# I can't figure out what's wrong....



## Karrie.TX (Oct 6, 2005)

I have no idea what's wrong with my computer, but it won't even start up normally. Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:22:26 AM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINDOWS\system32\setoolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127183225093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37360.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://www.charter.net/files/charter/securitysuite/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)


----------



## Karrie.TX (Oct 6, 2005)

Incident Status Location

Adware:adware/sahagent Not disinfected Windows Registry 
Adware:Adware/InstDollars Not disinfected C:\!Submit\first.awp 
Adware:Adware/InstDollars Not disinfected C:\!Submit\mprocessor.exe 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\aSUNSHINE\Cookies\[email protected][2].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt 
Adware:Adware/InstDollars Not disinfected C:\Program Files\Windows Media Player\mprocessor.exe^ 
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00306240.TXT 
Spyware:Cookie/Ccbill  Not disinfected C:\RECYCLER\NPROTECT\00306241.TXT 
Virus:Trj/Downloader.DAE Not disinfected C:\RECYCLER\S-1-5-21-2836612162-2111899814-2294053649-1007\Dc1\arcade-3[1].6.exe[arc7.exe][msdcdev.exe] 
Adware:Adware/MediaBack Not disinfected C:\RECYCLER\S-1-5-21-2836612162-2111899814-2294053649-1007\Dc1\arcade-3[1].6.exe[arc7.exe][dhtmcore.dll] 
Virus:Trj/Clicker.PP Not disinfected C:\RECYCLER\S-1-5-21-2836612162-2111899814-2294053649-1007\Dc1\arcade-3[1].6.exe[arc7.exe][umetpic.exe]


----------



## valis (Sep 24, 2004)

wait for an expert to parse your log. They are identified by the gold shield next to their name. Something seems funky in there. 

What, precisely, is your computer doing oddly?


----------



## Karrie.TX (Oct 6, 2005)

Well, it's doing a lot of "odd" things. It makes a loud, grinding noise when starting up, it loads the same program over and over, I can't get into windows security center to turn on the firewall, and I can't get in to system restore.


----------



## valis (Sep 24, 2004)

Karrie.TX said:


> it loads the same program over and over


what program?


----------



## Karrie.TX (Oct 6, 2005)

It just depends on what is loaded or opened first after start up. At first it was MSN Messenger, so I thought that was the problem and uninstalled it, but then after re-boot, it was another program that kept opening up. Solitaire even opened up repeatedly. It's not one specific program.


----------



## Karrie.TX (Oct 6, 2005)

I just thought of something. On 10/07/06, Norton found and removed TROJAN.WIMAD and it seems like since then, my computer has been messing up even more. Is it possible it didn't remove it all the the way?


----------



## valis (Sep 24, 2004)

well, generally those things will hide themselves and respawn once removed. That's why you need to have an expert parse your log. Just be patient, and one should be by shortly. If none by tomorrow, type 'bump' in the reply box to move yourself to the top of the list again. If that doesn't work, I'll either track one down for you or start parsing it myself. I'm not an expert, but studying to be.


----------



## Karrie.TX (Oct 6, 2005)

I'll be patient! And thanks very much


----------



## Karrie.TX (Oct 6, 2005)

Bump


----------



## valis (Sep 24, 2004)

we'll give it another day then I'll take a crack at it.....


----------



## Karrie.TX (Oct 6, 2005)

Thanks, I really appreciate it!


----------



## valis (Sep 24, 2004)

oaky, try this:

Please go *HERE* to run Panda's ActiveScan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report
, plus a new hjt log.


----------



## Karrie.TX (Oct 6, 2005)

Ok, here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:01:19 PM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\sol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINDOWS\system32\setoolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.charter.com/diskless/bin/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127183225093
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37360.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://www.charter.net/files/charter/securitysuite/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - 
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

And here's the Panda scan report:

Incident Status Location

Adware:adware/sahagent Not disinfected Windows Registry 
Adware:Adware/InstDollars Not disinfected C:\!Submit\first.awp 
Adware:Adware/InstDollars Not disinfected C:\!Submit\mprocessor.exe 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\aSUNSHINE\Cookies\[email protected][2].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt  
Adware:Adware/InstDollars Not disinfected C:\Program Files\Windows Media Player\mprocessor.exe^ 
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00306240.TXT 
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\NPROTECT\00306241.TXT 
Virus:Trj/Downloader.DAE Not disinfected C:\RECYCLER\S-1-5-21-2836612162-2111899814-2294053649-1007\Dc1\arcade-3[1].6.exe[arc7.exe][msdcdev.exe] 
Adware:Adware/MediaBack Not disinfected C:\RECYCLER\S-1-5-21-2836612162-2111899814-2294053649-1007\Dc1\arcade-3[1].6.exe[arc7.exe][dhtmcore.dll] 
Virus:Trj/Clicker.PP Not disinfected C:\RECYCLER\S-1-5-21-2836612162-2111899814-2294053649-1007\Dc1\arcade-3[1].6.exe[arc7.exe][umetpic.exe]


----------



## valis (Sep 24, 2004)

Please download *ATF Cleaner* by Atribune.
*This program is for XP and Windows 2000 only*

Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

then post a new hjt.....


----------



## Cookiegal (Aug 27, 2003)

Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by double clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG will now begin the scanning process. Please be patient as this may take a little time.
*Once the scan is complete, do the following:*
If you have any infections you will be prompted. Then select "*Apply all actions.*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Download *WinPFind.exe* to your desktop and double click on it to extract the files. This will create a folder named *WinPFind* on your desktop.

*Start in Safe Mode Using the F8 method:*


Restart the computer.
As soon as the BIOS is loaded begin tapping the *F8* key until the boot menu appears.
Use the arrow keys to select the *Safe Mode* menu item.
Press the *Enter* key.

