jalvord1
asked on
HijackThis log - Computer full of executables and s-l-o-w. Please Help me.....
Computer has become very slow and hangs frequently. Have Adaware and Norton anti-virus. Have run both but problem remains. Attached is HijackThis log. Hopefully someone can tell me what to delete. thank you thank you thank you
Logfile of HijackThis v1.98.0
Scan saved at 9:08:04 PM, on 8/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\driver s\CDAC11BA .EXE
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2. exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc3 2.exe
C:\PROGRA~1\NORTON~1\SPEED D~1\nopdb. exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\System32\MsPMSP Sv.exe
C:\WINDOWS\TWAIN.DLL:ymhor
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\NORTON~1\NORTO N~1\navapw 32.exe
C:\PROGRA~1\VERIZO~1\SUPPO R~1\SMARTB ~1\MotiveS B.exe
C:\WINDOWS\system32\netig3 2.exe
C:\windows\system32\sncntr .exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\windows\system32\sp2ctr .exe
C:\windows\system32\glwjmg eb.exe
C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 10IC2.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\Program Files\Dell\Support\Alert\b in\NotifyA lert.exe
C:\unzipped\hijackthis\Hij ackThis.ex e
C:\WINDOWS\System32\wuaucl t.exe
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.ht m
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C 1F0F013C96 D} - C:\WINDOWS\system32\d3dl32 .dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn1 \ycomp5_3_ 16_0.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSu p3.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [t] C:\WINDOWS\System32\yawofm .exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvC heck.exe -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTO N~1\navapw 32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPO R~1\SMARTB ~1\MotiveS B.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [netig32.exe] C:\WINDOWS\system32\netig3 2.exe
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr .exe /nocomm
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe " -atboottime
O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr .exe /nocomm
O4 - HKLM\..\Run: [glwjmgeb] c:\windows\system32\glwjmg eb.exe /install
O4 - HKLM\..\RunOnce: [atlgd.exe] C:\WINDOWS\atlgd.exe
O4 - HKLM\..\RunOnce: [iewh32.exe] C:\WINDOWS\system32\iewh32 .exe
O4 - HKLM\..\RunOnce: [javajb.exe] C:\WINDOWS\system32\javajb .exe
O4 - HKLM\..\RunOnce: [ntha32.exe] C:\WINDOWS\system32\ntha32 .exe
O4 - HKLM\..\RunOnce: [ntzh.exe] C:\WINDOWS\system32\ntzh.e xe
O4 - HKLM\..\RunOnce: [ieze32.exe] C:\WINDOWS\ieze32.exe
O4 - HKLM\..\RunOnce: [ipuo.exe] C:\WINDOWS\ipuo.exe
O4 - HKLM\..\RunOnce: [crmv.exe] C:\WINDOWS\system32\crmv.e xe
O4 - HKLM\..\RunOnce: [atlkt32.exe] C:\WINDOWS\system32\atlkt3 2.exe
O4 - HKLM\..\RunOnce: [crzv32.exe] C:\WINDOWS\crzv32.exe
O4 - HKLM\..\RunOnce: [ierr.exe] C:\WINDOWS\ierr.exe
O4 - HKLM\..\RunOnce: [crpw32.exe] C:\WINDOWS\system32\crpw32 .exe
O4 - HKLM\..\RunOnce: [crsz32.exe] C:\WINDOWS\crsz32.exe
O4 - HKLM\..\RunOnce: [crnw32.exe] C:\WINDOWS\crnw32.exe
O4 - HKLM\..\RunOnce: [ipmd32.exe] C:\WINDOWS\system32\ipmd32 .exe
O4 - HKLM\..\RunOnce: [ipep.exe] C:\WINDOWS\ipep.exe
O4 - HKLM\..\RunOnce: [crch32.exe] C:\WINDOWS\crch32.exe
O4 - HKLM\..\RunOnce: [javall.exe] C:\WINDOWS\system32\javall .exe
O4 - HKLM\..\RunOnce: [crpn32.exe] C:\WINDOWS\system32\crpn32 .exe
O4 - HKLM\..\RunOnce: [mssu32.exe] C:\WINDOWS\mssu32.exe
O4 - HKLM\..\RunOnce: [appdq.exe] C:\WINDOWS\system32\appdq. exe
O4 - HKLM\..\RunOnce: [netpf.exe] C:\WINDOWS\netpf.exe
O4 - HKLM\..\RunOnce: [apicg.exe] C:\WINDOWS\apicg.exe
O4 - HKLM\..\RunOnce: [atlfw32.exe] C:\WINDOWS\system32\atlfw3 2.exe
O4 - HKLM\..\RunOnce: [apipr.exe] C:\WINDOWS\system32\apipr. exe
O4 - HKLM\..\RunOnce: [appan32.exe] C:\WINDOWS\appan32.exe
O4 - HKLM\..\RunOnce: [crkv.exe] C:\WINDOWS\crkv.exe
O4 - HKLM\..\RunOnce: [javalm.exe] C:\WINDOWS\system32\javalm .exe
O4 - HKLM\..\RunOnce: [winiv.exe] C:\WINDOWS\winiv.exe
O4 - HKLM\..\RunOnce: [addcs32.exe] C:\WINDOWS\system32\addcs3 2.exe
O4 - HKLM\..\RunOnce: [sdkew.exe] C:\WINDOWS\system32\sdkew. exe
O4 - HKLM\..\RunOnce: [ipry.exe] C:\WINDOWS\ipry.exe
O4 - HKLM\..\RunOnce: [addjd32.exe] C:\WINDOWS\system32\addjd3 2.exe
