It is super cool that people help others figure this stuff out. Wish I could send the geeks some cookies. I mean real cookies.
Here is my Ewido log:
+ Created on: 2:22:05 AM, 8/20/2005
+ Report-Checksum: 4E752485
+ Scan result:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
[564] C:\WINDOWS\system32\ndtfxperf.dll -> Spyware.Look2Me : Error during cleaning
[1176] C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
[1572] C:\WINDOWS\system32\hoscan32.dll -> Spyware.Look2Me : Error during cleaning
[124] VM_016C0000 -> Adware.BetterInternet : Error during cleaning
[1216] C:\WINDOWS\system32\djhror.exe -> Trojan.Agent.cp : Cleaned with backup
C:\Documents and Settings\Claire\Local Settings\Temp\Cookies\claire@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Claire\Local Settings\Temp\Cookies\claire@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Claire\Local Settings\Temp\Cookies\claire@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Claire\Local Settings\Temp\Cookies\claire@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Claire\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP979\A0174256.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174296.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174342.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174343.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174344.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174416.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174503.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174549.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174550.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174565.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174594.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174611.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174645.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174685.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174703.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174725.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174742.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP980\A0174758.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174803.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174821.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174866.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174880.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174897.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174917.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174937.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174957.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0174974.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175729.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175730.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175756.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175763.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175791.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175794.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175795.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175796.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175797.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175798.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175799.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175800.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175801.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175802.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP981\A0175803.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP982\A0175831.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{31414675-6CBE-4639-8F67-8C2E395D7683}\RP982\A0175856.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ActiveX.ocx -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\QDow.dll -> TrojanDownloader.QDown.a : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\cnrtmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\qtery.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ttbyuv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\uihypwgzf.exe -> Adware.BetterInternet : Cleaned with backup
::Report End
and my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:13:53 PM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\UmljaAAA\command.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\owfnfy.exe
C:\WINDOWS\system32\ltmsg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Documents and Settings\All Users\Documents\Tools for spyware\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.smarter.c...x.php?sidebar=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.threadless.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.smarter.c...x.php?sidebar=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.smarter.c...x.php?sidebar=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SDWin32 Class - {0E15DB13-244F-40F9-AFFC-B93FE08A62B1} - C:\WINDOWS\system32\jeisw.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Inet Delivery] C:\Program Files\Inet Delivery\inetdl_2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [jeiswc] C:\WINDOWS\system32\jeiswc.exe
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [jzvszq] C:\WINDOWS\system32\owfnfy.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MonacoGamma.lnk = C:\Program Files\Monaco Systems\MonacoOPTIX 2.0\MonacoGamma.exe
O4 - Global Startup: MonacoReminder.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Greenback Bayou by pogo.com -
O16 - DPF: Squelchies by pogo.com -
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) -
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral....bs/pmupd806.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
O16 - DPF: {5EFF8B09-B211-42B7-805E-C4670BF8C830} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell...t/TLIEFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral....s/pmupdate2.exe
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\ndtfxperf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmljaAAA\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\All Users\Documents\CWShredder.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Edited by clairest, 23 August 2005 - 11:30 PM.