Double click on the WinPFind folder on your desktop to open it and then double click on the *WinPFind.exe* file to start the program.


Click Configure scan options
Under Run AdOns select the following:
Policies.def
Security.def

Click apply
Click "*Start Scan*"
*It will scan the entire System, so please be patient and let it complete.*

When the scan is complete reboot normally and post the *WinPFind.txt* file (located in the WinPFind folder) back here along with the log from the AVG Anti-Spyware scan.


----------



## valis (Sep 24, 2004)

THANK YOU, cookie.....thankyouthankyouthankyouthankyou; I know roughly what to do, but I don't want to do anything without an experts okay....so the simple things get done.


Karrie, I'm switching off now, and let one of the experts assist you.

v


----------



## Cookiegal (Aug 27, 2003)

Hi Tim


----------



## Karrie.TX (Oct 6, 2005)

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	9:09:54 PM 10/23/2006

+ Scan result:	



C:\WINDOWS\system32\Bewitched.SCR -> Trojan.NSAnti.A : Cleaned with backup (quarantined).


::Report end


----------



## Karrie.TX (Oct 6, 2005)

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/24/2006 3:51:35 PM
WinPFind v1.5.0	Folder = C:\Documents and Settings\aSUNSHINE\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 2/16/2005 11:06:00 AM 218112 C:\Program Files\HijackThis.exe (Soeperman Enterprises Ltd.)

Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe ()
PEC2 5/25/2002 5:28:42 PM 365056 C:\WINDOWS\Dotest.exe (Sonbry Marketing International 813-661-4530 Contact John Bryson)
aspack 11/10/2004 8:24:04 PM 545280 C:\WINDOWS\flashax.exe (Microsoft Corporation)
PECompact2 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\lpt$vpn.689 ()
qoologic 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\lpt$vpn.689 ()
SAHAgent 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\lpt$vpn.689 ()
PEC2 5/19/2001 5:08:44 PM 6656 C:\WINDOWS\pcboot.exe (Sonbry)
aspack 7/18/2004 2:56:32 PM 477948 C:\WINDOWS\raindrops.scr (Axialis Software)
PEC2 3/15/2003 10:46:14 PM 168448 C:\WINDOWS\realtime.exe (Dell)
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll ()
UPX! 8/26/2006 9:03:16 PM 176709 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\VPTNFILE.689 ()
qoologic 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\VPTNFILE.689 ()
SAHAgent 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\VPTNFILE.689 ()
UPX! 8/26/2006 9:04:58 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 8/26/2006 9:04:58 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)

Checking %System% folder...
WSUD 9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
SAHAgent 2/28/2003 11:26:36 AM 69027 C:\WINDOWS\SYSTEM32\clsid.log ()
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 6/24/2005 6:04:36 PM 161280 C:\WINDOWS\SYSTEM32\fmod.dll (Firelight Technologies Pty, Ltd)
PTech 8/20/2004 4:56:24 PM 59914 C:\WINDOWS\SYSTEM32\igfxhcsy.lhp ()
PTech 8/7/2006 9:50:22 AM 1484592 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
UPX! 10/11/2005 6:09:36 PM 11254 C:\WINDOWS\SYSTEM32\locate.com ()
PECompact2 10/4/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/4/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
qoologic 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
aspack 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
SAHAgent 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
winsync 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/24/2006 3:45:36 PM S 2048 C:\WINDOWS\bootstat.dat ()
10/22/2006 10:32:30 AM H 54156 C:\WINDOWS\QTFont.qfn ()
10/12/2006 6:51:12 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
10/12/2006 6:51:18 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
10/5/2006 9:38:02 AM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
9/13/2006 12:23:54 AM S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat ()
9/4/2006 1:38:52 AM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat ()
9/18/2006 9:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
10/24/2006 3:45:24 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
10/24/2006 3:45:58 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/24/2006 3:45:38 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/24/2006 3:46:18 PM H 65536 C:\WINDOWS\system32\config\software.LOG ()
10/24/2006 3:44:36 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
10/20/2006 7:09:02 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
9/27/2006 6:45:52 PM S 70226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 ()
9/27/2006 6:45:52 PM S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 ()
10/3/2006 2:10:36 AM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
9/6/2006 10:28:40 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0d51d8a3-4b8a-4ecb-aff3-41bffb99b9e7 ()
9/6/2006 10:28:40 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/24/2006 3:44:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/20/2004 4:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/16/2004 7:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
3/4/2005 4:36:44 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/19/2003 4:56:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/14/2005 12:31:08 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208  C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
4/7/2003 9:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\igfxcpl.cpl (Intel Corporation)

Checking for Downloaded Program Files...
{01113300-3E00-11D2-8470-0060089874ED} - Support.com Configuration Class - CodeBase = https://install.charter.com/diskless/bin/tgctlcm.cab
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - HouseCall Control - CodeBase = http://housecall60.trendmicro.com/housecall/xscan60.cab
{05D44720-58E3-49E6-BDF6-D00330E511D3} - StagingUI Object - CodeBase = http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?LinkID=39204
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewido.net/ewidoOnlineScan.cab
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - MSSecurityAdvisor Class - CodeBase = http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1090772328093
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - VerifyGMN Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - - CodeBase = http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} - Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab
{37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - - CodeBase = http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} - ZoneBuddy Class - CodeBase = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
{49232000-16E4-426C-A231-62846947304B} - - CodeBase = http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4B48D5DF-9021-45F7-A240-60304302A215} - Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
{5736C456-EA94-4AAC-BB08-917ABDD035B3} - ZonePAChat Object - CodeBase = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
{6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - - CodeBase = http://mediaplayer.walmart.com/installer/install.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127183225093
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} - HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
{7F8C8173-AD80-4807-AA75-5672F22B4582} - ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37360.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{94EB57FE-2720-496C-B33F-D9353C6E23F7} - F-Secure Online Scanner 2.1 - CodeBase = http://www.charter.net/files/charter/securitysuite/fscax.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} - ZPA_TexasHoldem Object - CodeBase = http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38153.0175
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
{BDEE1959-AB6B-4745-A29B-F492861102CC} - - CodeBase = 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{D1ACD2D8-7312-4D06-BECD-90EB094D2277} - - CodeBase = http://mediaplayer.walmart.com/installer/install.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - TikGames Online Control - CodeBase = http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - StadiumProxy Class - CodeBase = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - - CodeBase = http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
{F54C1137-5E34-4B95-95A5-BA56D4D8D743} - Secure Delivery - CodeBase = http://www.gamespot.com/KDX/kdx.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


