OK, this is getting more bizarre by the minute.
Last night I tried to reply to this thread with the information you requested, but I wasn't able to STAY logged in - whenever I went to the next screen, I would automatically get logged out. What's worse, when I clicked on the reply button, I was not only logged out but I was completely unable to log back in again! I have attached a screenshot of the error message I received.
====================================
I removed VSToolbar...I don't remember ever installing it and have no idea what it is for.
I know you have plenty to do - but is it possible to get a brief rundown of what I've been finding/removing and what it is? I don't know what in the HJT log is good or bad and I hate not knowing stuff. Even if there's a website somewhere that explains this stuff - that would be fine.
-----------------------------------------------------------------
Once again, the Uninstall Manager list didn't do what it should. I hit the Save List button and HJT just sat there doing nothing. I hit the button several times...same thing.
I closed HJT and reopened it, tried to save the list...and this time HJT just shut right down without warning, as before.
I uninstalled/reinstalled HJT, and once again hitting the Save List button - several times - did nothing at all. Wouldn't be a problem if I could copy/paste the list from the window.
-----------------------------------------------------------------
Here is the RootkitRevealer file (it would NOT let me save the file to my desktop - got a popup saying it wasn't a valid location. Same kind of msg as if I tried to save to a floppy drive without a disk in it.) It let me proceed as though I COULD save to the desktop, though - but I didn't check to see if the file was there and later, when it came time to post it, I couldn't find it anywhere. So I reran the scan. The first time it found 3 entries - the second time it found 5. The file contents below is from the second scan (completed after I had done everything else you wanted me to do).
HKLM\S-1-5-21-329068152-152049171-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings 9/27/2006 2:48 AM 77 bytes Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-329068152-152049171-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings 9/27/2006 2:48 AM 77 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\EPSON Stylus C84 Series\ChangeID 9/26/2006 10:38 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\EPSON Stylus C84 Series\Attributes 9/26/2006 10:38 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\TrendMicro\PC-cillin\ScanInfo\LastScanFile 9/27/2006 2:48 AM 56 bytes Windows API length not consistent with raw hive data.
---------------------------------------------------------------------
WinPFind.txt contents:WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 9/27/2006 1:59:16 AM
WinPFind v1.5.0 Folder = C:\Documents and Settings\1 - Dad\Desktop\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
UPX! 8/8/2006 12:53:28 PM 635520 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 7/3/2006 5:40:50 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 7/3/2006 5:40:50 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
UpackByDwing 9/25/2006 6:43:02 PM 45525 C:\WINDOWS\SYSTEM32\hlwtyoyo.dll ()
PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 9/24/2006 9:32:52 PM 9216 C:\WINDOWS\SYSTEM32\VundoFixSVC.exe (Atribune.org)
winsync 8/18/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PEC2 9/11/1998 12:00:00 PM 751080 C:\WINDOWS\SYSTEM32\WIN32.TLB ()
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)
UPX! 11/9/2005 9:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)
aspack 11/9/2005 9:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/27/2006 1:57:52 AM S 2048 C:\WINDOWS\bootstat.dat ()
8/24/2006 9:46:48 PM H 10820 C:\WINDOWS\Help\update.GID ()
9/25/2006 6:42:58 PM HS 810064 C:\WINDOWS\system32\ilnmp.bak1 ()
9/27/2006 2:08:14 AM HS 815772 C:\WINDOWS\system32\ilnmp.ini ()
9/26/2006 4:17:38 PM HS 823173 C:\WINDOWS\system32\ilnmp.ini2 ()
9/27/2006 1:57:56 AM H 12288 C:\WINDOWS\system32\config\default.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\SAM.DFG.LOG ()
9/27/2006 1:58:16 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
9/27/2006 1:57:54 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\software.DFG.LOG ()
9/27/2006 1:59:00 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\system.DFG.LOG ()
9/27/2006 1:58:26 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
8/15/2006 1:31:46 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
9/16/2006 1:43:20 PM H 0 C:\WINDOWS\system32\dellog\9B4EEB9EE047A876A53342E52B473531B475D49F.qcx ()
9/9/2006 2:34:10 AM H 8628 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID ()
9/27/2006 1:56:38 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()
9/15/2006 7:27:12 PM HS 616448 C:\WINDOWS\Temp\2ad31c76.TMP ()
Checking for CPL files...
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
11/17/2004 5:09:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase =
http://www.kaspersky...can_unicode.cab{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase =
http://download.macr...director/sw.cab{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft....k/?linkid=39204{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase =
http://download.bitd...can8/oscan8.cab{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase =
http://update.micros...b?1136858992712{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase =
http://acs.pandasoft...free/asinst.cab{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase =
http://fpdownload.ma...ash/swflash.cab»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/28/2006 3:29:16 PM 1764 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
1/9/2006 9:57:36 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
9/26/2006 7:06:22 PM 737 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GhostSurf.lnk ()
1/10/2006 12:46:30 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
2/7/2006 10:47:28 PM 819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/9/2006 4:26:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
5/30/2006 10:30:48 PM 2917 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()
Checking files in %USERPROFILE%\Startup folder...
1/9/2006 9:57:36 PM HS 84 C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\desktop.ini ()
1/10/2006 12:58:32 AM 1712 C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\Dialog Tracker.lnk ()
Checking files in %USERPROFILE%\Application Data folder...
1/9/2006 4:26:58 PM HS 62 C:\Documents and Settings\1 - Dad\Application Data\desktop.ini ()
7/3/2006 4:53:16 PM 27576 C:\Documents and Settings\1 - Dad\Application Data\GDIPFONTCACHEV1.DAT ()
2/22/2006 3:46:58 AM 1024 C:\Documents and Settings\1 - Dad\Application Data\WavCodec.wff ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.microsoft...p...ER}&ar=home \\Search Bar -
http://us.rd.yahoo.c...rch/search.html \\Search Page -
http://us.rd.yahoo.c...//www.yahoo.com \\Default_Page_URL -
http://www.microsoft...p...&ar=msnhome \\Default_Search_URL -
http://us.rd.yahoo.c...//www.yahoo.com \\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.yahoo.com/ \\Search Bar -
http://www.google.com/ie \\Search Page -
http://www.google.com[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm \\SearchAssistant -
http://www.google.com/ie[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{45DCFD29-AFC0-4552-A9A3-30DF4A8B5369} - = C:\WINDOWS\system32\pmnli.dll ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{9527D42F-D666-11D3-B8DD-00600838CD5F} - IEWatchObj Class = C:\WINDOWS\system32\IETie.dll (Tenebril Incorporated)
\{955BE0B8-BC85-4CAF-856E-8E0D8B610560} - Encarta Web Companion Helper Object = C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)
\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - = C:\WINDOWS\system32\ebgjyaaj.dll ()
\{FE4D4731-6E88-4B21-BF5E-4BAA8FCFF7D7} - = C:\WINDOWS\system32\vtstt.dll ()
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion = C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\\{821F87FF-8245-4972-9E28-732E92EC2F51} - &VSToolBar = C:\Program Files\VSToolbar\VSToolBar.dll ()
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{821F87FF-8245-4972-9E28-732E92EC2F51} - &VSToolBar = C:\Program Files\VSToolbar\VSToolBar.dll ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8192 =
\\NEXTID - 8198
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 = Sun Java Console
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8196 = Uninstall BitDefender Online Scanner v8
\\{578FC4E3-151E-456c-AF8E-B63061EFE228} - 8197 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{578FC4E3-151E-456c-AF8E-B63061EFE228}} - MenuText: = ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\PROGRA~1\AIM\aim.exe (America Online, Inc.)
\{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - MenuText: = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - TMD Shell Extension = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)
\\{771A9DA0-731A-11CE-993C-00AA004ADB6C} - VBPropSheet = C:\Program Files\Trend Micro\Internet Security 2005\VBProp.dll (Trend Micro Incorporated.)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll ()
\\{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll ()
\\{CF74B903-3389-469c-B3B6-0204D204FCBD} - SnagIt Shell Extension = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = C:\Program Files\7-Zip\7-zip.dll ()
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ExplorerPlus Menu - {3A5C58F7-E421-4fcd-8DC2-F06B83E9E5AA} = C:\Program Files\Novatix\ExplorerPlus\NXShExt.dll (Novatix Corporation)
\Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (V Communications, Inc.)
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ExplorerPlus Menu - {3A5C58F7-E421-4fcd-8DC2-F06B83E9E5AA} = C:\Program Files\Novatix\ExplorerPlus\NXShExt.dll (Novatix Corporation)
\Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (V Communications, Inc.)
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Column Handler = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll ()
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
pccguide.exe - C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe (Trend Micro Incorporated.)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
SetIcon - C:\Program Files\Generic\Seticon.exe (Standard Microsystems Corp.)
CTHelper - C:\WINDOWS\SYSTEM32\CTHELPER.EXE (Creative Technology Ltd)
SBDrvDet - C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
UpdReg - C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
EPSON Stylus C84 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE (SEIKO EPSON CORPORATION)
gcasServ - C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
RCScheduleCheck - C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE (imagine LAN, Inc.)
Fix-It AV - C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe (V Communications, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
PhotoShow Deluxe Media Manager - C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GhostSurf.lnk - C:\Program Files\GhostSurf\GhostSurf.exe (Tenebril Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\Dialog Tracker.lnk - C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe (Novatix Corporation)
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{9EF34FF2-3396-4527-9D27-04C8C1C67806} - Microsoft.AntiSpyware.ShellExecuteHook.1 = C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
\\{a5780613-492e-4a2a-a7fd-549610edf6cc} - HookRC Class = C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL ()
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\pmnli - C:\WINDOWS\system32\pmnli.dll = ()
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{25F5E297-D75D-40DD-A7AD-F039263DF5E0} - (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4))
{8FDED572-E4A4-40E1-AFE0-980C8DCC3A67} - (1394 Net Adapter)
{E492CE81-8A31-443F-83A4-54EF3C8BBD68} - (1394 Net Adapter)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Attached also please find a jpg screenshot of the error I get when I try to post to this thread from my home computer.