.0.1  www.freescratchandwin.com
127.0.0.1  free-scratch-cards.com
127.0.0.1  www.free-scratch-cards.com
127.0.0.1  fsc2k.com
127.0.0.1  www.fsc2k.com
127.0.0.1  newtopsites.com
127.0.0.1  servedby.newtopsites.com
127.0.0.1  www.newtopsites.com
127.0.0.1  2nd-thought.com #[parasite.pugi][trojan.win32.secondthought.c]
127.0.0.1  www.2nd-thought.com #[adw_secthought.a][adware.secondthought]
127.0.0.1  xzoomy.com #[freescratchandwin]
127.0.0.1  www.xzoomy.com
127.0.0.1  commonname.com
127.0.0.1  www.commonname.com
127.0.0.1  commonnames.com
127.0.0.1  www.commonnames.com
127.0.0.1  xpsn.com
127.0.0.1  www.xpsn.com
127.0.0.1  info.browserdirect.net
127.0.0.1  search.findsall.info
127.0.0.1  find.greatsearch.info
127.0.0.1  result.goodsearch.info
127.0.0.1  www.esearchandfind.org
127.0.0.1  hit.lookupanything.biz #[qsrch.net]
127.0.0.1  www.new.chat.new.net
127.0.0.1  eps.new.search.new.net
127.0.0.1  client.newdotnet.net
127.0.0.1  upgrade.newdotnet.net
127.0.0.1  www.newdotnet.com
127.0.0.1  www.new.net #[adware.ndotnet]
127.0.0.1  www.onestepsearch.net
127.0.0.1  www.onestepsearch.biz
127.0.0.1  www.qsrch.net
127.0.0.1  bgw.qsrch.com
127.0.0.1  moniker.qsrch.com
127.0.0.1  newnet.qsrch.com
127.0.0.1  regfly.qsrch.com
127.0.0.1  rg.qsrch.com
127.0.0.1  worldwide.qsrch.com
127.0.0.1  www.qsrch.com
127.0.0.1  data.quicksearches.net
127.0.0.1  www.mysearchnet.org
127.0.0.1  web.yoursearchfinder.com
127.0.0.1  windowpatch.info
127.0.0.1  windowpatch.net
127.0.0.1  delfinproject.com
127.0.0.1  content.delfinproject.com
127.0.0.1  mm.delfinproject.com #[delfin media viewer]
127.0.0.1  www.delfinproject.com #[promulgate][kb811270]
127.0.0.1  pgate-basic.com #[pgate-basic]
127.0.0.1  www.pgate-basic.com
127.0.0.1  centralmedia.ws #[flashlightsearch.com]
127.0.0.1  ads.centralmedia.ws
127.0.0.1  c.centralmedia.ws
127.0.0.1  www.centralmedia.ws
127.0.0.1  memorymeter.com #[adware-tvelocity][totalvelocity.memorymeter]
127.0.0.1  www.memorymeter.com
127.0.0.1  totalvelocity.com #[tv t-media display]
127.0.0.1  www.totalvelocity.com
127.0.0.1  zsearchtoolbar.com
127.0.0.1  www.zsearchtoolbar.com
127.0.0.1  bluehavenmedia.com
127.0.0.1  www.bluehavenmedia.com
127.0.0.1  download.bulletproofsoft.com
127.0.0.1  www.bulletproofsoft.com
127.0.0.1  bigbrother.gigatechsoftware.com
127.0.0.1  download.gigatechsoftware.com
127.0.0.1  www.gigatechsoftware.com
127.0.0.1  www.greasycow.com
127.0.0.1  www.nuker.com #[netsource101]
127.0.0.1  www.no-pops.com
127.0.0.1  nopop.net
127.0.0.1  www.nopop.net
127.0.0.1  www.trekblue.com
127.0.0.1  crossroad.trekdata.com
127.0.0.1  1ad2srvr-cpt-v1.com
127.0.0.1  www.srv2cpt.com
127.0.0.1  www.spywarenuker.com #[adware.spywarenuker]
127.0.0.1  twistedhumor.com #[parasite.cometcursor/toolbar]
127.0.0.1  www.twistedhumor.com
127.0.0.1  www.crazydrinks.com
127.0.0.1  www.em5000.com
127.0.0.1  www.rankyou.com
127.0.0.1  www.wayweird.com
127.0.0.1  www.newtonknows.com #[newton knows.bar]
127.0.0.1  virtumundo.com
127.0.0.1  ads3.virtumundo.com
127.0.0.1  ads4.virtumundo.com
127.0.0.1  dyn.virtumundo.com
127.0.0.1  pchi-vtrk.virtumundo.com
127.0.0.1  updates.desktop.virtumundo.com #[targetsoft.inetadpt]
127.0.0.1  vtrack.virtumundo.com
127.0.0.1  www.virtumundo.com
127.0.0.1  www.webhancer.com
127.0.0.1  a1.webhancer.com
127.0.0.1  d.webhancer.com
127.0.0.1  a1.webhancer.com
127.0.0.1  d2.webhancer.com
127.0.0.1  d3.webhancer.com
127.0.0.1  download.webhancer.com
127.0.0.1  prime.webhancer.com
127.0.0.1  reports.webhancer.com
127.0.0.1  server.webhancer.com
127.0.0.1  update.webhancer.com
127.0.0.1  b1-v2-bell.webhancer.com
127.0.0.1  vr1-v1.webhancer.com
127.0.0.1  vws-1.webhancer.com
127.0.0.1  www.realenduser.com
127.0.0.1  www.aadcom.com
127.0.0.1  addictivetechnologies.net
127.0.0.1  www.addictivetechnologies.net #[favoriteman]
127.0.0.1  www.acustat.com
127.0.0.1  www.mindsetinteractive.com
127.0.0.1  mindseti.com #[parasite.transponder]
127.0.0.1  www.mindseti.com
127.0.0.1  netpalnow.com #[adware.netpal]
127.0.0.1  www.netpalnow.com
127.0.0.1  netpaloffers.net #[parasite.netpal]
127.0.0.1  www.netpaloffers.net
127.0.0.1  look2me.com #[spyware.look2me]
127.0.0.1  www.look2me.com #[trojan.loome][download.look2me]
127.0.0.1  www.look2me2.com
127.0.0.1  www.lovetraffic.com
127.0.0.1  nictechnetworks.com
127.0.0.1  www.nictechnetworks.com
127.0.0.1  similarsingles.com
127.0.0.1  www.similarsingles.com
127.0.0.1  zestyfind.com #[adtomi.yahoostocks][adware.adtomi]
127.0.0.1  www.zestyfind.com #[adware.zestyfind]
127.0.0.1  datastorm.biz
127.0.0.1  ipend.datastorm.biz #[parasite.clientman]
127.0.0.1  www.datastorm.biz
127.0.0.1  kazanon.com #[kazanon]
127.0.0.1  www.kazanon.com
127.0.0.1  omi-update.net
127.0.0.1  www.omi-update.net #[adware.omi]
127.0.0.1  messagebroadcaster.net #[messenger pop-up scam]
127.0.0.1  www.messagebroadcaster.net
127.0.0.1  netpopup.net #[messenger pop-up scam]
127.0.0.1  www.netpopup.net
127.0.0.1  odysseusmarketing.com
127.0.0.1  www.odysseusmarketing.com
127.0.0.1  searchassistant.net
127.0.0.1  alpha.searchassistant.net #[7search.com]
127.0.0.1  beta.searchassistant.net #[goclick.com]
127.0.0.1  cassandra.searchassistant.net
127.0.0.1  epsilon.searchassistant.net #[goclick.com]
127.0.0.1  www.searchassistant.net
127.0.0.1  www.unitedvending.net #[affiliate]
127.0.0.1  www.world-portal.com
127.0.0.1  ads.vx2.cc
127.0.0.1  download.vx2.cc
127.0.0.1  internal.vx2.cc
127.0.0.1  mail.vx2.cc
127.0.0.1  transctl.vx2.cc
127.0.0.1  transctl-dev.vx2.cc
127.0.0.1  ns1.vx2.cc
127.0.0.1  ns2.vx2.cc
127.0.0.1  z1.vx2.cc
127.0.0.1  www.vx2.cc #[parasite.transponder]
127.0.0.1  sputnik.vx2.cc
127.0.0.1  abetterinternet.com #[downloader.stubby.a]
127.0.0.1  belt.abetterinternet.com
127.0.0.1  c.abetterinternet.com #[adware-betterinet application]
127.0.0.1  download.abetterinternet.com #[adware.stoppopupadsnow]
127.0.0.1  download2.abetterinternet.com #[parasite.transponder]
127.0.0.1  s.abetterinternet.com
127.0.0.1  thinstall.abetterinternet.com
127.0.0.1  www.abetterinternet.com
127.0.0.1  cleangetaway.biz #[abetterinternet.d]
127.0.0.1  www.cleangetaway.biz
127.0.0.1  msview.cc #[parasite.transponder]
127.0.0.1  www.msview.cc
127.0.0.1  mypanicbutton.com #[abetterinternet.c]
127.0.0.1  stop-popup-ads-now.com #[parasite.transponder]
127.0.0.1  cr.stop-popup-ads-now.com
127.0.0.1  update.stop-popup-ads-now.com
127.0.0.1  www.stop-popup-ads-now.com #[adware.binet]
127.0.0.1  www.tps108.org #[parasite.transponder]
127.0.0.1  www.clkprecision.com
127.0.0.1  www.pacimedia.com
127.0.0.1  www.exactsearch.net
127.0.0.1  www.contextplus.net
127.0.0.1  www.clkprecision.com
127.0.0.1  www.clkprecision.com

