Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mouse & Keyboard Freeze/Monitor Distorted--Virus?


  • Please log in to reply

#316
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
Now I'm in the dungeon! What do you think I should do? You are the expert here. I'll do whatever you suggest.

I guess I can still go ahead and set the restore point and make the disk though.

I'll do that while I wait for your reply. I won't go further until you say, ok?
  • 0

Advertisements


#317
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
I made the restore point.

I made it to Network Connections, but no "common tasks" or "Network Wizard." I'm following rule 2 -- I'm in doubt here, so where do I go now?
  • 0

#318
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
I have:

--> Create a new connection
--> Set up a home or small office network

I'm guessing it's one of these options?
  • 0

#319
peterm

peterm

    Trusted Tech

  • Technician
  • 3,173 posts
sorry I disappeared
Setup a home network - make the disk
But I've been thinking we don't want to put malware across the network
Might be best not to set it up ( sorry about mucking you about)
  • 0

#320
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
Not heading out tonight after all, so I'll go make the disk and hold off on setting it up until you say "go."

Sure feels like we're playing "it" with all this. Did anyone say what they saw or found. Maybe I should run something again? Of course, I can't update any of my programming and some of the programs have since expired their "trial" periods since all this began so long ago.

I'll wait to hear back. Thanks, again.
  • 0

#321
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Hi totianni,

I looked in on this topic at peterm's request and have a few things for you to do. Since you're already 'in the dungeon', I need for you to download LSPFix.zip, put it on a floppy and transfer it to your computer.

On your computer, extract LSPFix to it's own folder and start the program. Locate all instances of C:\WINDOWS\SYSTEM\CSLSP.DLL and move them to the remove column. Check the box 'I know what I am doing' and click finish.

Now open HijackThis and scan again. Place a check next to the following entries, close all other windows and click 'fix checked'.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....0&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = xxxxxx.xxxxxx.xxxxx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx

Close HijackThis.

Open C:\Windows\tasks and delete the following files if present.

Anti-Virus.job
My Computer tsid_06242005155850.job


If they are not present, please open a command window by clicking start, then run and type command, then hit enter. On the command line, type the following, being sure to keep the proper spacing between commands/switches.

attrib -h C:\Windows\tasks\*.job

Hit enter. Now refresh the C:\Windows\tasks folder (go back to C:\Windows then into tasks folder again) and see if they are visible.

Now reset your network connection properties to automatically obtain IP address and reboot. Please post a new HijackThis log and let us know if things are working properly.
  • 0

#322
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
Hi, Dave~

Thank you for your help.

I downloaded the LSPFix file, extracted it to my desktop and ran the program. There were no files C:\WINDOWS\SYSTEM\CSLSP.DLL. There were only 3 files listed: rnr20.dll (DNS Name Space Provider); msafd.dll and rsvpsp.dll (both Protocol handler).

I did find this file: C:\WINDOWS\SYSTEM\CSLSP.DLL on my computer. Should I manually delete the file?

I also ran HJT and corrected the entries listed above; however, there were 2 listings above not present:

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = xxxxxx.xxxxxx.xxxxx
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx

Under C:\WINDOWS\TASKS, I found McAfee.com Scan for Viruses - My Computer tsid_06242005155850 and deleted it. I did not get anything new to show up with the attrib command.

I checked my network connections under "My Network Places," "Properties," "TCP/IP->Realtek RTL8139/810x Family Fast Ethernet NIC" (which is listed twice), "Properties," and they both have "Obtain an IP address automatically"

I'm about to reboot the computer now, but wanted to post before I disconnect the one that works.

Edited by totianni, 10 September 2005 - 08:45 PM.

  • 0

#323
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
I rebooted and tried my connection again. Still no connection.

Should I manually delete the file: C:\WINDOWS\SYSTEM\CSLSP.DLL ???

and is having multiple copies of my TCP/IP NIC card listed a problem? Should I delete one of them???

Thank you for your help.
  • 0

#324
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
I rebooted and tried my connection again. Still no connection.

Should I manually delete the file: C:\WINDOWS\SYSTEM\CSLSP.DLL ???

and is having multiple copies of my TCP/IP NIC card listed a problem? Should I delete one of them???

Thank you for your help.
  • 0

#325
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
CSLSP.DLL is a MaAfee file, so yes, it can be deleted since the program was removed.

