Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - monica_ian_ralliart

Pages: [1]

Tech Clinic / Removing Annoying Pop ups

« on: March 07, 2006, 10:49:41 PM »

Once again, thank you very much, no more pop ups... phew...

Tech Clinic / Removing Annoying Pop ups

« on: March 04, 2006, 04:50:48 AM »

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by

Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP

addresses to host names. Each
# entry should be kept on an individual

line. The IP address should
# be placed in the first column followed

by the corresponding host name.
# The IP address and the host name should

be separated by at least one
# space.
#
# Additionally, comments (such as these)

may be inserted on individual
# lines or following the machine name

denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source

server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

Tech Clinic / Removing Annoying Pop ups

« on: March 03, 2006, 02:34:35 AM »

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

Checking %System% folder...
PEC2 29/08/2002 9:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 29/08/2002 9:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 9:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com

qoologic 28/02/2006 5:48:52 PM 1554 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak
urllogic 28/02/2006 5:48:52 PM 1554 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
02/03/2006 11:11:04 AM S 2048 C:\WINDOWS\bootstat.dat
21/01/2006 4:11:16 PM H 54156 C:\WINDOWS\QTFont.qfn
02/03/2006 11:11:04 AM S 64 C:\WINDOWS\CSC\00000001
27/01/2006 3:34:10 PM S 64 C:\WINDOWS\CSC\00000002
02/03/2006 3:11:28 PM H 1024 C:\WINDOWS\system32\config\default.LOG
02/03/2006 5:14:58 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
02/03/2006 5:11:20 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
02/03/2006 5:34:34 PM H 1024 C:\WINDOWS\system32\config\software.LOG
02/03/2006 12:13:20 PM H 1024 C:\WINDOWS\system32\config\system.LOG
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\31DDUENG\desktop.ini
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W5IBO16R\desktop.ini
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XVZY7NWB\desktop.ini
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YZ6TKZKZ\desktop.ini
17/01/2006 6:33:46 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e7590395-07b9-4622-a9aa-82a64bb29a0b
17/01/2006 6:33:46 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
02/03/2006 11:11:04 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 29/08/2002 9:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 25/01/2003 2:21:00 AM 139264 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 30/01/2001 11:21:04 AM 24683 C:\WINDOWS\SYSTEM32\plugincpl130_02.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
HP Computer Corporation 04/01/2003 2:28:38 AM 122880 C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
25/10/2005 10:33:38 AM 1824 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
27/11/2003 8:59:08 AM 1027 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
03/11/2002 7:35:32 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
22/04/2005 4:38:34 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
08/06/2005 5:33:28 PM 681 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
12/11/2003 5:33:44 PM 1559 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
02/11/2002 11:22:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
25/11/2005 10:35:12 AM 1356 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
03/11/2002 7:35:32 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
02/11/2002 11:22:56 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini
25/10/2005 10:43:36 AM 143952 C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
24/04/2005 4:23:22 PM 22080 C:\Documents and Settings\Administrator\Application Data\Microsoft Access.ADR
04/10/2005 11:45:56 AM 38463 C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.ADR

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
   {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}    = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
   Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93}    = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   NvCplDaemon   RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
   DrvLsnr   C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
   AdaptecDirectCD   "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
   srmclean   C:\Cpqs\Scom\srmclean.exe
   CPQEASYACC   C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
   ccApp   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   ccRegVfy   "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   Symantec NetDriver Monitor   C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   ctfmon.exe   C:\WINDOWS\System32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 02/03/2006 5:35:07 PM

Tech Clinic / Removing Annoying Pop ups

« on: March 01, 2006, 04:15:05 AM »

Logfile of HijackThis v1.99.1
Scan saved at 5:08:55 PM, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Teachers-Desk
O17 - HKLM\Software\..\Telephony: DomainName = Teachers-Desk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Teachers-Desk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

everything is ok right now, no annoying pop ups as yet... Many thanks. any last steps? Do u recommend me to keep those programs? or can I uninstall some of them coz it's all over my desktop right now hahaha....