11

Tech Clinic / Please Help Me

« on: March 15, 2006, 11:16:15 PM »

Well, after visiting This Website I was able to enable the Firewall, but Windows Update still fails to install the updates. Also, McAfee still will not uninstall in safe mode or normal mode.

12

Tech Clinic / Please Help Me

« on: March 15, 2006, 08:29:30 PM »

So, after searching around for a little while, I found THIS PAGE on Microsoft that helped my problem. I didn't do exactly what the thread said, but I went to the location he said the downloaded files were and installed the validator manually. This worked perfect, and the next time I went into Windows Updates, it showed that I could install SP2.

Well, it turns out the SP2 files were already downloaded, and failed to install through Windows Update in IE. So, I went into were I found the validator files and manually installed SP2. The problem is, Windows Update still does not let me install updates. It can download them, but it won't install them. Alos, there is still no firewall because when I click to enable it, it gives me another error message.

Here is a new HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 6:18:06 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\cisvc.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href='http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab' target='_blank' rel='nofollow'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab</a>
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - <a href='http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab' target='_blank' rel='nofollow'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab</a>
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

13

Tech Clinic / Please Help Me

« on: March 14, 2006, 07:58:45 PM »

Ok... I did everything asked, and it all went fine, but the validation tool still fails to install.

I don't know if this is important of not, but when I go into the list of pervious updates, in about the middle of the list there are several canceled and failed updates. All it says on the info about them is that they can be uninstalled under Add / Remove Programs.

14

Tech Clinic / Please Help Me

« on: March 14, 2006, 12:23:33 AM »

All of the files deleted fine except for the following files which were not located on the computer:

C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf
C:\WINDOWS\Downloaded Program Files\WildApp.inf
(When searching for these files I made sure it was looking in hidden files as well)
IdmUP.dll
Topicks.reg
TPReg.dll
FileVersions.ini
HtCheck2.dll
Idhost.exe
IdInst.exe
C:\Program Files\altnet
C:\Program Files\topicks

After following the rest of your instructions, the same update failed in Windowns Update as before (the Validation Tool). It tells me to look at my update history to seee why it failed, but it is not even on the list..

