gandamid
asked on
IE wants to send error report each time it starts up.
I have a Win2k SP3 system on my bench. I think some kiddo's have downloaded something that has hijacked IE. I have done the SFC program and it is still broken. I did the registry change to allow me to re-install IE. I re-installed IE, but it didn't appear that it took long enough.
I can't run anti-virus on it, either.
Any ideas? I thought about hooking just the drive to my test system as a slave drive and trying to edit the registry, but I can't find a registry editor that will work on a slave drive. Anyone know of such a program. (If there's not one I bet I could make a fortune if I wrote one! LOL )
Thanks in advance.
I can't run anti-virus on it, either.
Any ideas? I thought about hooking just the drive to my test system as a slave drive and trying to edit the registry, but I can't find a registry editor that will work on a slave drive. Anyone know of such a program. (If there's not one I bet I could make a fortune if I wrote one! LOL )
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
gandamid,
Sorry to say this, but this is one of the worst logs I've ever seen...
Use all these tools and make sure to update them before running:
Ad-aware : http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder : http://209.133.47.200/~merijn/files/CWShredder.exe
Afterwards, in case your internet connection won't work anymore, use this tool to get back online:
http://members.shaw.ca/techcd/WinsockXPFix.exe
Afterwards, post another logfile. You also have a virus, but we'll fix that later on.
LucF
Sorry to say this, but this is one of the worst logs I've ever seen...
Use all these tools and make sure to update them before running:
Ad-aware : http://www.spychecker.com/download/download_adaware.html
Spybot Search and Destroy : http://www.spychecker.com/download/download_spybot.html
CoolWebShredder : http://209.133.47.200/~merijn/files/CWShredder.exe
Afterwards, in case your internet connection won't work anymore, use this tool to get back online:
http://members.shaw.ca/techcd/WinsockXPFix.exe
Afterwards, post another logfile. You also have a virus, but we'll fix that later on.
LucF
ASKER
I was able to get IE to come up. Have downloaded the programs you suggested. Will run them in a few minutes. I pulled the drive and hooked it up on my test system as a slave and am currently running NAV on it.
Will post back in a few minutes on my progress.
Thx.
Will post back in a few minutes on my progress.
Thx.
I am not sure why this is here C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winl ogon.exe but it don't belong. It may be at the crux of your problem.
I think a virus is at the heart of this. Seee if you can do this
Double Check for viruses
Online Scanners
Norton Web Services
Go to this page and click on Scan for Viruses
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN
It needs to download a few file so as to activate the scan so you may see a message like this.
"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.
The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
Downloading Scan for Viruses controls. Please wait...
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
Note: Scan for Viruses does not scan compressed files"
======================
Trend Micro HouseCall
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer. By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp
======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================
PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp
If you not the run this
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/
And if you can run your anti viurs scanner from safmode move this disk to a machine that you can run its virus scanner on it.
I think a virus is at the heart of this. Seee if you can do this
Double Check for viruses
Online Scanners
Norton Web Services
Go to this page and click on Scan for Viruses
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN
It needs to download a few file so as to activate the scan so you may see a message like this.
"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.
The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
Downloading Scan for Viruses controls. Please wait...
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.
Note: Scan for Viruses does not scan compressed files"
======================
Trend Micro HouseCall
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer. By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp
======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================
PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp
If you not the run this
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/
And if you can run your anti viurs scanner from safmode move this disk to a machine that you can run its virus scanner on it.
this one worries me a lot more: C:\WINNT\svchost.exe
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dewin.html
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dewin.html
ASKER
Lucf gave me the hijack program link and that fixed most of my problems.
I'm going to award the points to lucf.
Can get the computer to come up, IE comes up. Can't get on the network. Device mgr not showing a network card in the machine. It is built onto the mobo. I will try plugging in a nic and see if I can get drivers to load.
Getting close, but not there quite yet.
I am going to award you the points 'cause that hijack program is GREAT !!!