Tech Clinic / Removing Annoying Pop ups

« on: February 28, 2006, 10:47:10 PM »

Alright, here u go this is the log file from l2mfix:

L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 480 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 552 'winlogon.exe'
Killing PID 552 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 228 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1504 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
Deleting: C:\WINDOWS\system32\k8jsli1718.dll
Successfully Deleted: C:\WINDOWS\system32\k8jsli1718.dll
Deleting: C:\WINDOWS\system32\kt2ul7f91.dll
Successfully Deleted: C:\WINDOWS\system32\kt2ul7f91.dll
Deleting: C:\WINDOWS\system32\nnlsapi.dll
Successfully Deleted: C:\WINDOWS\system32\nnlsapi.dll

msg11?.dll
0 file(s) copied.

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\kt2ul7f91.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjt32]
"Asynchronous"=dword:00000001
"DllName"="winbjt32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

The following are the files found:
****************************************************************************
C:\WINDOWS\system32\k8jsli1718.dll
C:\WINDOWS\system32\kt2ul7f91.dll
C:\WINDOWS\system32\nnlsapi.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\InprocServer32]
@="C:\\WINDOWS\\system32\\SvnthCore11Resources.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgiwave.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\InprocServer32]
@="C:\\WINDOWS\\system32\\nnlsapi.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}"=-
"{72B9F897-78E6-4930-B4FE-80E3091794E6}"=-
"{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}]
[-HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}]
[-HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/k8jsli1718.dll (164 bytes security) (deflated 4%)
adding: dlls/kt2ul7f91.dll (164 bytes security) (deflated 5%)
adding: dlls/nnlsapi.dll (164 bytes security) (deflated 5%)
adding: backregs/71B9C6FF-B129-4672-8EC0-5A30B3917BCD.reg (212 bytes security) (deflated 70%)
adding: backregs/72B9F897-78E6-4930-B4FE-80E3091794E6.reg (212 bytes security) (deflated 70%)
adding: backregs/A2FB58C9-164D-4FB6-88C1-300F01D6BBBD.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 77%)
adding: backregs/shell.reg (164 bytes security) (deflated 74%)

Log file from hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 10:12:31 AM, on 01/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Teachers-Desk
O17 - HKLM\Software\..\Telephony: DomainName = Teachers-Desk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Teachers-Desk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\kt2ul7f91.dll (file missing)
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Log file from Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         6:38:16 PM, 28/02/2006
+ Report-Checksum:      F89593E0

+ Scan result:

   [632] C:\WINDOWS\system32\mrpmsp.dll -> Adware.Look2Me : Error during cleaning
   [712] C:\WINDOWS\system32\mrpmsp.dll -> Adware.Look2Me : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831170103.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831174456.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Error during cleaning
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831180146.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831180146.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831180146.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050831184122.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113529.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901113940.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901114156.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050901114156.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050902124503.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903101552.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050903153214.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050904110943.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050905084536.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050906084155.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050907085345.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050908084509.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050909090322.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050910124907.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050913094059.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050914103700.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050915105857.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050916114543.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050917101413.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050918111612.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050920094702.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsS.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsB.dll -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsA.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WSup.exe -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsB.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsS.to_be_deleted -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20050921102730.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20060126184236.zip/Program Files/common files/wintools/WToolsB.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20060126184236.zip/Program Files/common files/wintools/WToolsS.to_be_deleted_x -> Adware.Wintol : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10D.tmp\sfbho.dll -> Adware.SideFind : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\common.dll -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\nzqlihv.wzg -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\PIB.exe -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\TBPS.exe -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\TBPSSvc.exe -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq130.tmp\toolbar.dll -> Adware.WebSearch : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp\bin\nls.exe -> Adware.BargainBuddy : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp\sais.exe -> Adware.180Solutions : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Casalemedia : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Tribalfusion : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Adserver : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup
   C:\WINDOWS\gimmygames.exe -> Downloader.VB.vr : Cleaned with backup
   C:\WINDOWS\gimmygames9.exe -> Downloader.VB.ww : Cleaned with backup
   C:\WINDOWS\system32\AdService.dll -> Trojan.Agent.og : Cleaned with backup
   C:\WINDOWS\system32\en0ml1d11.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\g0040adqed0e0.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\i6jq0g15e6.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ir2sl5f71.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ir4ml5h11.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ir8sl5l71.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\irp6l57s1.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\k6lqlg3516.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\k8no0i53e8.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ktj6l71s1.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\ktlul7391.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\kzdest.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\l06o0aj3edo.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\m6po0g73e6.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\mvl4l93q1.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\n08o0al3edq.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\SvnthCore11Resources.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\sxsvc.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\wahisn.dll -> Adware.Look2Me : Cleaned with backup
   C:\WINDOWS\system32\winbjt32.dll -> Trojan.Agent.og : Cleaned with backup
   C:\WINDOWS\Temp\~483948.tmp -> Adware.Wintol : Error during cleaning
   C:\WINDOWS\Temp\~540970.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~585342.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~615033.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~707015.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~779169.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~783512.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~785394.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~869831.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\Temp\~873933.tmp -> Adware.Wintol : Error during cleaning
   C:\WINDOWS\Temp\~878524.tmp -> Downloader.Wintool.a : Error during cleaning
   C:\WINDOWS\winsysban10.exe -> Hijacker.VB.ld : Cleaned with backup
   C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc : Cleaned with backup
   C:\WINDOWS\winsysban8.exe -> Hijacker.VB.lg : Cleaned with backup
   C:\WINDOWS\winsysban9.exe -> Hijacker.VB.ld : Cleaned with backup
   C:\WINDOWS\winsysupd10.exe -> Downloader.VB.wg : Cleaned with backup
   C:\WINDOWS\winsysupd4.exe -> Hijacker.StartPage.ahg : Cleaned with backup
   C:\WINDOWS\winsysupd5.exe -> Hijacker.StartPage.ahg : Cleaned with backup
   C:\WINDOWS\winsysupd6.exe -> Downloader.VB.wg : Cleaned with backup
   C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup
   C:\WINDOWS\winsysupd8.exe -> Hijacker.StartPage.ahg : Cleaned with backup
   C:\WINDOWS\winsysupd9.exe -> Downloader.VB.wy : Cleaned with backup
   C:\winsysban5.exe -> Hijacker.VB.kc : Cleaned with backup