----------



## Karrie.TX (Oct 6, 2005)

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/10/2003 9:32:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/10/2003 2:26:14 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
10/10/2003 11:30:42 PM 1236 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
8/28/2006 7:56:52 PM 1745 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
10/10/2003 9:32:08 PM HS 84 C:\Documents and Settings\aSUNSHINE\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
10/10/2003 2:26:14 PM HS 62 C:\Documents and Settings\aSUNSHINE\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
\\Search Page - http://www.msn.com/access/allinone.asp
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
\{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp view = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View = c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
\\{691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - SE-Toolbar = C:\WINDOWS\system32\setoolbar.dll (Klemens Schmid)
\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View = c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View = c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - = ()
\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = 
\\NEXTID - 8201
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8193 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8194 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = 
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8196 = Uninstall BitDefender Online Scanner v8
\\{F4430FE8-2638-42e5-B849-800749B94EED} - 8198 = 
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8199 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8200 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{19CC43A1-6925-4B48-B292-830291F393A6} - HPNSView = c:\Program Files\HP\Digital Imaging\bin\hpdns_01.dll ()
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = c:\Program Files\RecordNow!\shlext.dll (Sonic Solutions)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\System32\ShellvRTF.dll (XSS)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{AB77609F-2178-4E6F-9C4B-44AC179D937A} - a² Context Menu Shell Extension = ()
\\{336B02CE-F88A-4aea-8731-79EF94D3723A} - Free AOL & Unlimited Internet.lnk = C:\WINDOWS\aod\aodshext.dll ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
WinPatrol - C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe (BillP Studios)
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\aSUNSHINE\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Fax	3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk
backup	C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location	Common Startup
item	America Online 9.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
backup	C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe 
item	HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PopSubtract.lnk
backup	C:\WINDOWS\pss\PopSubtract.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\INTERM~1\POPSUB~1\PopSub.exe 
item	PopSubtract

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk
backup	C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\Quicken\bagent.exe 
item	Quicken Scheduled Updates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk
backup	C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\UPDATE~1\137903\Program\BACKWE~1.EXE -startup
item	Updates from HP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^aSUNSHINE^Start Menu^Programs^Startup^spamsubtract.lnk
backup	C:\WINDOWS\pss\spamsubtract.lnkStartup
location	Startup
command	C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe -q
item	spamsubtract

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acme.PCHButton
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	pchbutton
hkey	HKCU
command	C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLCC
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ACCAgnt
hkey	HKCU
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupNotify
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	backupnotify
hkey	HKCU
command	c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cBl1s
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	cBl1s
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	gcasServ
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	hkcmd
hkey	HKLM
command	C:\WINDOWS\system32\hkcmd.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	mmtask
hkey	HKLM
command	"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	msnmsgr
hkey	HKCU
command	"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Notn
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	dnx?
hkey	HKCU
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	qttask
hkey	HKLM
command	"C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	RealPlay
hkey	HKLM
command	C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	realsched
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VhQXqi
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	VhQXqi
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	gnotify
hkey	HKLM
command	C:\Program Files\Google\Gmail Notifier\gnotify.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini	0
win.ini	0
bootini	0
services	2
startup	2

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\Userinit.exe
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\RegCompact - RegCompact.dll = (AMUST Software)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = ()

>>> DNS Name Servers <<<
{0689CEC2-8D77-4684-9520-B9193268E020} - ()
{5D34E2A0-10F6-4649-8768-7D1981EE7EB8} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{A659F760-2AE4-4863-B0B8-1F3ECEA79C56} - (Motorola SURFboard SB5100 USB Cable Modem)
{FE1F3FF2-5F89-4FD5-9AF8-DC013FB4C733} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoCDBurning - 0
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption - 
policies\system\\legalnoticetext - 
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 1
Security Center\\FirewallDisableNotify - 1
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 2
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup - 
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup - 
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 59120
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
Key not found
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A659F760-2AE4-4863-B0B8-1F3ECEA79C56} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E73C3CF8-D927-4ED8-B532-20857E47DFAF} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1


----------



## Karrie.TX (Oct 6, 2005)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a FixKarrie.zip file to this post. Save it to your desktop. Unzip it and double click the FixKarrie.reg file and allow it to enter into the registry.


Reboot and post a new WinpFind log please.


----------



## Karrie.TX (Oct 6, 2005)

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/25/2006 8:14:55 AM
WinPFind v1.5.0	Folder = C:\Documents and Settings\aSUNSHINE\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 2/16/2005 11:06:00 AM 218112 C:\Program Files\HijackThis.exe (Soeperman Enterprises Ltd.)

Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe ()
PEC2 5/25/2002 5:28:42 PM 365056 C:\WINDOWS\Dotest.exe (Sonbry Marketing International 813-661-4530 Contact John Bryson)
aspack 11/10/2004 8:24:04 PM 545280 C:\WINDOWS\flashax.exe (Microsoft Corporation)
PECompact2 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\lpt$vpn.689 ()
qoologic 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\lpt$vpn.689 ()
SAHAgent 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\lpt$vpn.689 ()
PEC2 5/19/2001 5:08:44 PM 6656 C:\WINDOWS\pcboot.exe (Sonbry)
aspack 7/18/2004 2:56:32 PM 477948 C:\WINDOWS\raindrops.scr (Axialis Software)
PEC2 3/15/2003 10:46:14 PM 168448 C:\WINDOWS\realtime.exe (Dell)
UPX! 5/3/2005 11:44:44 AM  25157 C:\WINDOWS\RMAgentOutput.dll ()
UPX! 8/26/2006 9:03:16 PM 176709 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\VPTNFILE.689 ()
qoologic 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\VPTNFILE.689 ()
SAHAgent 8/26/2006 9:04:54 PM 24575145 C:\WINDOWS\VPTNFILE.689 ()
UPX! 8/26/2006 9:04:58 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 8/26/2006 9:04:58 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)

Checking %System% folder...
WSUD 9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
SAHAgent 2/28/2003 11:26:36 AM 69027 C:\WINDOWS\SYSTEM32\clsid.log ()
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 6/24/2005 6:04:36 PM 161280 C:\WINDOWS\SYSTEM32\fmod.dll (Firelight Technologies Pty, Ltd)
PTech 8/20/2004 4:56:24 PM 59914 C:\WINDOWS\SYSTEM32\igfxhcsy.lhp ()
PTech 8/7/2006 9:50:22 AM 1484592 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
UPX! 10/11/2005 6:09:36 PM 11254 C:\WINDOWS\SYSTEM32\locate.com ()
PECompact2 10/4/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/4/2006 1:03:46 PM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
qoologic 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
aspack 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
SAHAgent 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
winsync 3/29/2005 1:17:50 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/25/2006 8:03:32 AM S 2048 C:\WINDOWS\bootstat.dat ()
10/22/2006 10:32:30 AM H 54156 C:\WINDOWS\QTFont.qfn ()
10/12/2006 6:51:12 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
10/12/2006 6:51:18 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
10/5/2006 9:38:02 AM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
9/13/2006 12:23:54 AM S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat ()
9/4/2006 1:38:52 AM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat ()
9/18/2006 9:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
10/25/2006 8:10:02 AM H 1024 C:\WINDOWS\system32\config\default.LOG ()
10/25/2006 8:03:42 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/25/2006 8:04:42 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/25/2006 8:20:20 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
10/25/2006 8:09:20 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
10/20/2006 7:09:02 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
9/27/2006 6:45:52 PM S 70226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 ()
9/27/2006 6:45:52 PM S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 ()
10/3/2006 2:10:36 AM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
9/6/2006 10:28:40 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0d51d8a3-4b8a-4ecb-aff3-41bffb99b9e7 ()
9/6/2006 10:28:40 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/25/2006 8:03:56 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/20/2004 4:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/16/2004 7:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
3/4/2005 4:36:44 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/19/2003 4:56:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
3/14/2005 12:31:08 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
4/7/2003 9:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\igfxcpl.cpl (Intel Corporation)

Checking for Downloaded Program Files...
{01113300-3E00-11D2-8470-0060089874ED} - Support.com Configuration Class - CodeBase = https://install.charter.com/diskless/bin/tgctlcm.cab
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - HouseCall Control - CodeBase = http://housecall60.trendmicro.com/housecall/xscan60.cab
{05D44720-58E3-49E6-BDF6-D00330E511D3} - StagingUI Object - CodeBase = http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?LinkID=39204
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewido.net/ewidoOnlineScan.cab
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - MSSecurityAdvisor Class - CodeBase = http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1090772328093
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - VerifyGMN Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - - CodeBase = http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} - Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab
{37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - - CodeBase = http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} - ZoneBuddy Class - CodeBase = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
{49232000-16E4-426C-A231-62846947304B} - - CodeBase = http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4B48D5DF-9021-45F7-A240-60304302A215} - Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
{5736C456-EA94-4AAC-BB08-917ABDD035B3} - ZonePAChat Object - CodeBase = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
{6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - - CodeBase = http://mediaplayer.walmart.com/installer/install.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127183225093
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} - HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
{7F8C8173-AD80-4807-AA75-5672F22B4582} - ICSScanner Class - CodeBase = http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37360.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{94EB57FE-2720-496C-B33F-D9353C6E23F7} - F-Secure Online Scanner 2.1 - CodeBase = http://www.charter.net/files/charter/securitysuite/fscax.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{9BDF4724-10AA-43D5-BD15-AEA0D2287303} - ZPA_TexasHoldem Object - CodeBase = http://zone.msn.com/bingame/zpagames/zpa_txhe.cab43895.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38153.0175
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
{BDEE1959-AB6B-4745-A29B-F492861102CC} - - CodeBase = 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
{D1ACD2D8-7312-4D06-BECD-90EB094D2277} - - CodeBase = http://mediaplayer.walmart.com/installer/install.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - TikGames Online Control - CodeBase = http://aolsvc.aol.com/onlinegames/shapo/shapo.cab
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - StadiumProxy Class - CodeBase = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - - CodeBase = http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
{F54C1137-5E34-4B95-95A5-BA56D4D8D743} - Secure Delivery - CodeBase = http://www.gamespot.com/KDX/kdx.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»


