Howdy Crete-mon,
Heres the scoop:
The file requester.11.exe could not be found in either normal mode or safe mode.
Viewing of all files was enabled.
The recommended fix files were all resolved successfully.
The WinPFind scan looks like this:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 12/4/2004 12:42:26 PM 4918270 C:\Firefox Setup 1.0.exe
UPX! 9/27/2004 1:37:24 PM 4742005 C:\Firefox Setup 1.0PR.exe
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 9/3/2004 9:08:26 PM 465408 C:\WINDOWS\glophone.exe
UPX! 9/3/2004 9:08:28 PM 25600 C:\WINDOWS\glousb.dll
UPX! 9/3/2004 9:08:28 PM 92245 C:\WINDOWS\iaxclient.dll
SAHAgent 8/29/2005 10:35:00 PM 85338 C:\WINDOWS\KB893756.log
SAHAgent 8/29/2005 10:33:14 PM 81424 C:\WINDOWS\KB894391.log
SAHAgent 8/29/2005 10:34:54 PM 84461 C:\WINDOWS\KB896423.log
SAHAgent 8/29/2005 10:34:46 PM 85906 C:\WINDOWS\KB896727.log
SAHAgent 8/29/2005 10:35:14 PM 85748 C:\WINDOWS\KB899587.log
SAHAgent 8/29/2005 10:34:08 PM 81701 C:\WINDOWS\KB899588.log
SAHAgent 8/29/2005 10:35:06 PM 85282 C:\WINDOWS\KB899591.log
Checking %System% folder...
UPX! 9/3/2004 9:08:26 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
PEC2 8/23/2001 11:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 7/10/2003 2:34:10 PM 3584 C:\WINDOWS\SYSTEM32\pndx5032.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 7/10/2003 2:34:14 PM 73216 C:\WINDOWS\SYSTEM32\rmoc3260.dll
winsync 8/23/2001 11:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
UPX! 10/22/2005 12:54:12 PM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 10/22/2005 12:54:12 PM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 10/22/2005 12:54:12 PM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 10/22/2005 12:54:12 PM 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/1/2005 7:37:04 PM S 2048 C:\WINDOWS\bootstat.dat
10/28/2005 12:16:10 PM S 182272 C:\WINDOWS\NDNuninstall6_98.exe
12/1/2005 7:10:16 PM H 24 C:\WINDOWS\p7Y0c
10/31/2005 3:54:06 AM H 0 C:\WINDOWS\inf\oem15.inf
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 8:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
12/1/2005 7:36:56 PM H 8192 C:\WINDOWS\system32\config\default.LOG
12/1/2005 7:37:16 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/1/2005 7:37:06 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/1/2005 7:41:52 PM H 77824 C:\WINDOWS\system32\config\software.LOG
12/1/2005 7:37:12 PM H 794624 C:\WINDOWS\system32\config\system.LOG
11/9/2005 9:21:50 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
10/14/2005 10:24:44 PM H 38553 C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbcma.GID
12/1/2005 7:10:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 7/29/2003 4:09:40 PM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 1:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 5/27/2003 11:42:58 AM 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 11:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
10/18/2005 1:04:26 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
6/19/2004 9:54:02 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/16/2005 9:18:42 AM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
6/19/2004 5:45:24 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
10/16/2005 9:19:32 AM 1110 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
6/19/2004 9:54:02 AM HS 84 C:\Documents and Settings\Lorraine\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
6/19/2004 5:45:24 AM HS 62 C:\Documents and Settings\Lorraine\Application Data\desktop.ini
9/2/2004 6:45:10 PM 0 C:\Documents and Settings\Lorraine\Application Data\dm.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BullGuard Antivirus v4
{B5FB6487-7E79-4816-B73B-8A65E41971DA} =
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A}
ButtonText = Voiceglo directory : C:\Documents and Settings\All Users\Desktop\Glophone.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BluetoothAuthenticationAgent rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
HostManager C:\Program Files\Common Files\AOL\1126025909\ee\AOLHostManager.exe
HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Adobe Photo Downloader "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PPWebCap C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Miniphone
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item glophone
hkey HKLM
command C:\WINDOWS\glophone.exe /w
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item glophone
hkey HKLM
command C:\WINDOWS\glophone.exe /w
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpecialOffers
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpecialOffers
hkey HKCU
command C:\WINDOWS\SpecialOffers.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpecialOffers
hkey HKCU
command C:\WINDOWS\SpecialOffers.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WildTangent CDA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0400
hkey HKLM
command RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0400
hkey HKLM
command RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key üǨYbÊơí$
Hint who am I
FileName0 C:\WINDOWS\System32\RSACi.rat
WarnOnOff 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoLowDiskSpaceChecks 1
NoRecentDocsMenu 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/1/2005 7:49:41 PM
I ran MSConfig and Normal startup needed to be selected. selective start up was enabled to bypass a program that could not be uninstalled due to an improper uninstall routine or a sneaky program, not sure which.