::Report End

Tech Clinic / Removing Annoying Pop ups

« on: February 28, 2006, 06:04:45 AM »

Hi quest,

thats a lot of steps man, phew...

L2MFIX find log 010406
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mvn6l95s1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjt32]
"Asynchronous"=dword:00000001
"DllName"="winbjt32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{BD00B513-6FC7-2C3E-4A96-986C8CD6B525}"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}"=""
"{72B9F897-78E6-4930-B4FE-80E3091794E6}"=""
"{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}"=""

********************************************************************************
**
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}\InprocServer32]
@="C:\\WINDOWS\\system32\\SvnthCore11Resources.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{72B9F897-78E6-4930-B4FE-80E3091794E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgiwave.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{71B9C6FF-B129-4672-8EC0-5A30B3917BCD}\InprocServer32]
@="C:\\WINDOWS\\system32\\ksdhela3.dll"
"ThreadingModel"="Apartment"

********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
ksdhela3.dll Tue Feb 28 2006 6:58:48p ..S.R 234,077 228.59 K
kt2ul7~1.dll Tue Feb 28 2006 6:58:46p ..S.R 236,004 230.47 K
mvn6l9~1.dll Tue Feb 28 2006 5:48:46p ..S.R 234,077 228.59 K
s32evnt1.dll Tue Jan 3 2006 3:31:44p A.... 91,904 89.75 K

4 items found: 4 files (3 H/S), 0 directories.
Total of file sizes: 796,062 bytes 777.40 K
Locate .tmp files:

No matches found.
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 462B-73DE

Directory of C:\WINDOWS\System32

28/02/2006 06:58 PM 234,077 ksdhela3.dll
28/02/2006 06:58 PM 236,004 kt2ul7f91.dll
28/02/2006 05:48 PM 234,077 mvn6l95s1.dll
28/02/2006 05:46 PM <DIR> dllcache
11/08/2003 03:58 PM 32 {A7D34F66-7DE2-49E8-87B9-4638E35B3056}.dat
07/08/2003 04:45 AM <DIR> Microsoft
4 File(s) 704,190 bytes
2 Dir(s) 28,136,927,232 bytes free

Thanks dude.