Thanks. I think I can get it going from here. It may still come down to loading the thing from scratch. OH well.
FG
I'm going to award the points to lucf.
Can get the computer to come up, IE comes up. Can't get on the network. Device mgr not showing a network card in the machine. It is built onto the mobo. I will try plugging in a nic and see if I can get drivers to load.
Getting close, but not there quite yet.
I am going to award you the points 'cause that hijack program is GREAT !!!
Thanks. I think I can get it going from here. It may still come down to loading the thing from scratch. OH well.
FG
Glad to help ;-)
LucF
LucF
ASKER
Here's the log:
Logfile of HijackThis v1.97.7
Scan saved at 5:05:42 PM, on 4/2/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
C:\WINNT\system32\services
C:\WINNT\system32\lsass.ex
C:\WINNT\system32\svchost.
C:\WINNT\system32\spoolsv.
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\svchost.
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.e
C:\WINNT\system32\MSTask.e
C:\WINNT\system32\svchost.
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\PROGRA~1\NORTON~1\navap
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winl
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
A:\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O1 - Hosts: 5377608764 spywareforum.com
O1 - Hosts: 5377608764 www.spywareforum.com
O1 - Hosts: 5377608764 forum.spywareinfo.com
O1 - Hosts: 5377608764 nativehardcore.com
O1 - Hosts: 5377608764 www.nativehardcore.com
O1 - Hosts: 5377608764 approvedlinks.com
O1 - Hosts: 5377608764 www.approvedlinks.com
O1 - Hosts: 5377608764 searchv.com
O1 - Hosts: 5377608764 www.searchv.com
O1 - Hosts: 5377608764 selfbookmarks.com
O1 - Hosts: 5377608764 runsearch.com
O1 - Hosts: 5377608764 www.runsearch.com
O1 - Hosts: 5377608764 www.selfbookmarks.com
O1 - Hosts: 5377608764 searching-the-net.com
O1 - Hosts: 5377608764 www.searching-the-net.com
O1 - Hosts: 5377608764 ywebsearch.info
O1 - Hosts: 5377608764 www.ywebsearch.info
O1 - Hosts: 5377608764 ok-search.com
O1 - Hosts: 5377608764 www.ok-search.com
O1 - Hosts: 5377608764 ewebsearch.net
O1 - Hosts: 5377608764 www.ewebsearch.net
O1 - Hosts: 5377608764 www.008k.com
O1 - Hosts: 5377608764 autosearcher.com
O1 - Hosts: 5377608764 www.autosearcher.com
O1 - Hosts: 5377608764 www.selfbookmarks.com
O1 - Hosts: 5377608764 www.smutserver.com
O1 - Hosts: 5377608764 www.kinghost.com
O1 - Hosts: 5377608764 www.smuthosts.com
O1 - Hosts: 5377608764 livesexlist.com
O1 - Hosts: 5377608764 www.livesexlist.com
O1 - Hosts: 5377608764 www.thumbnailpost.com
O1 - Hosts: 5377608764 thumbnailpost.com
O1 - Hosts: 5377608764 adult-series.com
O1 - Hosts: 5377608764 www.adult-series.com
O1 - Hosts: 5377608764 www.webcoolsearch.com
O1 - Hosts: 5377608764 webcoolsearch.com
O1 - Hosts: 5377608764 neope.selfbookmark.info
O1 - Hosts: 5377608764 solongas.com
O1 - Hosts: 5377608764 www.solongas.com
O1 - Hosts: 5377608764 eforced.com
O1 - Hosts: 5377608764 www.eforced.com
O1 - Hosts: 5377608764 www.alfa-search.com
O1 - Hosts: 5377608764 alfa-search.com
O1 - Hosts: 5377608764 in.webcounter.cc
O1 - Hosts: 5377608764 i-lookup.com
O1 - Hosts: 5377608764 allneedsearch.com
O1 - Hosts: 5377608764 tits.hardcore4ever.net
O1 - Hosts: 5377608764 best.royalsearch.net
O1 - Hosts: 5377608764 default-homepage-network.c
O1 - Hosts: 5377608764 xwebsearch.com
O1 - Hosts: 5377608764 www.rightfinder.net
O1 - Hosts: 5377608764 www.search-1.net
O1 - Hosts: 5377608764 www.websearch.com
O1 - Hosts: 5377608764 mysearchnow.com
O1 - Hosts: 5377608764 www.therealsearch.com
O1 - Hosts: 5377608764 www.find-itnow.com
O1 - Hosts: 5377608764 super-spider.com