I am sorry for not posting a HJT log before (I forgot), but here is one now after completing your most recent instructions:

Logfile of HijackThis v1.99.1
Scan saved at 10:17:03 PM, on 3/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Michael Sanders\Desktop\Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by113fd.bay113.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

15

Tech Clinic / Please Help Me

« on: March 13, 2006, 10:40:17 PM »

Here is the Panda ActiveScan Report:


Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Spyware:Cookie/2o7.net                                                          Not disinfected               C:\Documents and Settings\Michael Sanders\Cookies\michael sanders@2o7[1].txt                                                                                                                                                                                    
Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\Michael Sanders\Cookies\michael sanders@advertising[2].txt                                                                                                                                                                            
Spyware:Cookie/Com.com                                                          Not disinfected               C:\Documents and Settings\Michael Sanders\Cookies\michael sanders@com[1].txt                                                                                                                                                                                    
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Michael Sanders\Cookies\michael sanders@doubleclick[2].txt                                                                                                                                                                            
Spyware:Cookie/WebtrendsLive                                                    Not disinfected               C:\Documents and Settings\Michael Sanders\Cookies\michael [email protected][2].txt                                                                                                                                                                  
Virus:Trj/Downloader.AEE                                                        Not disinfected               C:\Documents and Settings\Michael Sanders\Desktop\Stuff\backups\backup-20060311-191706-604.inf                                                                                                                                                                  
Adware:Adware/DollarRevenue                                                     Not disinfected               C:\gimmysmileys1.exe                                                                                                                                                                                                                                            
Adware:Adware/DollarRevenue                                                     Not disinfected               C:\keyboard1.exe                                                                                                                                                                                                                                                
Spyware:Spyware/SurfSideKick                                                    Not disinfected               C:\Program Files\Common Files\VCClient\VCClient.exe                                                                                                                                                                                                            
Spyware:Spyware/SurfSideKick                                                    Not disinfected               C:\Program Files\Common Files\VCClient\VCMain.exe                                                                                                                                                                                                              
Spyware:Spyware/SurfSideKick                                                    Not disinfected               C:\Program Files\Common Files\VCClient\VCUpdate.exe                                                                                                                                                                                                            
Adware:Adware/Maxifiles                                                         Not disinfected               C:\Program Files\InetGet2\gimmysmileysB.exe                                                                                                                                                                                                                    
Adware:Adware/Prositefinder                                                     Not disinfected               C:\RECYCLER\S-1-5-21-3400589454-969008293-3482092931-1008\Dc5\25781568.exe                                                                                                                                                                                      
Spyware:Spyware/ClearSearch                                                     Not disinfected               C:\RECYCLER\S-1-5-21-3400589454-969008293-3482092931-1008\Dc5\9rpa9wsd.DLL                                                                                                                                                                                      
Spyware:Spyware/ClearSearch                                                     Not disinfected               C:\RECYCLER\S-1-5-21-3400589454-969008293-3482092931-1008\Dc5\oe8vkg67.DLL                                                                                                                                                                                      
Adware:adware/secure32                                                          Not disinfected               C:\secure32.html                                                                                                                                                                                                                                                
Spyware:spyware/surfsidekick                                                    Not disinfected               C:\SS1001.exe                                                                                                                                                                                                                                                  
Spyware:Spyware/Altnet                                                          Not disinfected               C:\WildMedia.exe[IdmUP.dll]                                                                                                                                                                                                                                    
Adware:Adware Program                                                           Not disinfected               C:\WildMedia.exe[Topicks.reg]                                                                                                                                                                                                                                  
Spyware:Spyware/Altnet                                                          Not disinfected               C:\WildMedia.exe[TPReg.dll]                                                                                                                                                                                                                                    
Adware:Adware Program                                                           Not disinfected               C:\WildMedia.exe[FileVersions.ini]                                                                                                                                                                                                                              
Spyware:Spyware/Altnet                                                          Not disinfected               C:\WildMedia.exe[HtCheck2.dll]                                                                                                                                                                                                                                  
Spyware:Spyware/Altnet                                                          Not disinfected               C:\WildMedia.exe[Idhost.exe]                                                                                                                                                                                                                                    
Virus:Trj/Downloader.gen                                                        Not disinfected               C:\WildMedia.exe[IdInst.exe]                                                                                                                                                                                                                                    
Adware:adware/clickalchemy                                                      Not disinfected               C:\WINDOWS\alchem.ini                                                                                                                                                                                                                                          
Potentially unwanted tool:Application/FunWeb                                    Not disinfected               C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.6.inf                                                                                                                                                                                                  
Adware:Adware Program                                                           Not disinfected               C:\WINDOWS\Downloaded Program Files\WildApp.inf                                                                                                                                                                                                                
Adware:adware/gator                                                             Not disinfected               C:\WINDOWS\GatorPatch.log                                                                                                                                                                                                                                      
Adware:adware/dollarrevenue                                                     Not disinfected               C:\WINDOWS\gimmygames.dat                                                                                                                                                                                                                                      
Adware:Adware/IPInsight                                                         Not disinfected               C:\WINDOWS\INF\alchem.inf                                                                                                                                                                                                                                      
Spyware:Spyware/BetterInet                                                      Not disinfected               C:\WINDOWS\INF\satmat.inf                                                                                                                                                                                                                                      
Adware:adware/ieplugin                                                          Not disinfected               C:\WINDOWS\kwv2.dat                                                                                                                                                                                                                                            
Adware:adware/ncase                                                             Not disinfected               C:\WINDOWS\msbb_gdf.dat                                                                                                                                                                                                                                        
Adware:Adware/IPInsight                                                         Not disinfected               C:\WINDOWS\satmat.ini                                                                                                                                                                                                                                          
Adware:adware/sidesearch                                                        Not disinfected               C:\WINDOWS\sepsd.bin                                                                                                                                                                                                                                            
Adware:adware/commad                                                            Not disinfected               C:\WINDOWS\SYSTEM32\atmtd.dll                                                                                                                                                                                                                                  
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\CqbFH.exe                                                                                                                                                                                                                                  
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\FgoeGdW1.exe                                                                                                                                                                                                                                
Adware:adware/adlogix                                                           Not disinfected               C:\WINDOWS\SYSTEM32\guarnset.exe                                                                                                                                                                                                                                
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\Hux1Ua1Z.exe                                                                                                                                                                                                                                
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\Ifojyc.exe                                                                                                                                                                                                                                  
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\KnlaLVh.exe                                                                                                                                                                                                                                
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\Mxe42m.exe                                                                                                                                                                                                                                  
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\Oal92Xd2.exe                                                                                                                                                                                                                                
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\PwnQ9t0X.exe                                                                                                                                                                                                                                
Adware:Adware/MemoryWatcher                                                     Not disinfected               C:\WINDOWS\SYSTEM32\Pywf2.exe                                                                                                                                                                                                                                  
Adware:Adware/Sqwire                                                            Not disinfected               C:\WINDOWS\SYSTEM32\tsuninst.exe                                                                                                                                                                                                                                
Adware:Adware/SAHAgent                                                          Not disinfected               C:\WINDOWS\SYSTEM32\xmltok.dll                                                                                                                                                                                                                                  
Adware:Adware/SearchAid                                                         Not disinfected               C:\WINDOWS\uninstall_nmon.vbs                                                                                                                                                                                                                                  
Adware:adware/cws.searchmeup                                                    Not disinfected               C:\WINDOWS\uniq                                                                                                                                                                                                                                                