Tech Clinic / Removing Annoying Pop ups

« on: February 24, 2006, 03:01:08 AM »

Hey questsolo,

here are the results from WinPFind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 23/01/2006 9:51:30 AM 12288 C:\drsmartload1.exe
UPX! 23/01/2006 10:51:02 AM 10624 C:\drsmartload419a.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

UPX! 01/02/2006 10:20:56 AM 19968 C:\WINDOWS\winsysban4.exe
UPX! 27/01/2006 4:16:30 PM 10752 C:\WINDOWS\winsysupd3.exe
UPX! 01/02/2006 10:20:44 AM 11264 C:\WINDOWS\winsysupd4.exe

Checking %System% folder...
PEC2 29/08/2002 9:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
WinShutDown 22/02/2006 1:44:00 PM R S 236615 C:\WINDOWS\SYSTEM32\en0ml1d11.dll
ad-w-a-r-e.com 22/02/2006 1:44:00 PM R S 236615 C:\WINDOWS\SYSTEM32\en0ml1d11.dll
WinShutDown 17/02/2006 6:17:20 PM R S 234374 C:\WINDOWS\SYSTEM32\g0040adqed0e0.dll
ad-w-a-r-e.com 17/02/2006 6:17:20 PM R S 234374 C:\WINDOWS\SYSTEM32\g0040adqed0e0.dll
WinShutDown 14/02/2006 2:28:12 PM R S 236891 C:\WINDOWS\SYSTEM32\i6jq0g15e6.dll
ad-w-a-r-e.com 14/02/2006 2:28:12 PM R S 236891 C:\WINDOWS\SYSTEM32\i6jq0g15e6.dll
WinShutDown 15/02/2006 5:57:20 PM R S 237327 C:\WINDOWS\SYSTEM32\ir2sl5f71.dll
ad-w-a-r-e.com 15/02/2006 5:57:20 PM R S 237327 C:\WINDOWS\SYSTEM32\ir2sl5f71.dll
WinShutDown 22/02/2006 2:21:02 PM R S 233820 C:\WINDOWS\SYSTEM32\ir4ml5h11.dll
ad-w-a-r-e.com 22/02/2006 2:21:02 PM R S 233820 C:\WINDOWS\SYSTEM32\ir4ml5h11.dll
WinShutDown 14/02/2006 6:25:16 PM R S 236693 C:\WINDOWS\SYSTEM32\irp6l57s1.dll
ad-w-a-r-e.com 14/02/2006 6:25:16 PM R S 236693 C:\WINDOWS\SYSTEM32\irp6l57s1.dll
WinShutDown 24/02/2006 12:33:06 PM R S 236917 C:\WINDOWS\SYSTEM32\k6lqlg3516.dll
ad-w-a-r-e.com 24/02/2006 12:33:06 PM R S 236917 C:\WINDOWS\SYSTEM32\k6lqlg3516.dll
WinShutDown 19/03/2006 2:54:32 PM R S 234374 C:\WINDOWS\SYSTEM32\k8no0i53e8.dll
ad-w-a-r-e.com 19/03/2006 2:54:32 PM R S 234374 C:\WINDOWS\SYSTEM32\k8no0i53e8.dll
WinShutDown 17/02/2006 4:39:46 PM R S 234423 C:\WINDOWS\SYSTEM32\ktj6l71s1.dll
ad-w-a-r-e.com 17/02/2006 4:39:46 PM R S 234423 C:\WINDOWS\SYSTEM32\ktj6l71s1.dll
WinShutDown 04/02/2006 6:33:36 PM R S 236662 C:\WINDOWS\SYSTEM32\ktlul7391.dll
ad-w-a-r-e.com 04/02/2006 6:33:36 PM R S 236662 C:\WINDOWS\SYSTEM32\ktlul7391.dll
WinShutDown 03/02/2006 7:46:44 PM R S 236049 C:\WINDOWS\SYSTEM32\l06o0aj3edo.dll
ad-w-a-r-e.com 03/02/2006 7:46:44 PM R S 236049 C:\WINDOWS\SYSTEM32\l06o0aj3edo.dll
WinShutDown 15/02/2006 10:49:56 AM R S 237069 C:\WINDOWS\SYSTEM32\m6po0g73e6.dll
ad-w-a-r-e.com 15/02/2006 10:49:56 AM R S 237069 C:\WINDOWS\SYSTEM32\m6po0g73e6.dll
PEC2 25/11/2005 11:41:50 AM 75264 C:\WINDOWS\SYSTEM32\mswindtc.exe
WinShutDown 22/02/2006 3:32:20 PM R S 236408 C:\WINDOWS\SYSTEM32\mvl4l93q1.dll
ad-w-a-r-e.com 22/02/2006 3:32:20 PM R S 236408 C:\WINDOWS\SYSTEM32\mvl4l93q1.dll
WinShutDown 18/02/2006 12:20:32 PM R S 234374 C:\WINDOWS\SYSTEM32\n08o0al3edq.dll
ad-w-a-r-e.com 18/02/2006 12:20:32 PM R S 234374 C:\WINDOWS\SYSTEM32\n08o0al3edq.dll
Umonitor 29/08/2002 9:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
WinShutDown 01/02/2006 2:08:50 PM R S 235978 C:\WINDOWS\SYSTEM32\SvnthCore11Resources.dll
ad-w-a-r-e.com 01/02/2006 2:08:50 PM R S 235978 C:\WINDOWS\SYSTEM32\SvnthCore11Resources.dll
WinShutDown 15/02/2006 10:24:16 AM R S 236693 C:\WINDOWS\SYSTEM32\wahisn.dll
ad-w-a-r-e.com 15/02/2006 10:24:16 AM R S 236693 C:\WINDOWS\SYSTEM32\wahisn.dll
winsync 29/08/2002 9:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
24/02/2006 3:30:48 PM S 2048 C:\WINDOWS\bootstat.dat
21/01/2006 4:11:16 PM H 54156 C:\WINDOWS\QTFont.qfn
04/02/2006 10:49:02 AM S 64 C:\WINDOWS\CSC\00000001
27/01/2006 3:34:10 PM S 64 C:\WINDOWS\CSC\00000002
24/02/2006 3:31:00 PM R S 236918 C:\WINDOWS\system32\damap.dll
24/02/2006 2:14:36 PM R S 236918 C:\WINDOWS\system32\dn0001dme.dll
22/02/2006 1:44:00 PM R S 236615 C:\WINDOWS\system32\en0ml1d11.dll
17/02/2006 6:17:20 PM R S 234374 C:\WINDOWS\system32\g0040adqed0e0.dll
14/02/2006 2:28:12 PM R S 236891 C:\WINDOWS\system32\i6jq0g15e6.dll
15/02/2006 5:57:20 PM R S 237327 C:\WINDOWS\system32\ir2sl5f71.dll
22/02/2006 2:21:02 PM R S 233820 C:\WINDOWS\system32\ir4ml5h11.dll
14/02/2006 6:25:16 PM R S 236693 C:\WINDOWS\system32\irp6l57s1.dll
24/02/2006 12:33:06 PM R S 236917 C:\WINDOWS\system32\k6lqlg3516.dll
19/03/2006 2:54:32 PM R S 234374 C:\WINDOWS\system32\k8no0i53e8.dll
17/02/2006 4:39:46 PM R S 234423 C:\WINDOWS\system32\ktj6l71s1.dll
04/02/2006 6:33:36 PM R S 236662 C:\WINDOWS\system32\ktlul7391.dll
03/02/2006 7:46:44 PM R S 236049 C:\WINDOWS\system32\l06o0aj3edo.dll
15/02/2006 10:49:56 AM R S 237069 C:\WINDOWS\system32\m6po0g73e6.dll
22/02/2006 3:32:20 PM R S 236408 C:\WINDOWS\system32\mvl4l93q1.dll
18/02/2006 12:20:32 PM R S 234374 C:\WINDOWS\system32\n08o0al3edq.dll
24/02/2006 3:29:36 PM R S 236917 C:\WINDOWS\system32\o2840clqefqe0.dll
01/02/2006 2:08:50 PM R S 235978 C:\WINDOWS\system32\SvnthCore11Resources.dll
15/02/2006 10:24:16 AM R S 236693 C:\WINDOWS\system32\wahisn.dll
24/02/2006 3:31:00 PM H 20480 C:\WINDOWS\system32\config\default.LOG
24/02/2006 3:30:56 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
24/02/2006 3:30:50 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
24/02/2006 3:32:02 PM H 188416 C:\WINDOWS\system32\config\software.LOG
24/02/2006 3:30:48 PM H 913408 C:\WINDOWS\system32\config\system.LOG
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\31DDUENG\desktop.ini
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W5IBO16R\desktop.ini
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XVZY7NWB\desktop.ini
27/01/2006 4:07:36 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YZ6TKZKZ\desktop.ini
17/01/2006 6:33:46 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e7590395-07b9-4622-a9aa-82a64bb29a0b
17/01/2006 6:33:46 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
24/02/2006 3:29:48 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 29/08/2002 9:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 25/01/2003 2:21:00 AM 139264 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 30/01/2001 11:21:04 AM 24683 C:\WINDOWS\SYSTEM32\plugincpl130_02.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
HP Computer Corporation 04/01/2003 2:28:38 AM 122880 C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 29/08/2002 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
25/10/2005 10:33:38 AM 1824 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
27/11/2003 8:59:08 AM 1027 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
03/11/2002 7:35:32 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
22/04/2005 4:38:34 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
08/06/2005 5:33:28 PM 681 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
12/11/2003 5:33:44 PM 1559 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
02/11/2002 11:22:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
25/11/2005 10:35:12 AM 1356 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
03/11/2002 7:35:32 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
02/11/2002 11:22:56 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini
25/10/2005 10:43:36 AM 143952 C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
24/04/2005 4:23:22 PM 22080 C:\Documents and Settings\Administrator\Application Data\Microsoft Access.ADR
04/10/2005 11:45:56 AM 38463 C:\Documents and Settings\Administrator\Application Data\Microsoft Excel.ADR