I just looked back through previous posts and see CSLSP.DLL was hooked into winsock in a startup list created before you had access...........my mistake.

Please go ahead and reboot, then create a new HijackThis log as well as a new startup log with HijackThis for me.
  • 0

Advertisements


#326
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
As long as the settings are the same for both instances of the NIC, I wouldn't think it would be a problem to have both, but two of the same certainly aren't needed. I'm inclined to say yes, remove one. Shoot, for that matter I'd probably remove them both if it were mine, from device manager also, reboot and let it re-install, then recheck the settings. If you're comfortable with doing that, go for it.
  • 0

#327
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
I deleted the file and I'm sorry there is so much here to try to follow. I've been working on this for a very, very long time now. I really appreciate your help.

However, there is only one listed under Device Manager, but 2 listed under My Network Places (Network) Configuration. I deleted one of the "green" Realtek NIC's listed and it deleted the extra TCP/IP listed. Now there is only one. Should I still delete it all together. I haven't had the best of luck with deleting things (22 pages later).

Also, "Client for Microsoft Networks" is listed in the Primary Network Logon window. Is this correct?

I will run a new HJT log if you still need it.
  • 0

#328
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
Rebooted and got a New Hardware Found: The file "Rtlnic.sys" was not found. Windows needs the disk labeled "Realtek 10/100/1000 NIC Family all in one NDIS Driver' to continue. This disk may be provided by your computer or device manufacturer. I entered C:\windows\system and rebooted. It restarted ok, but now there are 2 Realtek NIC's listed again.

Edited by totianni, 10 September 2005 - 09:30 PM.

  • 0

#329
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
I deleted the NIC card under Device Manager, rebooted, it called for the same file listed above, told it to look in system directory, rebooted again and still have 2 NIC's listed--one with the "detect connection to network media" checked and one not.
  • 0

#330
totianni

totianni

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 315 posts
Here are my HJT logs:

StartupList report, 9/10/2005, 11:23:04 PM
StartupList version: 1.52.2
Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS VER1.99.1.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS VER1.99.1.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_CVT_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[OlsAolPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsAttPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsCompuservePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf

[OlsProdigyPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,PerUserStub

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[PerUser_HNW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

[PerUser_moviemaker] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

[SamplerPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf

[PerUser_PCHealth] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_ZoneGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_PBGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_DCC_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf

[OlsEarthlinkPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[PerUser_dxxspace_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[PerUser_Sysmon_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Sysmeter_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_netwatch_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

[EpgPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection EpgPerUser 64 C:\WINDOWS\INF\epg.inf

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM\mscories.dll,Install

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[{7790769C-0471-11d2-AF11-00C04FA35D02}.Restore]
StubPath = rundll32.exe advpack.dll,UserUnInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[PerUser_Onlinelnks_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_ICS_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICS_Inis 64 C:\WINDOWS\INF\ics.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:

*File not found*

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 22/8/2005, 21:13:14)

[Rename]
NUL=C:\WINDOWS\INTERN~1\TVDEBUG.LOG
NUL=C:\WINDOWS\TEMP\ZAUNINST.EXE
NUL=C:\WINDOWS\TEMP\VSINIT.DLL
NUL=C:\WINDOWS\TEMP\VSUTIL.DLL
NUL=C:\PROGRA~1
NUL=C:\WINDOWS\SYSTEM\ZONELABS
NUL=C:\WINDOWS\INTERN~1\TVDEBUG.LOG
NUL=C:\WINDOWS\SYSTEM\VSXML.DLL
NUL=C:\WINDOWS\SYSTEM\ZONELABS\DBGHELP.DLL
NUL=C:\WINDOWS\INSTAL~1\831617.MSI
NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp
NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET TMP=C:\WINDOWS\TEMP
SET TEMP=C:\WINDOWS\TEMP
SET BLASTER=A220 I5 D1 H5 P330 T6
SET CTSYN=C:\WINDOWS
C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\COMMON~1\AUTODE~1

--------------------------------------------------

C:\CONFIG.SYS listing:

*File is empty*

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

C:\PROGRA~1\CREATIVE\SBLIVE\DOSDRV\SBEINIT.COM

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Clean up Start menu.job
Maintenance-Anti-Virus.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
PCHealth Scheduler for Data Collection.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Internet Explorer Classes for Java]
CODEBASE = file://C:\WINDOWS\SYSTEM\iejava.cab
OSD = C:\WINDOWS\Downloaded Program Files\Internet Explorer Classes for Java.osd