Here are the results for the RegSrch.vbs program:

1)

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "AA383E6D-B09A-4850-B6B1-6FD2D6C70BE7" 3/13/2006 8:30:16 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{AA383E6D-B09A-4850-B6B1-6FD2D6C70BE7}"=""


2)

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "AD2463D3-1C57-4634-9C90-79D15A801A47" 3/13/2006 8:31:38 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{AD2463D3-1C57-4634-9C90-79D15A801A47}"=""


3)

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "6BA67FF3-B01D-44C3-8AEC-42DB57FE1C3E" 3/13/2006 8:32:39 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{6BA67FF3-B01D-44C3-8AEC-42DB57FE1C3E}"=""


4)

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "35B1EBC1-119D-4F95-A628-68F5B3D4B549" 3/13/2006 8:33:50 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{35B1EBC1-119D-4F95-A628-68F5B3D4B549}"=""

16

Tech Clinic / Please Help Me

« on: March 12, 2006, 11:38:59 PM »

Here it is:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX!                 2/12/2006 8:24:00 PM        45568      C:\WINDOWS\SYSTEM32\0go4efoy.dll
PEC2                 8/29/2002 3:00:00 AM        41397      C:\WINDOWS\SYSTEM32\DFRG.MSC
PECompact2           2/7/2006 9:28:40 PM         4513120    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               2/7/2006 9:28:40 PM         4513120    C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor             8/29/2002 3:00:00 AM        631808     C:\WINDOWS\SYSTEM32\RASDLG.DLL
UPX!                 2/26/2006 7:35:14 PM        224768     C:\WINDOWS\SYSTEM32\realarcade_seedcorn_stub.exe
winsync              8/29/2002 3:00:00 AM        1309184    C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS
127.0.0.1  abetterinternet.com #[downloader.stubby.a]
127.0.0.1  belt.abetterinternet.com
127.0.0.1  c.abetterinternet.com #[adware-betterinet application]
127.0.0.1  download.abetterinternet.com #[adware.stoppopupadsnow]
127.0.0.1  download2.abetterinternet.com #[parasite.transponder]
127.0.0.1  s.abetterinternet.com
127.0.0.1  thinstall.abetterinternet.com
127.0.0.1  www.abetterinternet.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     3/5/2006 6:44:00 PM      H  54156      C:\WINDOWS\QTFont.qfn
                     2/16/2006 6:25:40 PM     HS 846        C:\WINDOWS\SYSTEM32\Geke3L.3b3
                     2/11/2006 9:14:06 PM     HS 846        C:\WINDOWS\SYSTEM32\NuzK63G.i8q
                     3/11/2006 4:57:58 PM     HS 846        C:\WINDOWS\SYSTEM32\Ryeo85km.bua
                     1/13/2006 12:28:32 PM     S 10925      C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat
                     2/27/2006 9:14:10 PM     HS 388        C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\b1188722-ba2a-44c8-9ed3-6966d4d85833
                     3/12/2006 9:20:54 PM     H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          8/29/2002 3:00:00 AM        66048      C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        578560     C:\WINDOWS\SYSTEM32\APPWIZ.CPL
Broadcom Corporation           5/8/2003 5:25:18 PM         815104     C:\WINDOWS\SYSTEM32\B57exp.cpl
Broadcom Corporation           6/3/2003 8:38:44 AM         94208      C:\WINDOWS\SYSTEM32\BCMSM.CPL
                               5/10/2001 10:00:00 PM       183808     C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        129024     C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        150016     C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Intel Corporation              4/6/2003 10:14:30 PM        94208      C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation          8/29/2002 3:00:00 AM        292352     C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        121856     C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        65536      C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems               9/25/2003 6:00:12 PM        53352      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/29/2002 3:00:00 AM        187904     C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        559616     C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        35840      C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        256000     C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        36864      C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        109056     C:\WINDOWS\SYSTEM32\POWERCFG.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        268288     C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        28160      C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation          8/29/2002 3:00:00 AM        90112      C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation          5/26/2005 4:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/29/2002 3:00:00 AM        578560     C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl
Microsoft Corporation          8/29/2002 3:00:00 AM        292352     C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation          8/29/2002 1:41:00 AM        208896     C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl
Intel Corporation              4/6/2003 10:14:30 PM        94208      C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     12/25/2003 12:02:32 PM      551        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     9/3/2002 6:50:46 AM         62         C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
                     10/21/2003 7:55:36 PM       12         C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
                     12/8/2004 8:42:40 PM        366        C:\Documents and Settings\All Users\Application Data\hpzinstall.log
                     1/15/2006 12:35:14 PM       1755       C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
                     9/3/2002 6:50:46 AM         62         C:\Documents and Settings\Michael Sanders\Application Data\DESKTOP.INI
                     12/6/2003 8:26:48 AM        12358      C:\Documents and Settings\Michael Sanders\Application Data\PFP110JCM.{PB
                     12/6/2003 8:26:48 AM        61678      C:\Documents and Settings\Michael Sanders\Application Data\PFP110JPR.{PB

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
       =
   E-nrgyPlus    = |
   dial    = |

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
   {AA383E6D-B09A-4850-B6B1-6FD2D6C70BE7}    =
   {AD2463D3-1C57-4634-9C90-79D15A801A47}    =
   {6BA67FF3-B01D-44C3-8AEC-42DB57FE1C3E}    =
   {35B1EBC1-119D-4F95-A628-68F5B3D4B549}    =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
   {85BBD920-42A0-1069-A2E4-08002B30309D}    = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
   {85BBD920-42A0-1069-A2E4-08002B30309D}    = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
   {C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}    = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
   Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
   ButtonText    = Real.com   :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   IgfxTray   C:\WINDOWS\System32\igfxtray.exe
   HotKeysCmds   C:\WINDOWS\System32\hkcmd.exe
   BCMSMMSG   BCMSMMSG.exe
   MMTray   C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
   MCAgentExe   C:\Program Files\McAfee.com\Agent\mcagent.exe
   MCUpdateExe   C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
   AdaptecDirectCD   "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
   VirusScan Online   c:\program files\mcafee.com\vso\mcvsshld.exe /disabled
   REGSHAVE   C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   MSConfig   C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   MSMSGS   "C:\Program Files\Messenger\msmsgs.exe" /background
   AIM   C:\Program Files\AIM\aim.exe -cnetwait.odl
   DellSupport   "C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   2
   services   0
   startup   0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
   disrdi   C:\WINDOWS\System32\disrdi.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\SYSTEM32\Userinit.exe,
   Shell      = explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   


<<<<<<<<<< Checking for AddOn Monitors.def information >>>>>>>>>>
Parameter line : regkey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors found!

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
   Driver   cnbjmon.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\hpzsnt07
   Driver   hpzsnt07.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
   Driver   localspl.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Shared Fax Monitor
   Driver   FXSMON.DLL


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor
   Driver   pjlmon.dll
   EOJTimeout   60000


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port
   Driver   tcpmon.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports
   StatusUpdateInterval   10
   StatusUpdateEnabled   1

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor
   Driver   usbmon.dll



<<<<<<<<<< Checking for AddOn OpenCommand.def information >>>>>>>>>>
>>>>>>>>>> Exporting Shell Open\Command entries
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command found!
      regedit.exe "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command found!
      "%1" /S

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command found!

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command found!
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command found!
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command found!
      "C:\Program Files\Windows Media Player\wmplayer.exe"  /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command found!
      "C:\Program Files\Windows Media Player\wmplayer.exe"  /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command found!


<<<<<<<<<< Checking for AddOn Policies.def information >>>>>>>>>>

<<<<<<<<<< Checking for AddOn Qoologic.def information >>>>>>>>>>
>>>>>>>>>> Search by size and name
>>>>>>>>>> Files found by this method are not necessarily bad
>>>>>>>>>> Example PNGFILT.DLL is a windows file
Parameter line : file=%sysdir%;*.exe;150;61952;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7680;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;91648;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;81920;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7168;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;65536;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;redit.cpl;;;;;
  File C:\WINDOWS\SYSTEM32\redit.cpl was not found!
Parameter line : file=%sysdir%;conres.cpl;;;;;
  File C:\WINDOWS\SYSTEM32\conres.cpl was not found!
Parameter line : file=%sysdir%;datadx.dll;;;;;
  File C:\WINDOWS\SYSTEM32\datadx.dll was not found!
Parameter line : file=%sysdir%;*.dll;150;10240;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10240 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;46080;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 46080 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;34816;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 34816 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;16384;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 16384 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;29184;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 29184 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;26624;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 26624 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;9728;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 9728 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;10843;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;18432;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 18432 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;23040;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 23040 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;17920;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 17920 bytes was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
  File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>> Misc Checks
Parameter line : file=%sysdir%;*.dat;150;81920;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;61952;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;65536;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7680;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;91648;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7168;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%windir%;*.dll;150;10843;;;
  File C:\WINDOWS\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3950;;;
  File C:\WINDOWS\*.dll for today - 150 days with a size of 3950 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3943;;;
  File C:\WINDOWS\*.dll for today - 150 days with a size of 3943 bytes was not found!

<<<<<<<<<< Checking for AddOn RDriv.def information >>>>>>>>>>
Registry Entries
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\OLE;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\OLE found!
   EnableDCOM   Y

  HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\NONREDIST
   System.EnterpriseServices.Thunk.dll   


Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate;;
  HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters;;
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters found!
   autodisconnect   15
   enableforcedlogoff   1
   enablesecuritysignature   0
   requiresecuritysignature   0
   Lmannounce   0
   Size   1
   Guid   ”߇cBüNH†Æ·Vœl1
   srvcomment   Sanders school work
   CachedOpenLimit   0
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters;;
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters found!
   enableplaintextpassword   0
   enablesecuritysignature   1
   requiresecuritysignature   0

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions found!