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
       =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
   {A2FB58C9-164D-4FB6-88C1-300F01D6BBBD}    = C:\WINDOWS\system32\SvnthCore11Resources.dll
   {72B9F897-78E6-4930-B4FE-80E3091794E6}    = C:\WINDOWS\system32\mgiwave.dll
   {71B9C6FF-B129-4672-8EC0-5A30B3917BCD}    = C:\WINDOWS\system32\damap.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
   {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}    = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
   Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93}    = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
   {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF   : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   NvCplDaemon   RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
   DrvLsnr   C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
   AdaptecDirectCD   "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
   srmclean   C:\Cpqs\Scom\srmclean.exe
   CPQEASYACC   C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
   ccApp   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   ccRegVfy   "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   win msdt service   mswindtc.exe
   mlp   C:\apace.exe
   winsysupd   C:\windows\winsysupd10.exe
   winsysban   C:\windows\winsysban10.exe
   gimmygames   C:\windows\gimmygames10.exe
   spd   C:\inp.exe
   Symantec NetDriver Monitor   C:\PROGRA~1\SYMNET~1\SNDMon.exe
   Windows Firewall Monitor   C:\inp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
   win msdt service   mswindtc.exe
   mlp   C:\apace.exe
   spd   C:\inp.exe
   Windows Firewall Monitor   C:\inp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   ctfmon.exe   C:\WINDOWS\System32\ctfmon.exe
   win msdt service   mswindtc.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
   win msdt service   mswindtc.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption
   legalnoticetext
   shutdownwithoutlogon   1
   undockwithoutlogon   1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder    {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn    {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck    {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray     {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjt32
    = winbjt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate
    = C:\WINDOWS\system32\dn0001dme.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 24/02/2006 3:35:21 PM

man... this is soo long.... and the next one from HijackThis. Sorry that I made u read results from HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 3:47:16 PM, on 24/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\WinPFind\WinPFind\winpfind.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win msdt service] mswindtc.exe
O4 - HKLM\..\Run: [mlp] C:\apace.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd10.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban10.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames10.exe
O4 - HKLM\..\Run: [spd] C:\inp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Windows Firewall Monitor] C:\inp.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [mlp] C:\apace.exe
O4 - HKLM\..\RunServices: [spd] C:\inp.exe
O4 - HKLM\..\RunServices: [Windows Firewall Monitor] C:\inp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Teachers-Desk
O17 - HKLM\Software\..\Telephony: DomainName = Teachers-Desk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Teachers-Desk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\dn0001dme.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Many Thanks!
Monica

Sorry that I made u read results from HijackThis in safe mode.

Tech Clinic / Removing Annoying Pop ups

« on: February 23, 2006, 11:50:21 PM »

but i can't run hijackthis on my computer. the program disappears immediately when i try to run it. same for my task manager, it doesn't show my task manager at all. was thinking if it has got something to do with my computer(it is actually the computer that i use at work) and everytime it start up there is a RUNDLL error msg.

Tech Clinic / Removing Annoying Pop ups

« on: February 22, 2006, 12:15:06 AM »

Someone please help.

I have been getting many pop ups and everytime i clicked on internet explorer, the default website would be www.findthewebsiteyouneed.com. It's so damn F**king annoying. I tried running HijackThis, everytime it loads, 5 seconds later, the program disappear.