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate...en/actsetup.cab

[{CD17FAAA-17B4-4736-AAEF-436EDC304C8C}]
CODEBASE = http://a840.g.akamai...uditControl.cab

[{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
CODEBASE = http://us.dl1.yimg.c...nst20040510.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://fpdownload.ma...director/sw.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupd...8584.9407986111

[{6A060448-60F9-11D5-A6CD-0002B31F7455}]
CODEBASE = http://us.games2.yim...ctl_0_0_0_1.ocx

[{D18F962A-3722-4B59-B08D-28BB9EB2281E}]
CODEBASE = http://photos.yahoo....plorer1_9us.cab

[{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}]
CODEBASE = http://media.toontow...4.14/ttinst.cab

[{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
CODEBASE = http://us.dl1.yimg.c...ebio5_1_3_0.cab

[{77E32299-629F-43C6-AB77-6A1E6D7663F6}]
CODEBASE = http://www.nick.com/.../GrooveAX28.cab

[{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}]
CODEBASE = http://messenger.msn...pDownloader.cab

[PreQualifier Class]
InProcServer32 = C:\PROGRAM FILES\COMMON FILES\VERIZON ONLINE\MOTIVE\MOTIVEPREQUAL.DLL
CODEBASE = http://www.verizon.n...tivePreQual.cab

[{A8658086-E6AC-4957-BC8E-8D54A7E8A790}]
CODEBASE = http://www.microsoft...DI/0/GDIChk.CAB

[{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[{D06A22B4-6087-4D3D-B7AF-82B113E9ABD4}]
CODEBASE = http://www2.verizon....es/vzWebIns.CAB

[{B8BE5E93-A60C-4D26-A2DC-220313175592}]
CODEBASE = http://zone.msn.com/...ro.cab34246.cab

[{3FE16C08-D6A7-4133-84FC-D5BFB4F7D886}]
CODEBASE = http://zone.msn.com/...bGameLoader.cab

[{E5D419D6-A846-4514-9FAD-97E826C84822}]
CODEBASE = http://fdl.msn.com/z...s/heartbeat.cab

[{9AA73F41-EC64-489E-9A73-9CD52E528BC4}]
CODEBASE = http://zone.msn.com/...me/ZAxRcMgr.cab

[{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}]
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

[{F2A84794-EE6D-447B-8C21-3BA1DC77C5B4}]
CODEBASE = http://activex.micro...ate/sdkinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macr...ash/swflash.cab

[{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
CODEBASE = http://java.sun.com/...indows-i586.cab

[{8AD9C840-044E-11D1-B3E9-00805F499D93}]
CODEBASE = http://java.sun.com/...indows-i586.cab

[{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}]
CODEBASE = http://housecall60.t...all/xscan60.cab

[{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}]
CODEBASE = http://www.pandasoft...free/asinst.cab

[{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}]
CODEBASE = http://www.windowsec...scan/axscan.cab

[{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
CODEBASE = http://www.bitdefend...can8/oscan8.cab

[{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = http://download.mcaf...90/mcinsctl.cab

[{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
CODEBASE = http://download.mcaf...,23/mcgdmgr.cab

[{7F8C8173-AD80-4807-AA75-5672F22B4582}]
CODEBASE = http://download.zone.../ICSScanner.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
NDIS: ndis.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *MTRR
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VNETBIOS: vnetbios.vxd
LMOUSE: *vmouse
VPOWERD: *VPOWERD
FBWin95: (no file)
VREDIR: vredir.vxd
DFS: dfs.vxd
COMBUFF: *COMBUFF
NDISWAN: (no file)
ICSHAREP: icsharep.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 26,914 bytes
Report generated in 0.170 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Logfile of HijackThis v1.99.1
Scan saved at 11:24:51 PM, on 9/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS VER1.99.1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} - http://a840.g.akamai...uditControl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://media.toontow...4.14/ttinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX28.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} - http://activex.micro...ate/sdkinst.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://www.windowsec...scan/axscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zone.../ICSScanner.cab


Is there anything else here that should concern me? Anything that I can clean up or remove?

Thanks so much for your help with this.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP