hoody
asked on
Hijack This logfile
Below is a logfile from Hijack This. It's on a friends computer that I'm trying to help by email. She has her hands full with babies at home and working from home, so she tends to be slow getting back to me with responses, so do bare with us! Months ago she had a problem with a virus on WinXP. She has DSL for internet access. I told her about the firewall in XP, and had her do an online virus scan to clean things up, then get EZ Antivirus installed and working. She was also overwhelmed with popus from spyware, etc., so I've had her run Adaware and Spybot Search & Destroy. She says things are much better, but she still has some trouble with popups. So I had her send me this log file. I see a few things right off that are questionable, but I'm new to use Hijack This, so thought I'd get advice from those of you who are more familiar with it.
Logfile of HijackThis v1.97.7
Scan saved at 9:40:00 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\cisvc. exe
C:\WINDOWS\System32\CTsvcC DA.exe
c:\PROGRA~1\mcafee.com\vso \mcvsrte.e xe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentr y.exe
C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mca gent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcm d.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb04.exe
C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mmtask.exe
C:\PROGRA~1\CA\ETRUST~1\ET RUST~1\Vet Tray.exe
C:\Program Files\Dell\Support\Alert\b in\NotifyA lert.exe
C:\documents and settings\jennifer\local settings\temp\BQV.exe
C:\WINDOWS\System32\MsPMSP Sv.exe
C:\documents and settings\jennifer\local settings\temp\GvgDYVsw.exe
C:\Program Files\Logitech\MouseWare\s ystem\em_e xec.exe
C:\Program Files\ClearSearch\Loader.e xe
C:\WINDOWS\System32\rundll 32.exe
C:\WINDOWS\uptodate.exe
C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe
C:\Program Files\Save\Save.exe
c:\PROGRA~1\mcafee.com\vso \mcshield. exe
C:\Program Files\AutoUpdate\AutoUpdat e.exe
C:\Program Files\ClearSearch\csAOLldr .exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CLOCKS~1\Sync. exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORRE C~1\CCD.ex e
C:\Program Files\SysAI\SysAI.exe
C:\WINDOWS\System32\atrpy. exe
C:\WINDOWS\System32\bcmdst r.exe
C:\WINDOWS\System32\wuaucl t.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\System32\svchos t.exe
c:\documents and settings\jennifer\local settings\temp\GMZBnOX.exe
C:\WINDOWS\System32\mpsche mew.exe
C:\WINDOWS\System32\UbgrYI n.exe
C:\WINDOWS\System32\EbwQSH .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\PXSAPI .exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Spyware Stormer\SpywareStormer.exe
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\694Z2LUP \HijackThi s[1].exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = file://C:\WINDOWS\System32 \SearchBar .htm
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.jacksonville.com/
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,Shellnext = http://support.fastaccess.com/launch.asp
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-0 0000000022 1} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-7 86FA05C83A B} - C:\Program Files\SysAI\plg0\AproposPl ugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEH elper.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5 297EF71F44 3} - C:\WINDOWS\System32\stlbdi st.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-5 00A16B6CF9 4} - C:\Program Files\SEP\sep.dll
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7 1766C64130 6} - C:\WINDOWS\System32\vld130 6.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-7 20FAF53D84 1} - C:\Documents and Settings\Jennifer\Local Settings\Temp\kvF.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2 09B6AD74AC C} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5 297EF71F44 4} - C:\WINDOWS\System32\stlbdi st.DLL
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-5 00A16B6CF9 4} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag nostics\di agent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr y.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.ex e"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mca gent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Age nt\McUpdat e.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso \mcvsshld. exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcm d.exe" /server /nosystray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\ drivers\w3 2x86\3\hpz tsb04.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSu p3.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC H Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ET RUST~1\Vet Tray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [tapisvr] C:\WINDOWS\Registration\ta pisvr.exe
O4 - HKLM\..\Run: [BQV.exe] C:\documents and settings\jennifer\local settings\temp\BQV.exe
O4 - HKLM\..\Run: [GvgDYVsw.exe] C:\documents and settings\jennifer\local settings\temp\GvgDYVsw.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\YmxB.e xe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.e xe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost .exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him .exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0- 5297EF71F4 44}] rundll32.exe C:\WINDOWS\System32\stlbdi st.DLL,Dll RunMain
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Searc h.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdat e.exe"
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pc svc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [w76j38V] atrpy.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [UB3BRSHP] C:\WINDOWS\System32\UB3BRS HP.exe
O4 - HKLM\..\Run: [GMZBnOX.exe] c:\documents and settings\jennifer\local settings\temp\GMZBnOX.exe
O4 - HKLM\..\Run: [mpschemew] C:\WINDOWS\System32\mpsche mew.exe
O4 - HKLM\..\Run: [PXSAPI] C:\WINDOWS\System32\PXSAPI .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe " /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync. exe /q
O4 - HKCU\..\Run: [hwptRUZ2P] bcmdstr.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: ViewTIFF for Java - http://imaging.landata.com/ViewTIFFJava/javabin/TIFFView.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0 D8A0B2C008 9} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D 3488ABDDC6 B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF:
{166B1BCA-3F9C-11CF-8075-4 4455354000 0} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF:
{205FF73B-CA67-11D5-99DD-4 4455354000 0} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab O16 - DPF:
{33564D57-0000-0010-8000-0 0AA00389B7 1} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF:
{41F17733-B041-4099-A042-B 518BB6A408 C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {6F750200-1362-4815-A476-8 8533DE61D0 C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 -
DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0 001023E6D5 A}
(Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
Logfile of HijackThis v1.97.7
Scan saved at 9:40:00 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\cisvc.