I am also using a CWSshredder, can anyone tell me if C:\WINDOWS\winsysban5.exe, C:\WINDOWS\winsysban6.exe and C:\WINDOWS\winsysban7.exe is removable?

Monica

Tech Clinic / Removing IST bar

« on: January 02, 2006, 12:45:10 AM »

Yup, I didn't get it confused, coz when you told me to hold on to it I have already deleted, whoops... anyway I got it installed back already so everything should be fine...

Million thanks to you for helping me remove that irritating ISTbar. Thank you...

Tech Clinic / Removing IST bar

« on: January 01, 2006, 12:10:46 AM »

Yup have done all that. I didn't see any Spybot Cleaner folder so didn't manage to delete it. Here is my recent log.

Logfile of HijackThis v1.99.1
Scan saved at 1:13:09 PM, on 1/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Monica\Desktop\HijackThis.exe
C:\Program Files\3M\PSNLite\PsnLite.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Post-itR Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094389808998
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Tech Clinic / Removing IST bar

« on: December 30, 2005, 02:27:01 AM »

Done all that, the new log

Logfile of HijackThis v1.99.1
Scan saved at 3:33:32 PM, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Monica\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Post-itR Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk570YYSG
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094389808998
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)

Tech Clinic / Removing IST bar

« on: December 30, 2005, 12:00:18 AM »

here you go...

Adobe Acrobat 5.0
Adobe Illustrator 10.0.3
Adobe Photoshop 7.0.1
Adobe SVG Viewer 3.0
ArcSoft Panorama Maker 3
Ares 1.8.1
AvantGo Client
Games
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP ?U?ucM?v13 3.1
hp center
HP PSC & OfficeJet 3.0
HP RecordNow
HP Software Update
ISTsvc
iTunes
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand MX
Macromedia Shockwave Player
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft ActiveSync 3.7
Microsoft Office XP Standard
mIRC
Mosaic Creator 2.95
MSN Messenger 7.5
MSP3880-U 56K PCI Modem
Musicmatch?Jukebox
Nikon Message Center
Nokia PC Suite 6.2
Norton AntiVirus 2002
NVIDIA Windows 2000/XP Display Drivers
PictureProject
Post-it?Software Notes Lite
Power Mp3 Cutter(Mp3 Sound Cutter) 1.41
PS2
Python 1.5 combined Win32 extensions
Python 1.5.2 (final)
QuickTime
S3 Gamma
S3 Savage4 Family Display Switch2 Utility
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SiS Audio Driver
Surf Accuracy
Text Twist v2.11 for Pocket PC
TileDesigner2 (Build 1.163 2002.3.16.0634)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Wireless Camera Setup Utility
WordBiz version 1.7
Yahoo! Address AutoComplete
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! μ?o?Io

Tech Clinic / Removing IST bar

« on: December 29, 2005, 01:17:47 PM »

I guess I have the same problem as enxo. HELP! This is my log:

Logfile of HijackThis v1.99.1
Scan saved at 2:16:01 AM, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\xonnjofl.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Monica\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Monica\LOCALS~1\Temp\eHfYuF.exe
C:\Program Files\ISTsvc\istsvc.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [6tE5ejI] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [??"h'??T3r鑒WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [0e炆J殘)?.?Ie顏:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [庋勷珂??萍?佒?媺C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [R?e?Vnj?笀 b青:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [??T'??T3r鑒W?淽:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [V??+??r?`G:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [/] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [R??I
";?跰犴:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [w?甍?搞)y:Cpxx09sC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [吪什?c譟剕#??m/`BC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [? 4??_e7揙&朕C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [;??傭:覢疸,蛋濍:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [?uX?匯6肥@澧:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: ["近?X?€埃v彃]撏C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [X葇2嶗*??2?Nl:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [?剽)蕑q葎6絩B?七:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [-lp"x] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [€%?'苯ySj(<3C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [o??g??粗莠4懸C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [i
-?,嗾捉↖咀:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [v??汋I-#C??嬮NC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [膝D-I?岤]噦C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xonnjofl.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Post-itR Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Define - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk570YYSG
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - c:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094389808998
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NkPtpEnumP2 - Unknown owner - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - monica_ian_ralliart

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing Annoying Pop ups

Tech Clinic / Removing IST bar

Tech Clinic / Removing IST bar

Tech Clinic / Removing IST bar

Tech Clinic / Removing IST bar

Tech Clinic / Removing IST bar