Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need to have log checked


  • Please log in to reply
11 replies to this topic

#1 parrotplay

parrotplay

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 08 October 2005 - 08:19 PM

Hi...have copied my log to have someone look over. My system is really acting strange and do not know what could be the cause. Thank you for checking this out for me, very appreciated...parrotplay
Logfile of HijackThis v1.99.1
Scan saved at 6:11:49 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: Avast AntiVirus.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: http://www.pogo.com/home/home-pogop - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.pogo.com/home/home-pogop.jsp?si...7U0ICmb30QAAKDw. (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: http://www.pogo.com/home/home-pogop - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.pogo.com/home/home-pogop.jsp?si...7U0ICmb30QAAKDw. (file missing) (HKCU)
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/chec...s-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/vide...e-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.0.34/mahj...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.4.64/flin...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.3.4.64/popf...u-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.4.0.34/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.4.49/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.4.49/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.4.49/jumb...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.4.49/turb...1-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.49/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.5.21/whac...n-ob-assets.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39701819-D560-43BA-896B-68CA17DD209E}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:52 AM

Posted 15 October 2005 - 09:57 AM

Looks clean to me

#3 parrotplay

parrotplay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 15 October 2005 - 10:45 AM

Thanx so much, Lawrence!! I was not sure about that 023 Netropa that is listed. Am glad all is ok!! Now just need to figure out what could be causing the problems my system is having...any clues? Thanx so much! Leeann

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:52 AM

Posted 15 October 2005 - 11:02 AM

You do not really have much running to cause a slow down. You CAN disable this as its really not necessary, but it is not bad.

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe



Give me one of these:

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

#5 parrotplay

parrotplay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 16 October 2005 - 02:35 AM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
qoologic 10/15/2005 7:15:08 PM 202953 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...
UPX! 2/16/2005 11:06:16 AM 218112 C:\Program Files\HijackThis.exe
UPX! 10/14/2005 7:19:20 PM 9525920 C:\Program Files\setupeng.exe
UPX! 2/25/2005 9:47:26 AM 996359 C:\Program Files\stinger.exe

Checking %WinDir% folder...
aspack 2/10/2004 9:06:36 AM 194560 C:\WINDOWS\Club Pogo Badge Screen Saver #1.scr

Items found in C:\WINDOWS\hosts

PECompact2 10/12/2005 2:36:44 PM 16033311 C:\WINDOWS\lpt$vpn.889
qoologic 10/12/2005 2:36:44 PM 16033311 C:\WINDOWS\lpt$vpn.889
SAHAgent 10/12/2005 2:36:44 PM 16033311 C:\WINDOWS\lpt$vpn.889
aspack 9/12/2003 1:29:56 AM 132505600 C:\WINDOWS\MEMORY.DMP
PECompact2 10/12/2005 2:36:44 PM 16033311 C:\WINDOWS\VPTNFILE.889
qoologic 10/12/2005 2:36:44 PM 16033311 C:\WINDOWS\VPTNFILE.889
SAHAgent 10/12/2005 2:36:44 PM 16033311 C:\WINDOWS\VPTNFILE.889