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
   {00022613-0000-0000-C000-000000000046}   Multimedia File Property Sheet
   {176d6597-26d3-11d1-b350-080036a75b03}   ICM Scanner Management
   {1F2E5C40-9550-11CE-99D2-00AA006E086C}   NTFS Security Page
   {3EA48300-8CF6-101B-84FB-666CCB9BCD32}   OLE Docfile Property Page
   {40dd6e20-7c17-11ce-a804-00aa003ca9f6}   Shell extensions for sharing
   {41E300E0-78B6-11ce-849B-444553540000}   PlusPack CPL Extension
   {42071712-76d4-11d1-8b24-00a0c9068ff3}   Display Adapter CPL Extension
   {42071713-76d4-11d1-8b24-00a0c9068ff3}   Display Monitor CPL Extension
   {42071714-76d4-11d1-8b24-00a0c9068ff3}   Display Panning CPL Extension
   {4E40F770-369C-11d0-8922-00A024AB2DBB}   DS Security Page
   {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}   Compatibility Page
   {56117100-C0CD-101B-81E2-00AA004AE837}   Shell Scrap DataHandler
   {59099400-57FF-11CE-BD94-0020AF85B590}   Disk Copy Extension
   {59be4990-f85c-11ce-aff7-00aa003ca9f6}   Shell extensions for Microsoft Windows Network objects
   {5DB2625A-54DF-11D0-B6C4-0800091AA605}   ICM Monitor Management
   {675F097E-4C4D-11D0-B6C1-0800091AA605}   ICM Printer Management
   {764BF0E1-F219-11ce-972D-00AA00A14F56}   Shell extensions for file compression
   {77597368-7b15-11d0-a0c2-080036af3f03}   Web Printer Shell Extension
   {7988B573-EC89-11cf-9C00-00AA00A14F56}   Disk Quota UI
   {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}   Encryption Context Menu
   {85BBD920-42A0-1069-A2E4-08002B30309D}   Briefcase
   {88895560-9AA2-1069-930E-00AA0030EBC8}   HyperTerminal Icon Ext
   {BD84B380-8CA2-1069-AB1D-08000948F534}   Fonts
   {DBCE2480-C732-101B-BE72-BA78E9AD5B27}   ICC Profile
   {F37C5810-4D3F-11d0-B4BF-00AA00BBB723}   Printers Security Page
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   Shell extensions for sharing
   {f92e8c40-3d33-11d2-b1aa-080036a75b03}   Display TroubleShoot CPL Extension
   {7007ACC7-3202-11D1-AAD2-00805FC1270E}   Network Connections
   {992CFFA0-F557-101A-88EC-00DD010CCC48}   Network Connections
   {E211B736-43FD-11D1-9EFB-0000F8757FCD}   Scanners & Cameras
   {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}   Scanners & Cameras
   {905667aa-acd6-11d2-8080-00805f6596d2}   Scanners & Cameras
   {3F953603-1008-4f6e-A73A-04AAC7A992F1}   Scanners & Cameras
   {83bbcbf3-b28a-4919-a5aa-73027445d672}   Scanners & Cameras
   {F0152790-D56E-4445-850E-4F3117DB740C}   Remote Sessions CPL Extension
   {60254CA5-953B-11CF-8C96-00AA00B8708C}   Shell extensions for Windows Script Host
   {2206CDB2-19C1-11D1-89E0-00C04FD7A829}   Microsoft Data Link
   {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}   Tasks Folder Icon Handler
   {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}   Tasks Folder Shell Extension
   {D6277990-4C6A-11CF-8D87-00AA0060F5BF}   Scheduled Tasks
   {0DF44EAA-FF21-4412-828E-260A8728E7F1}   Taskbar and Start Menu
   {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}   Search
   {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}   Help and Support
   {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}   Help and Support
   {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}   Run...
   {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}   Internet
   {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}   E-mail
   {D20EA4E1-3957-11d2-A40B-0C5020524152}   Fonts
   {D20EA4E1-3957-11d2-A40B-0C5020524153}   Administrative Tools
   {875CB1A1-0F29-45de-A1AE-CFB4950D0B78}   Audio Media Properties Handler
   {40C3D757-D6E4-4b49-BB41-0E5BBEA28817}   Video Media Properties Handler
   {E4B29F9D-D390-480b-92FD-7DDB47101D71}   Wav Properties Handler
   {87D62D94-71B3-4b9a-9489-5FE6850DC73E}   Avi Properties Handler
   {A6FD9E45-6E44-43f9-8644-08598F5A74D9}   Midi Properties Handler
   {c5a40261-cd64-4ccf-84cb-c394da41d590}   Video Thumbnail Extractor
   {5E6AB780-7743-11CF-A12B-00AA004AE837}   Microsoft Internet Toolbar
   {22BF0C20-6DA7-11D0-B373-00A0C9034938}   Download Status
   {91EA3F8B-C99B-11d0-9815-00C04FD91972}   Augmented Shell Folder
   {6413BA2C-B461-11d1-A18A-080036B11A03}   Augmented Shell Folder 2
   {F61FFEC1-754F-11d0-80CA-00AA005B4383}   BandProxy
   {7BA4C742-9E81-11CF-99D3-00AA004AE837}   Microsoft BrowserBand
   {30D02401-6A81-11d0-8274-00C04FD5AE38}   Search Band
   {32683183-48a0-441b-a342-7c2a440a9478}   Media Band
   {169A0691-8DF9-11d1-A1C4-00C04FD75D13}   In-pane search
   {07798131-AF23-11d1-9111-00A0C98BA67D}   Web Search
   {AF4F6510-F982-11d0-8595-00AA004CD6D8}   Registry Tree Options Utility
   {01E04581-4EEE-11d0-BFE9-00AA005B4383}   &Address
   {A08C11D2-A228-11d0-825B-00AA005B4383}   Address EditBox
   {00BB2763-6A77-11D0-A535-00C04FD7D062}   Microsoft AutoComplete
   {7376D660-C583-11d0-A3A5-00C04FD706EC}   TridentImageExtractor
   {6756A641-DE71-11d0-831B-00AA005B4383}   MRU AutoComplete List
   {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}   Custom MRU AutoCompleted List
   {7e653215-fa25-46bd-a339-34a2790f3cb7}   Accessible
   {acf35015-526e-4230-9596-becbe19f0ac9}   Track Popup Bar
   {E0E11A09-5CB8-4B6C-8332-E00720A168F2}   Address Bar Parser
   {00BB2764-6A77-11D0-A535-00C04FD7D062}   Microsoft History AutoComplete List
   {03C036F1-A186-11D0-824A-00AA005B4383}   Microsoft Shell Folder AutoComplete List
   {00BB2765-6A77-11D0-A535-00C04FD7D062}   Microsoft Multiple AutoComplete List Container
   {ECD4FC4E-521C-11D0-B792-00A0C90312E1}   Shell Band Site Menu
   {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}   Shell DeskBarApp
   {ECD4FC4C-521C-11D0-B792-00A0C90312E1}   Shell DeskBar
   {ECD4FC4D-521C-11D0-B792-00A0C90312E1}   Shell Rebar BandSite
   {DD313E04-FEFF-11d1-8ECD-0000F87A470C}   User Assist
   {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   Global Folder Settings
   {EFA24E61-B078-11d0-89E4-00C04FC9E26E}   Favorites Band
   {0A89A860-D7B1-11CE-8350-444553540000}   Shell Automation Inproc Service
   {E7E4BC40-E76A-11CE-A9BB-00AA004AE837}   Shell DocObject Viewer
   {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}   Microsoft Browser Architecture
   {FBF23B40-E3F0-101B-8488-00AA003E56F8}   InternetShortcut