O1 - Hosts: 5377608764 www.searching-the-net.com
O1 - Hosts: 5377608764 www.firstbookmark.com
O2 - BHO: (no name) - { - (no file)
O2 - BHO: (no name) - {0 - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1
O2 - BHO: (no name) - {03 - (no file)
O2 - BHO: (no name) - {035 - (no file)
O2 - BHO: (no name) - {03529 - (no file)
O2 - BHO: (no name) - {0352960F-47BE-11D5-AB93-0
O2 - BHO: (no name) - {04 - (no file)
O2 - BHO: (no name) - {0494 - (no file)
O2 - BHO: (no name) - {06 - (no file)
O2 - BHO: (no name) - {0684 - (no file)
O2 - BHO: (no name) - {06849 - (no file)
O2 - BHO: (no name) - {06849E - (no file)
O2 - BHO: (no name) - {06849E9 - (no file)
O2 - BHO: (no name) - {06849E9F - (no file)
O2 - BHO: (no name) - {06849E9F- - (no file)
O2 - BHO: (no name) - {06849E9F-C - (no file)
O2 - BHO: (no name) - {06849E9F-C8 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D5 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B8 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87 - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D- - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {1 - (no file)
O2 - BHO: (no name) - {14 - (no file)
O2 - BHO: (no name) - {14b - (no file)
O2 - BHO: (no name) - {14b3 - (no file)
O2 - BHO: (no name) - {14b3d - (no file)
O2 - BHO: (no name) - {14b3d2 - (no file)
O2 - BHO: (no name) - {14b3d24 - (no file)
O2 - BHO: (no name) - {14b3d246 - (no file)
O2 - BHO: (no name) - {14b3d246- - (no file)
O2 - BHO: (no name) - {14b3d246-6 - (no file)
O2 - BHO: (no name) - {14b3d246-62 - (no file)
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6
O2 - BHO: (no name) - {1E - (no file)
O2 - BHO: (no name) - {1E1 - (no file)
O2 - BHO: (no name) - {1E1B - (no file)
O2 - BHO: (no name) - {1E1B2 - (no file)
O2 - BHO: (no name) - {1E1B28 - (no file)
O2 - BHO: (no name) - {1E1B287 - (no file)
O2 - BHO: (no name) - {1E1B2879 - (no file)
O2 - BHO: (no name) - {1E1B2879- - (no file)
O2 - BHO: (no name) - {1E1B2879-8 - (no file)
O2 - BHO: (no name) - {1E1B2879-88 - (no file)
O2 - BHO: (no name) - {1E1B2879-88F - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-1 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D9 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96 - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96- - (no file)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-D
O2 - BHO: (no name) - {6 - (no file)
O2 - BHO: (no name) - {60 - (no file)
O2 - BHO: (no name) - {601 - (no file)
O2 - BHO: (no name) - {601E - (no file)
O2 - BHO: (no name) - {601ED - (no file)
O2 - BHO: (no name) - {601ED0 - (no file)
O2 - BHO: (no name) - {601ED02 - (no file)
O2 - BHO: (no name) - {601ED020 - (no file)
O2 - BHO: (no name) - {601ED020- - (no file)
O2 - BHO: (no name) - {601ED020-F - (no file)
O2 - BHO: (no name) - {601ED020-FB - (no file)
O2 - BHO: (no name) - {601ED020-FB6 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C - (no file)
O2 - BHO: (no name) - {601ED020-FB6C- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-1 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-8 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8 - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8- - (no file)
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0
O2 - BHO: Ipswitch.WsftpBrowserHelpe
O2 - BHO: (no name) - {65 - (no file)
O2 - BHO: (no name) - {65C - (no file)
O2 - BHO: (no name) - {65C8 - (no file)
O2 - BHO: (no name) - {65C8C - (no file)
O2 - BHO: (no name) - {65C8C1 - (no file)
O2 - BHO: (no name) - {65C8C1F - (no file)
O2 - BHO: (no name) - {65C8C1F5 - (no file)
O2 - BHO: (no name) - {65C8C1F5- - (no file)