Checking %System% folder...
UPX! 7/9/2005 2:03:06 AM 433152 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 8/18/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 12/15/2004 4:05:40 PM 875888 C:\WINDOWS\SYSTEM32\HyperLinker1.exe
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\lmhosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/15/2005 8:52:42 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
10/15/2005 2:13:40 AM H 31764 C:\WINDOWS\SYSTEM32\vsconfig.xml
10/12/2005 3:45:40 PM H 4212 C:\WINDOWS\SYSTEM32\zllictbl.dat
10/15/2005 8:52:34 PM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/15/2005 8:52:50 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/15/2005 8:52:44 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/15/2005 9:45:04 PM H 65536 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/15/2005 8:52:52 PM H 1146880 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
10/11/2005 9:08:16 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
10/15/2005 8:51:20 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 7/17/2002 7:54:10 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 8/4/2000 4:05:40 PM 24660 C:\WINDOWS\SYSTEM32\plugincpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
12/29/2002 1:14:38 AM 81920 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 7/17/2002 7:54:10 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
3/4/2003 6:57:56 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %ALLUSERSPROFILE%\Application Data folder...
3/4/2003 6:42:34 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
8/28/2005 5:03:44 PM 968 C:\Documents and Settings\LEEANN MILLER\Start Menu\Programs\Startup\Avast AntiVirus.lnk
11/15/2001 6:31:16 AM HS 84 C:\Documents and Settings\LEEANN MILLER\Start Menu\Programs\Startup\DESKTOP.INI
8/28/2005 5:11:06 PM 890 C:\Documents and Settings\LEEANN MILLER\Start Menu\Programs\Startup\maxmem.lnk
8/9/2005 10:21:00 PM 834 C:\Documents and Settings\LEEANN MILLER\Start Menu\Programs\Startup\sgmain.lnk

Checking files in %USERPROFILE%\Application Data folder...
4/15/2005 7:59:20 AM 865 C:\Documents and Settings\LEEANN MILLER\Application Data\AdobeDLM.log
11/15/2001 6:23:32 AM HS 62 C:\Documents and Settings\LEEANN MILLER\Application Data\DESKTOP.INI
4/15/2005 7:59:18 AM 0 C:\Documents and Settings\LEEANN MILLER\Application Data\dm.ini
7/30/2005 5:32:16 PM 79152 C:\Documents and Settings\LEEANN MILLER\Application Data\GDIPFONTCACHEV1.DAT

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
{79134E25-EDDA-0243-2F59-F835DCC1B55C} = Real Balm Byte : C:\PROGRA~1\Comp Bore\five dvd.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\Acrobat 7.0\Reader\reader_sl.exe
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\Acrobat 7.0\Reader\reader_sl.exe
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup
location Common Startup
command C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe -s
item Camio Viewer 2000
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup
location Common Startup
command C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe -s
item Camio Viewer 2000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup C:\WINDOWS\pss\SideACT!.lnkCommon Startup
location Common Startup
command C:\Program Files\Symantec\ACT\SideACT.exe /s
item SideACT!
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup C:\WINDOWS\pss\SideACT!.lnkCommon Startup
location Common Startup
command C:\Program Files\Symantec\ACT\SideACT.exe /s
item SideACT!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellTouch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MMKeybd
hkey HKLM
command C:\WINDOWS\MMKeybd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MMKeybd
hkey HKLM
command C:\WINDOWS\MMKeybd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eraser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item eraser
hkey HKCU
command C:\Program Files\Eraser\eraser.exe.exe -hide
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item eraser
hkey HKCU
command C:\Program Files\Eraser\eraser.exe.exe -hide
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeenValue
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KeenValue
hkey HKLM
command C:\Program Files\Common files\KeenValue\KeenValue.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KeenValue
hkey HKLM
command C:\Program Files\Common files\KeenValue\KeenValue.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKCU
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKCU
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyStartUp10.0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Activation
hkey HKLM
command "C:\Program Files\Microsoft Money\System\Activation.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Activation
hkey HKLM
command "C:\Program Files\Microsoft Money\System\Activation.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mwsoemon
hkey HKLM
command C:\PROGRA~1\MyWay\bar\d.bin\mwsoemon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mwsoemon
hkey HKLM
command C:\PROGRA~1\MyWay\bar\d.bin\mwsoemon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PPCRunonce
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPCRunOnce
hkey HKLM
command C:\WINDOWS\System32\PPCRunOnce.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPCRunOnce
hkey HKLM
command C:\WINDOWS\System32\PPCRunOnce.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TCASUTIEXE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TCAUDIAG -off
hkey HKLM
command TCAUDIAG -off
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TCAUDIAG -off
hkey HKLM
command TCAUDIAG -off
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
NoBackButton 0
NoFileMru 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun
NoDrives 
NoDriveAutoRun 
NoRecentDocsMenu 
ClearRecentDocsOnExit 
NoWinKeys 
NoRecentDocsNetHood 
NoComputersNearMe 
NoNetworkConnections 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/15/2005 10:55:35 PM