   {3C374A40-BAE4-11CF-BF7D-00AA006946EE}   Microsoft Url History Service
   {FF393560-C2A7-11CF-BFF4-444553540000}   History
   {7BD29E00-76C1-11CF-9DD0-00A0C9034933}   Temporary Internet Files
   {7BD29E01-76C1-11CF-9DD0-00A0C9034933}   Temporary Internet Files
   {CFBFAE00-17A6-11D0-99CB-00C04FD64497}   Microsoft Url Search Hook
   {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}   IE4 Suite Splash Screen
   {67EA19A0-CCEF-11d0-8024-00C04FD75D13}   CDF Extension Copy Hook
   {131A6951-7F78-11D0-A979-00C04FD705A2}   ISFBand OC
   {9461b922-3c5a-11d2-bf8b-00c04fb93661}   Search Assistant OC
   {3DC7A020-0ACD-11CF-A9BB-00AA004AE837}   The Internet
   {871C5380-42A0-1069-A2EA-08002B30309D}   Internet Name Space
   {EFA24E64-B078-11d0-89E4-00C04FC9E26E}   Explorer Band
   {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}   Sendmail service
   {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}   Sendmail service
   {88C6C381-2E85-11D0-94DE-444553540000}   ActiveX Cache Folder
   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}   WebCheck
   {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}   Subscription Mgr
   {F5175861-2688-11d0-9C5E-00AA00A45957}   Subscription Folder
   {08165EA0-E946-11CF-9C87-00AA005127ED}   WebCheckWebCrawler
   {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}   WebCheckChannelAgent
   {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}   TrayAgent
   {7D559C10-9FE9-11d0-93F7-00AA0059CE02}   Code Download Agent
   {E6CC6978-6B6E-11D0-BECA-00C04FD940BE}   ConnectionAgent
   {D8BD2030-6FC9-11D0-864F-00AA006809D9}   PostAgent
   {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}   WebCheck SyncMgr Handler
   {352EC2B7-8B9A-11D1-B8AE-006008059382}   Shell Application Manager
   {0B124F8F-91F0-11D1-B8B5-006008059382}   Installed Apps Enumerator
   {CFCCC7A0-A282-11D1-9082-006008059382}   Darwin App Publisher
   {e84fda7c-1d6a-45f6-b725-cb260c236066}   Shell Image Verbs
   {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}   Shell Image Data Factory
   {3F30C968-480A-4C6C-862D-EFC0897BB84B}   GDI+ file thumbnail extractor
   {9DBD2C50-62AD-11d0-B806-00C04FD706EC}   Summary Info Thumbnail handler (DOCFILES)
   {EAB841A0-9550-11cf-8C16-00805F1408F3}   HTML Thumbnail Extractor
   {eb9b1153-3b57-4e68-959a-a3266bc3d7fe}   Shell Image Property Handler
   {CC6EEFFB-43F6-46c5-9619-51D571967F7D}   Web Publishing Wizard
   {add36aa8-751a-4579-a266-d66f5202ccbb}   Print Ordering via the Web
   {6b33163c-76a5-4b6c-bf21-45de9cd503a1}   Shell Publishing Wizard Object
   {58f1f272-9240-4f51-b6d4-fd63d1618591}   Get a Passport Wizard
   {7A9D77BD-5403-11d2-8785-2E0420524153}   User Accounts
   {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}   Compressed (zipped) Folder
   {BD472F60-27FA-11cf-B8B4-444553540000}   Compressed (zipped) Folder Right Drag Handler
   {888DCA60-FC0A-11CF-8F0F-00C04FD7D062}   Compressed (zipped) Folder SendTo Target
   {f39a0dc0-9cc8-11d0-a599-00c04fd64433}   Channel File
   {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}   Channel Shortcut
   {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}   Channel Handler Object
   {f3da0dc0-9cc8-11d0-a599-00c04fd64437}   Channel Menu
   {f3ea0dc0-9cc8-11d0-a599-00c04fd64438}   Channel Properties
   {63da6ec0-2e98-11cf-8d82-444553540000}   FTP Folders Webview
   {883373C3-BF89-11D1-BE35-080036B11A03}   Microsoft DocProp Shell Ext
   {A9CF0EAE-901A-4739-A481-E35B73E47F6D}   Microsoft DocProp Inplace Edit Box Control
   {8EE97210-FD1F-4B19-91DA-67914005F020}   Microsoft DocProp Inplace ML Edit Box Control
   {0EEA25CC-4362-4A12-850B-86EE61B0D3EB}   Microsoft DocProp Inplace Droplist Combo Control
   {6A205B57-2567-4A2C-B881-F787FAB579A3}   Microsoft DocProp Inplace Calendar Control
   {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}   Microsoft DocProp Inplace Time Control
   {8A23E65E-31C2-11d0-891C-00A024AB2DBB}   Directory Query UI
   {9E51E0D0-6E0F-11d2-9601-00C04FA31A86}   Shell properties for a DS object
   {163FDC20-2ABC-11d0-88F0-00A024AB2DBB}   Directory Object Find
   {F020E586-5264-11d1-A532-0000F8757D7E}   Directory Start/Search Find
   {0D45D530-764B-11d0-A1CA-00AA00C16E65}   Directory Property UI
   {62AE1F9A-126A-11D0-A14B-0800361B1103}   Directory Context Menu Verbs
   {ECF03A33-103D-11d2-854D-006008059367}   MyDocs Copy Hook
   {ECF03A32-103D-11d2-854D-006008059367}   MyDocs Drop Target
   {4a7ded0a-ad25-11d0-98a8-0800361b1103}   MyDocs Properties
   {750fdf0e-2a26-11d1-a3ea-080036587f03}   Offline Files Menu
   {10CFC467-4392-11d2-8DB4-00C04FA31A66}   Offline Files Folder Options
   {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}   Offline Files Folder
   {143A62C8-C33B-11D1-84FE-00C04FA34A14}   Microsoft Agent Character Property Sheet Handler
   {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}   DfsShell
   {60fd46de-f830-4894-a628-6fa81bc0190d}   %DESC_PublishDropTarget%
   {7A80E4A8-8005-11D2-BCF8-00C04F72C717}   MMC Icon Handler
   {0CD7A5C0-9F37-11CE-AE65-08002B2E1262}   .CAB file viewer
   {32714800-2E5F-11d0-8B85-00AA0044F941}   For &People...
   {8DD448E6-C188-4aed-AF92-44956194EB1F}   Windows Media Player Play as Playlist Context Menu Handler
   {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}   Windows Media Player Burn Audio CD Context Menu Handler
   {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}   Windows Media Player Add to Playlist Context Menu Handler
   {1D2680C9-0E2A-469d-B787-065558BC7D43}   Fusion Cache
   {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}   Shell Extensions for RealOne Player
   {5E44E225-A408-11CF-B581-008029601108}   Adaptec DirectCD Shell Extension
   {5F327514-6C5E-4d60-8F16-D07FA08A78ED}   Auto Update Property Sheet Extension
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}   LDVP Shell Extensions
   {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}   iTunes
   {AA383E6D-B09A-4850-B6B1-6FD2D6C70BE7}   
   {AD2463D3-1C57-4634-9C90-79D15A801A47}   
   {6BA67FF3-B01D-44C3-8AEC-42DB57FE1C3E}   
   {35B1EBC1-119D-4F95-A628-68F5B3D4B549}   
   {7444C717-39BF-11D1-8CD9-00C04FC29D45}   Crypto PKO Extension
   {7444C719-39BF-11D1-8CD9-00C04FC29D45}   Crypto Sign Extension