C:\WINDOWS\System32\CTsvcC
c:\PROGRA~1\mcafee.com\vso
C:\WINDOWS\System32\nvsvc3
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentr
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\McAfee.com\Agent\mca
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcm
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\spool\
C:\Program Files\MUSICMATCH\MUSICMATC
C:\PROGRA~1\CA\ETRUST~1\ET
C:\Program Files\Dell\Support\Alert\b
C:\documents and settings\jennifer\local settings\temp\BQV.exe
C:\WINDOWS\System32\MsPMSP
C:\documents and settings\jennifer\local settings\temp\GvgDYVsw.exe
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\ClearSearch\Loader.e
C:\WINDOWS\System32\rundll
C:\WINDOWS\uptodate.exe
C:\Program Files\Creative\SBLive\Diag
C:\Program Files\Save\Save.exe
c:\PROGRA~1\mcafee.com\vso
C:\Program Files\AutoUpdate\AutoUpdat
C:\Program Files\ClearSearch\csAOLldr
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\CLOCKS~1\Sync.
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\BellSouth\Connection
C:\PROGRA~1\BROADJ~1\CORRE
C:\Program Files\SysAI\SysAI.exe
C:\WINDOWS\System32\atrpy.
C:\WINDOWS\System32\bcmdst
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\WINDOWS\System32\svchos
c:\documents and settings\jennifer\local settings\temp\GMZBnOX.exe
C:\WINDOWS\System32\mpsche
C:\WINDOWS\System32\UbgrYI
C:\WINDOWS\System32\EbwQSH
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\PXSAPI
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Spyware Stormer\SpywareStormer.exe
C:\Documents and Settings\Jennifer\Local Settings\Temporary Internet Files\Content.IE5\694Z2LUP
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-0
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-5
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-7
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-7
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-2
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-5
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diag
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentr
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.ex
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mca
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Age
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcm
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSu
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ET
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [tapisvr] C:\WINDOWS\Registration\ta
O4 - HKLM\..\Run: [BQV.exe] C:\documents and settings\jennifer\local settings\temp\BQV.exe
O4 - HKLM\..\Run: [GvgDYVsw.exe] C:\documents and settings\jennifer\local settings\temp\GvgDYVsw.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\YmxB.e
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.e
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Searc
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdat
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pc
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [w76j38V] atrpy.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [UB3BRSHP] C:\WINDOWS\System32\UB3BRS
O4 - HKLM\..\Run: [GMZBnOX.exe] c:\documents and settings\jennifer\local settings\temp\GMZBnOX.exe
O4 - HKLM\..\Run: [mpschemew] C:\WINDOWS\System32\mpsche
O4 - HKLM\..\Run: [PXSAPI] C:\WINDOWS\System32\PXSAPI
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.
O4 - HKCU\..\Run: [hwptRUZ2P] bcmdstr.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: ViewTIFF for Java - http://imaging.landata.com/ViewTIFFJava/javabin/TIFFView.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D
{166B1BCA-3F9C-11CF-8075-4
{205FF73B-CA67-11D5-99DD-4
{33564D57-0000-0010-8000-0
{41F17733-B041-4099-A042-B
O16 - DPF: {6F750200-1362-4815-A476-8
DPF: {74D05D43-3236-11D4-BDCD-0
http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0
(Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
no problem at all =)
ASKER