The Kaspersky scan uncovered a treasure trove of bad things, 20 viruses in all and assorted other garbage as follows:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, December 01, 2005 21:08:48
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/12/2005
Kaspersky Anti-Virus database records: 162704
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 48715
Number of viruses found: 20
Number of infected objects: 52
Number of suspicious objects: 2
Duration of the scan process: 2994 sec
Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TwainTech.zip/bolttz.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TwainTech.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Lorraine\Local Settings\Temp\ahuedt32.exe Infected: Trojan.Win32.Crypt.t
C:\Documents and Settings\Lorraine\Local Settings\Temporary Internet Files\Content.IE5\TM3CJ7WJ\cpi[1] Infected: Trojan.Win32.Crypt.t
C:\Program Files\Norton AntiVirus\Quarantine\01F92E43 Infected: not-a-virus:AdWare.Win32.WebSearch.an
C:\Program Files\Norton AntiVirus\Quarantine\3960079F Infected: not-a-virus:AdWare.Win32.WebSearch.an
C:\RECYCLER\NPROTECT\00081516.cab/TBPS.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as
C:\RECYCLER\NPROTECT\00081516.cab Infected: not-a-virus:AdWare.Win32.WebSearch.as
C:\RECYCLER\NPROTECT\00081519.cab/common.dll Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00081519.cab Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00081691.exe Infected: not-a-virus:AdWare.Win32.WebSearch.al
C:\RECYCLER\NPROTECT\00081712.cab/common.dll Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00081712.cab Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00082141.cab/common.dll Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00082141.cab Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00082247.dll Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00082248.cab/common.dll Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\RECYCLER\NPROTECT\00082248.cab Infected: not-a-virus:AdWare.Win32.WebSearch.aj
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP527\A0115491.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP528\A0115497.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP553\A0117020.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP553\A0117021.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP553\A0117022.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP553\A0117023.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP553\A0117024.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP553\A0117025.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP558\A0117124.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP558\A0117125.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP558\A0117126.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP558\A0117127.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP558\A0117130.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP559\A0117149.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117209.dll Infected: not-a-virus:[bleep]-Downloader.Win32.Shoter
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117210.dll Infected: not-a-virus:[bleep]-Downloader.Win32.Shoter.e
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117245.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117246.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117247.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117248.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117249.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117255.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{927788F1-8CEC-4D38-B9F9-97C6466F1B70}\RP563\A0117256.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\esba-4.exe/WISE0007.BIN Infected: Backdoor.Win32.Ruledor.e
C:\WINDOWS\esba-4.exe/WISE0008.BIN Infected: Trojan-Downloader.Win32.Agent.ab
C:\WINDOWS\esba-4.exe/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.SpecialOffers.a
C:\WINDOWS\esba-4.exe/WISE0010.BIN Infected: Trojan-Dropper.Win32.Small.gj
C:\WINDOWS\esba-4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.IstBar.er
C:\WINDOWS\esba-4.exe Infected: Trojan-Downloader.Win32.IstBar.er
C:\WINDOWS\NDNuninstall6_98.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e
C:\WINDOWS\specialoffers4.exe Infected: not-a-virus:AdWare.Win32.SpecialOffers.b
C:\WINDOWS\system\SearchHook.dll Infected: Trojan-Spy.Win32.Agent.ip
C:\WINDOWS\system32\f3pssavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\WINDOWS\system32\mprcrt20.dll Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\qappbk32.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\webhdll.dll_tobedeleted Infected: not-a-virus:AdWare.Win32.WebHancer
Scan process completed.
I also performed the Hijackthis scan while in safe mode and it looks something like this:
Logfile of HijackThis v1.99.1
Scan saved at 7:40:59 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Lorraine\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.optonline.net/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126025909\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://bar.mywebsear...html?p=ZSzeb029O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: JT's Blocks -
http://download.game...ts/y/blt1_x.cabO16 - DPF: Poppit by pogo -
http://game1.pogo.co...2-ob-assets.cabO16 - DPF: Yahoo! Chat 1.3 -
http://jcs.chat.dcn....m/c174/chat.cabO16 - DPF: Yahoo! Chess -
http://download.game...nts/y/ct2_x.cabO16 - DPF: Yahoo! Spades -
http://download.game...nts/y/st2_x.cabO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab28578.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab28578.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {51641EF3-8A7A-4D84-8659-B0911E947CC8} -
http://www.contenido.../instalador.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1130708840656O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/.../GrooveAX27.cabO16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) -
http://smartdownload...m/installer.dllO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://mirror.worldw...ed/wwlaunch.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab28578.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.c...utocomplete.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cabO16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) -
http://mirror.worldw...ool/h2hpool.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Unknown owner - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
That was everything on my to-do list !
Is there a "How-To" manual to interpret all this stuff? Just curious... I'd make a good geek I think.
thanks for the Help!
UM