----------



## Karrie.TX (Oct 6, 2005)

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
\\Search Page - http://www.msn.com/access/allinone.asp
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
\{65D886A2-7CA7-479B-BB95-14D1EFB7946A} - YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp view = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View = c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
\\{691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - SE-Toolbar = C:\WINDOWS\system32\setoolbar.dll (Klemens Schmid)
\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View = c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View = c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - = ()
\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = 
\\NEXTID - 8201
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8193 = 
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8194 = 
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = 
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8196 = Uninstall BitDefender Online Scanner v8
\\{F4430FE8-2638-42e5-B849-800749B94EED} - 8198 = 
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8199 = 
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8200 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{19CC43A1-6925-4B48-B292-830291F393A6} - HPNSView = c:\Program Files\HP\Digital Imaging\bin\hpdns_01.dll ()
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = c:\Program Files\RecordNow!\shlext.dll (Sonic Solutions)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\System32\ShellvRTF.dll (XSS)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{AB77609F-2178-4E6F-9C4B-44AC179D937A} - a² Context Menu Shell Extension = ()
\\{336B02CE-F88A-4aea-8731-79EF94D3723A} - Free AOL & Unlimited Internet.lnk = C:\WINDOWS\aod\aodshext.dll ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
WinPatrol - C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe (BillP Studios)
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\aSUNSHINE\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Fax	3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk
backup	C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location	Common Startup
item	America Online 9.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk
backup	C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe 
item	HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PopSubtract.lnk
backup	C:\WINDOWS\pss\PopSubtract.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\INTERM~1\POPSUB~1\PopSub.exe 
item	PopSubtract

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk
backup	C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\Quicken\bagent.exe 
item	Quicken Scheduled Updates

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk
backup	C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
location	Common Startup
command	C:\PROGRA~1\UPDATE~1\137903


----------



## Karrie.TX (Oct 6, 2005)

\Program\BACKWE~1.EXE -startup
item	Updates from HP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^aSUNSHINE^Start Menu^Programs^Startup^spamsubtract.lnk
backup	C:\WINDOWS\pss\spamsubtract.lnkStartup
location	Startup
command	C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe -q
item	spamsubtract

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acme.PCHButton
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	pchbutton
hkey	HKCU
command	C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLCC
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ACCAgnt
hkey	HKCU
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupNotify
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	backupnotify
hkey	HKCU
command	c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cBl1s
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	cBl1s
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	gcasServ
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	hkcmd
hkey	HKLM
command	C:\WINDOWS\system32\hkcmd.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	mmtask
hkey	HKLM
command	"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	msnmsgr
hkey	HKCU
command	"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	qttask
hkey	HKLM
command	"C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	RealPlay
hkey	HKLM
command	C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	realsched
hkey	HKLM
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	gnotify
hkey	HKLM
command	C:\Program Files\Google\Gmail Notifier\gnotify.exe
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini	0
win.ini	0
bootini	0
services	2
startup	2

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\Userinit.exe
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\igfxcui - igfxsrvc.dll = (Intel Corporation)
\RegCompact - RegCompact.dll = (AMUST Software)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = ()

>>> DNS Name Servers <<<
{0689CEC2-8D77-4684-9520-B9193268E020} - ()
{5D34E2A0-10F6-4649-8768-7D1981EE7EB8} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{A659F760-2AE4-4863-B0B8-1F3ECEA79C56} - (Motorola SURFboard SB5100 USB Cable Modem)
{FE1F3FF2-5F89-4FD5-9AF8-DC013FB4C733} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


----------



## Cookiegal (Aug 27, 2003)

How are things running now?


----------



## Karrie.TX (Oct 6, 2005)

Things are still loading repeatedly on start up and I still can't open task manager with ctrl, alt & delete. And I still can't open windows firewall. Thank you very much for the help.


----------



## Cookiegal (Aug 27, 2003)

Go *here* to download AlcanShorty_en.exe and save it to your desktop.

Double click the *alcanShorty.exe* file and follow prompts. 
It will make a folder on desktop called *Alcan Shorty*
Open the Alcan Shorty folder & double click the *run.bat* file to run it.
This will download a file called BFU.exe and a BFU script. 
If your firewall asks for permission to connect to the Internet you must allow it.
A message box will pop up saying "complete". 
Be patient and wait for the message box to appear as it may take some time.
Press OK then BFU.exe will open. 
Select the option to "Show log after script ends"
Execute the script by clicking the *Execute* button.
Note that you should see a progress bar while the script is being executed.
When the script has finished press "copy" and that will make a copy of the report in your clipboard. 
Paste the log into Notepad and save it to your desktop to post back here later.
*Note*: If you have any questions about the use of BFU please read *here*.

Go to the following link and download the sharedaccess.reg file and save it to your desktop:

http://windowsxp.mvps.org/reg/sharedaccess.reg

Then double-click the file to merge the contents to the registry. The Services entry will be created. Restart Windows

After restarting Windows, click Start  Run and type in cmd.exe. At the command prompt type the following, being careful to include the spaces:

NETSH FIREWALL RESET

Launch the firewall applet from Control Panel, and then configure your Windows Firewall settings.

Reboot and let me know if there's any improvement and if the firewall is restored please.


----------



## Karrie.TX (Oct 6, 2005)

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 3:25:02 PM, on 10/26/2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\ASUNSH~1\LOCALS~1\Temp\~DFFDF1.tmp (operation failed)
Failed: FolderDelete C:\Documents and Settings\aSUNSHINE\Local Settings\Temporary Internet Files\Content.IE5\8DY3OL6F (operation failed)
Failed: FolderDelete C:\Documents and Settings\aSUNSHINE\Local Settings\Temporary Internet Files\Content.IE5\9SHKLFMA (operation failed)
Failed: FolderDelete C:\Documents and Settings\aSUNSHINE\Local Settings\Temporary Internet Files\Content.IE5\UM84YNGO (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.