HI LAWRENCE!! HERE IS THE WINPFIND SCAN RESULTS, THAT YOU ASKED ME TO POST. I NOTICED IN HKEY_LOCAL_MACHINE THINGS THAT I DO NOT HAVE, THE CAMIO VIEWER, IF I KNEW WHAT THAT WAS COULD TELL YOU LOL, NO LONGER HAVE "ACT" OR "SIDE ACT" HAVE NO SYMNATEC I THOUGHT, I DO NOT HAVE THE "DELL TOUCH KEYBOARD" AND CANNOT GET THE MICROSOFT WIRELESS KEYBOARD TO SHOW IN THE DEVICE MANAGER, STILL SHOWS THE DELL KEYBOARD, CAN DELETE BUT IT RETURNS! IT WORKS, JUST SAYS ITS THE DELL QUIET TOUCH, NOT THE MICROSOFT KEYBOARD. I DO NOT HAVE "ERASER" ANY LONGER, THAT I KNEW ABOUT THAT IS...THEN I SAW "KEENVALUE", "MY WEBSEARCH" AND "MYWAY BAR". I REMEMBER THESE LAST ITEMS BEING BAD FOR ONES COMPUTER...WHY ALL THE TOOLS I USE AT LEAST WEEKLY, LET THEM THROUGH OR DID NOT DETECT THEM, HAVE NO CLUE WHY THE SCANS AND TOOLDS FOR SPYWARE, MALWARE. VIRUSES, ETC...DID NOT DETECT.
RE: THE 023 NETROPA IN HIJACK THIS...IT WILL NOT DELETE FROM THAT...IS THE PROBLEM I THINK.. I ALSO HAVE CONCERNS FOR THE FOLLOWING FILES THAT WOULD NOT DELETE, ARE IN C:/PROGRAM FILES: CHINBIRD, COMP BORE AND DUKE. HAVE SCANNED THEM, NOTHING IS WRONG WITH THEM GUESS WOULD LIKE TO KNOW WHAT THEY ARE.
MY FAVORITES...STILL HAVE NO FILES OPENING IN "ORGANIZE" ...LAST I HAVE ALOT OF BOXES WITH RED "X" IN THEM WHEN I AM ONLINE, WHEN I GO TO SITES...INSTEAD OF PICS ON THE SITE OPENING, GET THE X IN A BOX INSTEAD, RIGHT CLICKING, SHOW PICTURE NORMALLY OPENS THAT BOX...JUST NOT IN "ORGANIZE FAVORITES" NOTHING OPENS WHERE FILES AND URLS SHOULD BE.
WOULD A REPAIR OF IE6 BE NECESSARY, ALSO WOULD A REPAIR REINSTALL OF XP DO ANY GOOD AT ALL REGARDING THESE..OTHER ISSUES? THE DESKTOP TAKES FROM 4-5 MINUTES TO OPEN, WAS SO QUICK, UNTIL I LOADED "AVAST" ANTIVIRUS. AND...THE MMC CRASHED AS WELL AS THE POSTMORTEM DEBUGGER, WHEN CHECKING NETROPA.
AM I DOOMED ?? LOL THANX...SORRY FOR LENGTH...WANTED TO BE AS THOROUGH AS POSSIBLE.
SO VERY APPRECIATED...WHEN YOU HAVE THE TIME...THANX AGAIN...LEEANN/PARROTPLAY

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:52 AM

Posted 16 October 2005 - 09:47 AM

No IE6 is fine. Those values you are seeing for keen etc are disabled in msconfig. Lets get rid of them.

I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot.

Now please create a new Hijackthis Log and post it as a reply.