Files
Parameter line : File=%sysdir%;rdriv.sys;;;;;
  File C:\WINDOWS\SYSTEM32\rdriv.sys was not found!
Parameter line : File=%sysdir%;ItunesMusic.exe;;;;;
  File C:\WINDOWS\SYSTEM32\ItunesMusic.exe was not found!
Parameter line : File=%sysdir%;wkssvc.exe;;;;;
  File C:\WINDOWS\SYSTEM32\wkssvc.exe was not found!
Parameter line : File=%windir%;ItunesMusic.exe;;;;;
  File C:\WINDOWS\ItunesMusic.exe was not found!
Parameter line : File=%windir%;wkssvc.exe;;;;;
  File C:\WINDOWS\wkssvc.exe was not found!

<<<<<<<<<< Checking for AddOn SharedTaskScheduler.def information >>>>>>>>>>
>>>>>>>>>> Exporting Policies from HKLM
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler found!
   {438755C2-A8BA-11D1-B96B-00A0C90312E1}   Browseui preloader
   {8C7461EF-2B13-11d2-BE35-3078302C2030}   Component Categories cache daemon


<<<<<<<<<< Checking for AddOn WareOut.def information >>>>>>>>>>
>>>>>>>>>> PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Parameter line : file=%sysdir%;*.exe;300;55304;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
  File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;4096;;;
                       2/16/2006 2:05:28 PM        4096       C:\WINDOWS\SYSTEM32\inst_0006.exe found!
                       2/26/2006 7:35:40 PM        4096       C:\WINDOWS\SYSTEM32\s_install_ID8.exe found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
  File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;28680;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 28680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;11264;;;
                       8/29/2002 3:00:00 AM        11264      C:\WINDOWS\SYSTEM32\ATTRIB.EXE found!
                       8/29/2002 3:00:00 AM        11264      C:\WINDOWS\SYSTEM32\CHKNTFS.EXE found!
                       8/29/2002 3:00:00 AM        11264      C:\WINDOWS\SYSTEM32\fxssend.exe found!
                       8/29/2002 3:00:00 AM        11264      C:\WINDOWS\SYSTEM32\RASDIAL.EXE found!
Parameter line : file=%sysdir%;*.ren;300;43528;;;
  File C:\WINDOWS\SYSTEM32\*.ren for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;ntfsnlpa.exe;;;;;
  File C:\WINDOWS\SYSTEM32\ntfsnlpa.exe was not found!
Parameter line : file=%sysdir%;cisvvc.exe;;;;;
  File C:\WINDOWS\SYSTEM32\cisvvc.exe was not found!
Parameter line : file=%sysdir%;drv2cltr.dll;;;;;
  File C:\WINDOWS\SYSTEM32\drv2cltr.dll was not found!
Parameter line : file=%sysdir%;hybsys32.dll;;;;;
  File C:\WINDOWS\SYSTEM32\hybsys32.dll was not found!
Parameter line : file=%sysdir%;loadctr.exe;;;;;
  File C:\WINDOWS\SYSTEM32\loadctr.exe was not found!
Parameter line : file=%sysdir%;rdsndin.exe;;;;;
  File C:\WINDOWS\SYSTEM32\rdsndin.exe was not found!
Parameter line : file=%sysdir%;pxpcya64.exe;;;;;
  File C:\WINDOWS\SYSTEM32\pxpcya64.exe was not found!
Parameter line : file=%windir%;*.exe;300;55304;;;
  File C:\WINDOWS\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%windir%;*.exe;300;43528;;;
  File C:\WINDOWS\*.exe for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%windir%;*.exe;300;4096;;;
  File C:\WINDOWS\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%windir%;rdt.ini;;;;;
  File C:\WINDOWS\rdt.ini was not found!
Parameter line : file=%windir%;baloon.wav;;;;;
  File C:\WINDOWS\baloon.wav was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
  File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>>Registry keys to look for
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;system;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon found!
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\system found!
   System   
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\WareOut;;
  HKEY_LOCAL_MACHINE\SOFTWARE\WareOut not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\WareOut;;
  HKEY_CURRENT_USER\Software\WareOut not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer;NoBandCustomize;;
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer found!
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize not found!
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion;Disabled;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion found!
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\\Disabled not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar;;
  HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\SearchToolbar;;
  HKEY_CURRENT_USER\Software\SearchToolbar not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser;{08BEC6AA-49FC-4379-3587-4B21E286C19E};;
  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser found!
  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} not found!

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/12/2006 9:33:01 PM

17

Tech Clinic / Please Help Me

« on: March 12, 2006, 10:26:18 PM »

Yay! More difficulties...

I reset all the System Restore Points and installed SpywareBlaster, but the probelm started with Windows Update. The following item failed to be installed: Windows Genuine Advantage Validation Tool (KB892130). It could be downloaded, but it could not be installed.

18

Tech Clinic / Please Help Me

« on: March 12, 2006, 09:18:41 PM »

I only deleted the .ini files specified by the Microsoft instructions.

The .ini files that were viewable were able to be hidden.

I followed the document you posted above to enable Microsoft's firewall and I got an error that stated: "The specified service does not exist as an installed service."

I haven't done anything below that step.

19

Tech Clinic / Please Help Me

« on: March 12, 2006, 04:59:07 PM »

Ya, that is the tool I used. I could not find a version number anywhere on any of the McAfee products.

Also, incase you didn't see the edit I made in the above post:

Another thing I wanted to mention was the fact that .ini files are showing even though I have the computer hiding protected system files. I don't know why this is occuring.

20

Tech Clinic / Please Help Me

« on: March 12, 2006, 04:40:41 PM »

This computer is running Norton AntiVirus Corporate Edition 7.61.937. The definitions are updated and it is a paid subsription. McAfee Security Center and McAfee VirusScan Online are both items that came with the computer (through Dell).

I tried to uninstall McAfee VirusScan Online through the Add/ Remove Programs and after I confirmed the uninstall, a scprit error came up. After I closed the script error, the uninstaller just stayed at "Uninstalling Components..." I left it like this over night and it made no progress.

After that failed I went to http://ts.mcafeehelp.com/?siteID=1&resolution=800x600 where it gave me an uninstaller that I ran, but still didn't work.

My friend (who owns the computer) said she would be willing to get rid of McAfee, but Norton she wanted to keep because it is paid for.

Also, I deleted the folders you asked me to (except for the last one which wasn't there) and I deleted the textfile that kept opening.

EDIT: Also, another thing I wanted to mention was the fact that .ini files are showing even though I have the computer hiding protected system files. I don't know why this is occuring.