----------



## Karrie.TX (Oct 6, 2005)

The start up programs still loaded repeatedly. The firewall won't open. I got this message after I typed in NETSH FIREWALL RESET :
WARNING: Could not obtain host information from machine: (computer name).
Some commands may not be available.
The specified module could not be found.
The specified module could not be found.


----------



## Karrie.TX (Oct 6, 2005)

I thought it might be helpful if I ran SILENT RUNNERS, so I tried to start it and got this message: This script requires WINDOWS MANAGEMENT INSTRUMENTATION to run.

Click on Start, Control Panel, Administrative Tools, Services, and start the "WINDOWS MANAGEMENT INSTRUMENTATION" service.

So, I followed those steps to start it and got this message:
Could not start the windows management instrumentation service on local computer.

Error 126: The specified module could not be found.

I have no idea what that means, but I'm guessing it's really bad, right?


----------



## Cookiegal (Aug 27, 2003)

Go to the Run box on the Start Menu and type in the following (be sure to include the space between the c and the /:

*sfc /scannow*

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

Let me know how that goes please.


----------



## Karrie.TX (Oct 6, 2005)

Ok, I did it, but still can't open the firewall or windows management instrumentation on either of the user accounts.


----------



## valis (Sep 24, 2004)

just to throw my two cents in here, cookie, although I am sure you are aware of this as well, the only times I've ever seen that particular warning (Could not obtain host information from machine), rpc was involved. And if I remember correctly, the client had set that to manual on the advice of some web site. 

Again, just lurking and learning.


----------



## Cookiegal (Aug 27, 2003)

It's worth a try.

Go to *Start *- *Run *- type in *services.msc* and click OK.

Scroll down the list to the RPC (Remote Procedure Call) service and double click on it to open it. Let us know what the status is as well as the startup type please.


----------



## Karrie.TX (Oct 6, 2005)

Remote Procedure Call (RPC) Status: started * Start Up Type: Automatic

Remote Procedure Call (RPC) Locator Status: Not Started * Start Up Type: Manual


----------



## Cookiegal (Aug 27, 2003)

Those look fine.

Go to *Start *- *Run *- type in *eventvr.msc *and click OK.

Look under both "application" and "system" for errors indicated in red. Double click each one to open it and then click on the icon that looks like two pieces of paper. This will copy it to the clipboard. Then copy and paste them here please.


----------



## Karrie.TX (Oct 6, 2005)

This is the message that popped up when I tried. Windows cannot find 'eventvr.msc'. Make sure you typed the name correctly then try again. To search for a file, click the Start button, and then click search.


----------



## valis (Sep 24, 2004)

missing a 'w'

eventvWr.msc


----------



## Cookiegal (Aug 27, 2003)

Sorry. Thanks Tim! :up:


----------



## valis (Sep 24, 2004)

de nada. Now it's tim 1, cookie 1,345,823. Catching up on ya!


----------



## Karrie.TX (Oct 6, 2005)

Here are the error messages from the system. I will also post the application messages, but it might take a while as I am having trouble with my cable.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/28/2006
Time: 2:53:08 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/27/2006
Time: 2:27:31 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/26/2006
Time: 9:25:00 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/26/2006
Time: 4:56:13 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/26/2006
Time: 1:18:51 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/25/2006
Time: 12:37:22 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/25/2006
Time: 10:57:12 AM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/25/2006
Time: 1:55:13 AM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/24/2006
Time: 4:17:44 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/24/2006
Time: 3:46:21 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/24/2006
Time: 3:46:11 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/23/2006
Time: 10:00:52 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/23/2006
Time: 9:14:33 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service NSCService with arguments "" in order to run the server:
{09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/23/2006
Time: 9:10:53 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/23/2006
Time: 9:09:18 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/23/2006
Time: 6:23:44 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 10/23/2006
Time: 6:23:33 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/23/2006
Time: 9:36:18 AM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/21/2006
Time: 6:24:18 AM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/20/2006
Time: 3:23:44 AM
User:	 NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/19/2006
Time: 9:54:14 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/9/2006
Time: 2:47:35 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 10/8/2006
Time: 11:32:09 PM
User: YOUR-FSYLY0JTWN\aSUNSHINE
Computer:	YOUR-FSYLY0JTWN
Description:
The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1000
Date: 9/22/2006
Time: 12:16:57 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
Your computer has lost the lease to its IP address 192.168.100.10 on the Network Card with network address 000C769D794E.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1002
Date: 9/22/2006
Time: 12:16:24 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The IP address lease 24.182.195.112 for the Network Card with network address 000C769D794E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	WinDefend
Event Category:	None
Event ID:	1008
Date: 9/14/2006
Time: 3:53:04 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The description for Event ID ( 1008 ) in Source ( WinDefend ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: %%826, 1.1.1347.0, {BDC57197-BAF6-4220-9B20-851BF935AD20}, 0, %%802, 0, , YOUR-FSYLY0JTWN, aSUNSHINE, S-1-5-21-2836612162-2111899814-2294053649-1007, NewDotNet.QuickSearchBar, 14934, 4, 1, http://www.microsoft.com, file:\\?\C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP299\A0039112.exe->(wise0014);file:\\?\C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP299\A0039111.exe->(wise0014);file:\\?\C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP299\A0039110.exe->(wise0014), , , 2, %%812, 0x80508021, An unexpected problem occurred. Install any available updates, and then try to start the program again. (To check for updates, click Start, click All Programs, and then click Windows Update.) , , .
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/25/2006
Time: 1:18:17 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/25/2006
Time: 1:18:17 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The nVidia WDM Video Capture (universal) service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/24/2006
Time: 4:12:10 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/23/2006
Time: 10:46:10 AM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7034
Date: 8/21/2006
Time: 11:27:35 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/18/2006
Time: 10:01:55 AM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/16/2006
Time: 10:22:32 AM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The mrtRate service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/15/2006
Time: 10:16:14 AM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The nVidia WDM A/V Crossbar service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/15/2006
Time: 10:16:14 AM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The nVidia WDM Video Capture (universal) service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 8/15/2006
Time: 10:16:14 AM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The mrtRate service failed to start due to the following error: 
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Karrie.TX (Oct 6, 2005)