#7 parrotplay

parrotplay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 24 October 2005 - 12:16 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:06:06 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\d.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [KeenValue] C:\Program Files\Common files\KeenValue\KeenValue.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe.exe -hide
O4 - Startup: Avast AntiVirus.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: http://www.pogo.com/home/home-pogop - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.pogo.com/home/home-pogop.jsp?si...7U0ICmb30QAAKDw. (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: http://www.pogo.com/home/home-pogop - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.pogo.com/home/home-pogop.jsp?si...7U0ICmb30QAAKDw. (file missing) (HKCU)
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.0.34/mahj...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.4.0.34/mlsl...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.4.64/flin...r-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.0.41/squa...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.4.0.34/stax...x-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.4.49/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.4.49/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.4.49/jumb...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.4.49/turb...1-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.49/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.48/whac...n-ob-assets.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39701819-D560-43BA-896B-68CA17DD209E}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

:thumbsup: Hi Lawrence...did as you advised and above is the new HJT log. Thanx again! I need to know where I would ask a question regarding repeated errors in the event viewer, Security errors, something about IPSEC, running some monitor? I could not find anything on this and want to post in the appropriate area here...thanx....for all your help! Lee/parrotplay

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:52 AM

Posted 24 October 2005 - 10:03 AM

Lee, post your ipsec question in the networking area and either I or someone else will try to help you there.

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

Keen
Myway

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\d.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KeenValue] C:\Program Files\Common files\KeenValue\KeenValue.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\PROGRAM FILES\MyWay\
C:\Program Files\Common files\KeenValue\

Reboot your computer to go back to normal mode and post a new log.

#9 parrotplay

parrotplay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 24 October 2005 - 07:37 PM

Am working on this, thank you...have one question regarding the last step, In Safe Mode, delete following Files or Directories...where should I be to try to find these items, where and how to delete them properly. Thank you..Leeann

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:52 AM

Posted 25 October 2005 - 12:26 PM

Open up my computer and navigate to the various file locations and then right click on them and select delete. Once they are all deleted, empty your recycle bin,

#11 parrotplay

parrotplay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 27 October 2005 - 09:56 AM

:thumbsup: Hi again...here is the HJK log after those items were deleted. Now, what do I do about the other things that have popped up in here- 04 HKLM\Run: [TCASUT.EXE];[REAL TRAY];[MONEY START UP 10.0]; [HOT KEYS CMDS]; [DELL TOUCH]...HKCU...[ERASER], then 04 GLOBAL STARTUP- Camio Viewer, Microsoft Office.lnc-Side Act.lnk.
Also, nothing about KeenValue or MyWay in Program Files, but I do have some files that I feel are not right, have scanned them, nothing. They are: Chin Bird (some icon and says"size poll new.exe); Comp Bore (says "Five Dvd.dll" nothing opens, app extension? but says 189kb; File Submit (gardian gargoyles) this file will not delete and during one scan some time ago, had pointed to this being some sort of trojan, but nothing is finding anything on these..PSS-has "my web search" items there. whew!!
Heres that list now that I have attempted to give you a rundown on this issue...thanx again, Leeann:

Logfile of HijackThis v1.99.1
Scan saved at 7:39:15 AM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/index.html
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe.exe -hide
O4 - Startup: Avast AntiVirus.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: http://www.pogo.com/home/home-pogop - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.pogo.com/home/home-pogop.jsp?si...7U0ICmb30QAAKDw. (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: http://www.pogo.com/home/home-pogop - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - http://www.pogo.com/home/home-pogop.jsp?si...7U0ICmb30QAAKDw. (file missing) (HKCU)
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.0.48/cana...a-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.4.1.46/chec...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.1.46/supe...o-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.3.4.49/gin/gin-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.0.34/mahj...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.4.0.34/mlsl...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.4.64/flin...r-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squa...s-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.4.0.34/stax...x-ob-assets.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.1.46/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.4.49/swee...h-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.4.49/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.4.49/jumb...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.4.49/turb...1-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.1.46/word...2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.4.0.48/whac...n-ob-assets.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39701819-D560-43BA-896B-68CA17DD209E}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:52 AM

Posted 27 October 2005 - 11:11 AM

Looks good to me!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users