O2 - BHO: (no name) - {65C8C1F5-2 - (no file)
O2 - BHO: (no name) - {65C8C1F5-23 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0 - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D- - (no file)
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-2
O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-2
O2 - BHO: (no name) - {7 - (no file)
O2 - BHO: (no name) - {76 - (no file)
O2 - BHO: (no name) - {760 - (no file)
O2 - BHO: (no name) - {760A - (no file)
O2 - BHO: (no name) - {760A9 - (no file)
O2 - BHO: (no name) - {760A9D - (no file)
O2 - BHO: (no name) - {760A9DD - (no file)
O2 - BHO: (no name) - {760A9DDE - (no file)
O2 - BHO: (no name) - {760A9DDE- - (no file)
O2 - BHO: (no name) - {760A9DDE-1 - (no file)
O2 - BHO: (no name) - {760A9DDE-14 - (no file)
O2 - BHO: (no name) - {760A9DDE-143 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-81 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-818 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189 - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189- - (no file)
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {760A9DDE-1433-4A7C-8189-D
O2 - BHO: (no name) - {A - (no file)
O2 - BHO: (no name) - {A6 - (no file)
O2 - BHO: (no name) - {A64 - (no file)
O2 - BHO: (no name) - {A647 - (no file)
O2 - BHO: (no name) - {A6475 - (no file)
O2 - BHO: (no name) - {A6475E - (no file)
O2 - BHO: (no name) - {A6475E6 - (no file)
O2 - BHO: (no name) - {A6475E6B - (no file)
O2 - BHO: (no name) - {A6475E6B- - (no file)
O2 - BHO: (no name) - {A6475E6B-3 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-8 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82 - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82F - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD- - (no file)
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {A6475E6B-3C2E-4B1F-82FD-8
O2 - BHO: (no name) - {B - (no file)
O2 - BHO: (no name) - {BD - (no file)
O2 - BHO: (no name) - {BDF - (no file)
O2 - BHO: (no name) - {BDF3 - (no file)
O2 - BHO: (no name) - {BDF3E - (no file)
O2 - BHO: (no name) - {BDF3E4 - (no file)
O2 - BHO: (no name) - {BDF3E43 - (no file)
O2 - BHO: (no name) - {BDF3E430 - (no file)
O2 - BHO: (no name) - {BDF3E430- - (no file)
O2 - BHO: (no name) - {BDF3E430-B - (no file)
O2 - BHO: (no name) - {BDF3E430-B1 - (no file)
O2 - BHO: (no name) - {BDF3E430-B10 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-4 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A5 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A54 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544 - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544- - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-F
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: (no name) - {BDF6CE3D-F5C5-4462-9814-3
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Topicks Categories - {80E81A0E-9741-4FBC-8EE3-3
O3 - Toolbar: Band Class - {BDF6CE3D-F5C5-4462-9814-3
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navap
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.e
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRA~1\GROKSTER\Groks
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v1\scbar.exe" /U
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\SVCHOST.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\WebRebates\System\Te
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {0FAA926E-2AF4-11D3-9995-0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-4
O16 - DPF: {7823A620-9DD9-11CF-A662-0
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {C4847596-972C-11D0-9567-0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0