Here are some of the application errors:
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:40:18 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:35:18 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:30:18 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:25:18 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:20:18 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:15:17 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:10:17 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:05:17 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 3:00:17 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 2:55:17 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 10/24/2006
Time: 2:50:17 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-FSYLY0JTWN
Description:
Information Level: error

Internet connection not detected.
Event Type:	Error
Event Source:	EventSystem
Event Category:	(50)
Event ID:	4609
Date: 10/23/2006
Time: 9:12:54 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1001
Date: 10/22/2006
Time: 11:06:41 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
Fault bucket 129305536.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket: 
0008: 31 32 39 33 30 35 35 33 12930553
0010: 36 0d 0a 6.. 
Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 10/22/2006
Time: 11:06:34 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001016.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 32 31 38 30 20 00.2180 
0030: 69 6e 20 6e 74 64 6c 6c in ntdll
0038: 2e 64 6c 6c 20 35 2e 31 .dll 5.1
0040: 2e 32 36 30 30 2e 32 31 .2600.21
0048: 38 30 20 61 74 20 6f 66 80 at of
0050: 66 73 65 74 20 30 30 30 fset 000
0058: 30 31 30 31 36 0d 0a 01016.. 
Event Type:	Error
Event Source:	Application Hang
Event Category:	None
Event ID:	1001
Date: 10/19/2006
Time: 5:03:09 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
Fault bucket 126637809.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket: 
0008: 31 32 36 36 33 37 38 30 12663780
0010: 39 0d 0a 9.. 
Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 10/19/2006
Time: 5:02:16 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 36 re.exe 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in 
0030: 68 75 6e 67 61 70 70 20 hungapp 
0038: 30 2e 30 2e 30 2e 30 20 0.0.0.0 
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00 
Event Type:	Error
Event Source:	EventSystem
Event Category:	(50)
Event ID:	4609
Date: 10/12/2006
Time: 6:24:08 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	crypt32
Event Category:	None
Event ID:	8
Date: 10/9/2006
Time: 3:11:57 PM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 10/7/2006
Time: 12:17:49 AM
User: N/A
Computer:	YOUR-FSYLY0JTWN
Description:
Hanging application NMain.exe, version 104.0.5.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 4e 4d 61 69 6e 2e NMain.
0018: 65 78 65 20 31 30 34 2e exe 104.
0020: 30 2e 35 2e 33 20 69 6e 0.5.3 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000


----------



## Cookiegal (Aug 27, 2003)

I'm going to ask someone else to take a look at these errors for you.


----------



## Karrie.TX (Oct 6, 2005)

Ok, thanks so much for your help


----------



## Rollin' Rog (Dec 9, 2000)

The Dcom errors are likely created during Safe Mode startups -- the others are mostly more than a week old -- so it is not practical to chase them down except for the ones that are repeating either every startup or every use of a particular application. If you can identify those, we can focus on them.

>> What I would like to know is whether the problem with programs repeatedly starting up occurs during one of those Safe Mode boots -- or just during normal boots?

Also early in the thread you mentioned hearing "grinding" noises -- this can be an early sign of drive failure.

You should both run *chkdsk* on the drive and if you know the drive vendor, go to their site and get a diagnostic utility.


----------



## Karrie.TX (Oct 6, 2005)

I ran chkdsk and also the diagnostics and the computer passed the tests. The programs opening repeatedly occured both during normal start up and safe mode start up. The grinding noise stopped after I opened the 'FixKarrie' file I got from Cookiegal. It has done the same things before, the noises and the programs opening repeatedly, it's always been because of a virus in the computer, or at least that's what I assumed because it always stopped once the virus was deleted.


----------



## Rollin' Rog (Dec 9, 2000)

When you start in Safe Mode what program or programs open without any action on your part? Or is this happening when you manually try to open a program?

And are we talking about actual programs or folders?

If a program opens repeatedly, you would see more than one instance of it in the Task Manager processes or applications tab, is that the case?

And if it happens in Safe Mode, try also testing in the built-in Administrator account rather than your normal account if you haven't done so.

Also if the computer is networked on a router -- when you choose Safe Mode, do NOT choose with "networking support".


----------



## Karrie.TX (Oct 6, 2005)

The program that was repeatedly starting was MSN Messenger. I wasn't opening it manually, it just opened itself.I did uninstall it, then re-install it, thinking that was the problem, but it didn't help. I didn't see how many times it was in task manager because I couldn't get that to open, but it opens now. Sometimes if I clicked on something else, like solitaire, before MSN had a chance to open it, the cards on the solitaire game would keep shuffling themselves. I have no idea what made it stop loading over and over, but it did. Maybe all traces of the virus were finally removed?? The only big problem left is the Windows Security Center.


----------



## Rollin' Rog (Dec 9, 2000)

I can't imagine how it would open in Safe Mode, but if the Security Center is the only problem now, can you detail for me just what is happening there?


----------



## Karrie.TX (Oct 6, 2005)

Ok, when I go into the Security Center and click on Windows Firewall, I get this message:
Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/ Internet Connection Sharing (ICS) service? Then I click on yes, and get this message: Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service. I've tried it on my user account and my husband's, but still get those messages.


----------



## valis (Sep 24, 2004)

not to trump rog, as he knows a lot more than I do, but what happens when you do the following:

start > run > services.msc > go to windows firewall in the right hand pane, double click it, and see what it says under 'startup type' and post that back here please.


----------



## Rollin' Rog (Dec 9, 2000)

Follow the instructions on this page:

http://windowsxp.mvps.org/sharedaccess.htm

Download and run the "sharedaccess.reg" file (it should tell you it has successfully merged to the registry)

Then reboot and run the command:

NETSH FIREWALL RESET

and reboot again and see if you can start the service.

Post again any error messages received in the process fully and exactly.


----------



## Karrie.TX (Oct 6, 2005)

Sorry for not replying sooner, I've been working. I really appreciate your help. When I ran
NETSH FIREWALL RESET, I got this message:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\aSUNSHINE>NETSH FIREWALL RESET

WARNING: Could not obtain host information from machine: [computer name]. Some
commands may not be available.
The specified module could not be found.

The specified module could not be found.

C:\Documents and Settings\aSUNSHINE>
--After rebooting and trying to open windows firewall, I got these messages:
Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/ Internet Connection Sharing (ICS) service?

Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.


----------



## Karrie.TX (Oct 6, 2005)

Windows Firewall start up type is automatic.


----------



## valis (Sep 24, 2004)

Karrie.TX said:


> Windows Firewall start up type is automatic.


below that are two buttons, stop and start. Which one is greyed out?


----------



## Rollin' Rog (Dec 9, 2000)

I'm not sure the computer name is necessary here; as for the "module" not found -- I assume that is the Windows Firewall and Internet Connection service -- which you say is present in *services.msc* and set to automatic startup -- right?

Did you install the "sharedaccess.reg" file and get a confirmation that it merged to the registry?


----------



## Karrie.TX (Oct 6, 2005)

Yes, it is present in services.msc, and it is set to automatic start up. I did install the file and got confirmation.


----------



## Karrie.TX (Oct 6, 2005)

The stop button is the one that is greyed out. Start is highlighted and above that it says Service Status: stopped. When I click on start, I get this message: Could not start the Windows Firewall/Internet Connection Sharing (ICS) service on Local Computer.
ERROR 1068: The dependancy service or group failed to start.

Also, when I was looking at the properties, I clicked on dependencies, and got this message: WBEM error features not available. Upgrade WMI to a newer build.


----------



## valis (Sep 24, 2004)

rog? That's all you, chief.....never heard of that one before.....


----------



## Britches (Nov 5, 2006)

This is my first post here and hopefully a Quick Reply was the option to take. I have spent all day working on my machine and studying this thread. It seems like Karrie and I are having the same problems. I followed all of the instructions that were posted here and came back with the same reply she had. Eventually I followed the link below to download the WMI Diagnosis Utility from Microsoft.

http://www.microsoft.com/downloads/...d6-18d1-4d05-b11e-4c64192ae97d&displaylang=en

After running this utility and staring at the log for what seemed like hours, I noticed an error stating that I was missing files. They were supposed to be in the windows\system32\wbem folder, but when I opened that folder there was hardly anything there. Earlier I had to extract a dll file to this location to make my System Restore work (which actually didn't work because it said it couldn't restore to an earlier point), so that was actually related to my inital problem of the firewall,WMI, security center,etc. not working properly. Everytime I tried starting anything in the services, I was receiving the exact same messages as Karrie. For months I have been unable to access this machine from my laptop, nor have I been able to access my printer from my laptop.

I was overeager for a solution so I simply copied the wbem folder from my laptop to my desktop (the desktop computer is the one I'm having problems with). After copying, I went into the services, started the WMI, and followed with the firewall. Everything is working fine now. 
I was worried that I was going to cause a complete mess because I'm running WindowsXP Home Edition on my desktop and WindowsXP Professional on my laptop but it worked wonderfully. I'm now accessing my desktop machine and my printer from my laptop.

I don't know if this will work with Karrie but I would think that it's definitely worth a try.

So in case this was utterly confusing, the solution to my problem was to copy the wbem folder from another computer running WindowsXP Service Pack 2, onto my problem machine.

Also, before I copied, I made sure that I was able to access the firewall on the computer I was copying the files from!

Since I just took a long shot and got lucky, I really have no place to say whether or not it is safe to try this. You guys know a lot more about computers than I do so please advise as to whether or not anyone should try this. Good Luck!


----------



## Rollin' Rog (Dec 9, 2000)

Very interesting. I've never seen that utility from MS before and was looking in the past for a WBEM repair method.

Definitely good for a go -- in fact I think I'll test it out on my working system.

Whew! What an ouput that script produces 

For what it's worth, for me the bottom line was two missing dlls and their registration info. Since I'm not having any problems -- I guess I'll just ignore it:



> 13835 19:06:11 (1) !! ERROR: The following WMI system file(s) is/are missing: .................................... 2 ERROR(S)!
> 13836 19:06:11 (0) ** - CmdEvTgProv.dll
> 13837 19:06:11 (0) ** - policman.dll
> 13838 19:06:11 (0) ** => Recopy from a working system the missing WMI system files to 'C:\WINDOWS\SYSTEM32\WBEM\'


----------



## Rollin' Rog (Dec 9, 2000)

I found this, it includes some instructions for reinstalling WBEM.

http://windowsxp.mvps.org/repairwmi.htm

Note if you don't have an XP SP2 CD, when you are prompted for any file location, you should point it to c:\windows\servicepackfiles\I386

Set a System Restore point before doing anything along these lines.


----------