O4 - HKLM\..\RunOnce: [atlif.exe] C:\WINDOWS\atlif.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32 .exe
O4 - HKLM\..\RunOnce: [netbc.exe] C:\WINDOWS\system32\netbc. exe
O4 - HKLM\..\RunOnce: [javaou32.exe] C:\WINDOWS\javaou32.exe
O4 - HKLM\..\RunOnce: [winwr32.exe] C:\WINDOWS\system32\winwr3 2.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo n.exe
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 10IC2.EXE /A "C:\WINDOWS\System32\E_S11 .tmp"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-A DF037C8DDB C} - C:\Program Files\Verizon Online\ControlPad\Misc\a_m enu.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0 0B0D0A1DE4 5} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A 9046DEA8A2 1} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9 63509EAE56 B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {140F03AE-0588-11D4-BD45-0 050048A82B F} (eShare Web Collaboration Class) - http://63.166.193.103/netagent/objects/emagic.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-0 0609723787 7} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/2901cdb6bd246dc06f06/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-9 79C4A75F53 B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6 689520C7CD 7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0 0105AA9B6A E} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-0 0A0C9CC72C 3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0 F47A330807 8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7 C6C9569B8C 7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-6 4D10A7E247 9} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F B9E207A39E 6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4383/mcfscan.cab
Logfile of HijackThis v1.98.0
Scan saved at 9:08:04 PM, on 8/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\driver
C:\WINDOWS\system32\cisvc.
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc3
C:\PROGRA~1\NORTON~1\SPEED
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\System32\MsPMSP
C:\WINDOWS\TWAIN.DLL:ymhor
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\NORTON~1\NORTO
C:\PROGRA~1\VERIZO~1\SUPPO
C:\WINDOWS\system32\netig3
C:\windows\system32\sncntr
C:\Program Files\Common Files\Real\Update_OB\reals
C:\windows\system32\sp2ctr
C:\windows\system32\glwjmg
C:\WINDOWS\System32\spool\
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\Program Files\Dell\Support\Alert\b
C:\unzipped\hijackthis\Hij
C:\WINDOWS\System32\wuaucl
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSu
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [t] C:\WINDOWS\System32\yawofm
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTO
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPO
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [netig32.exe] C:\WINDOWS\system32\netig3
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr
O4 - HKLM\..\Run: [glwjmgeb] c:\windows\system32\glwjmg
O4 - HKLM\..\RunOnce: [atlgd.exe] C:\WINDOWS\atlgd.exe
O4 - HKLM\..\RunOnce: [iewh32.exe] C:\WINDOWS\system32\iewh32
O4 - HKLM\..\RunOnce: [javajb.exe] C:\WINDOWS\system32\javajb
O4 - HKLM\..\RunOnce: [ntha32.exe] C:\WINDOWS\system32\ntha32
O4 - HKLM\..\RunOnce: [ntzh.exe] C:\WINDOWS\system32\ntzh.e
O4 - HKLM\..\RunOnce: [ieze32.exe] C:\WINDOWS\ieze32.exe
O4 - HKLM\..\RunOnce: [ipuo.exe] C:\WINDOWS\ipuo.exe
O4 - HKLM\..\RunOnce: [crmv.exe] C:\WINDOWS\system32\crmv.e
O4 - HKLM\..\RunOnce: [atlkt32.exe] C:\WINDOWS\system32\atlkt3
O4 - HKLM\..\RunOnce: [crzv32.exe] C:\WINDOWS\crzv32.exe
O4 - HKLM\..\RunOnce: [ierr.exe] C:\WINDOWS\ierr.exe
O4 - HKLM\..\RunOnce: [crpw32.exe] C:\WINDOWS\system32\crpw32
O4 - HKLM\..\RunOnce: [crsz32.exe] C:\WINDOWS\crsz32.exe
O4 - HKLM\..\RunOnce: [crnw32.exe] C:\WINDOWS\crnw32.exe
O4 - HKLM\..\RunOnce: [ipmd32.exe] C:\WINDOWS\system32\ipmd32
O4 - HKLM\..\RunOnce: [ipep.exe] C:\WINDOWS\ipep.exe
O4 - HKLM\..\RunOnce: [crch32.exe] C:\WINDOWS\crch32.exe
O4 - HKLM\..\RunOnce: [javall.exe] C:\WINDOWS\system32\javall
O4 - HKLM\..\RunOnce: [crpn32.exe] C:\WINDOWS\system32\crpn32
O4 - HKLM\..\RunOnce: [mssu32.exe] C:\WINDOWS\mssu32.exe
O4 - HKLM\..\RunOnce: [appdq.exe] C:\WINDOWS\system32\appdq.
O4 - HKLM\..\RunOnce: [netpf.exe] C:\WINDOWS\netpf.exe
O4 - HKLM\..\RunOnce: [apicg.exe] C:\WINDOWS\apicg.exe
O4 - HKLM\..\RunOnce: [atlfw32.exe] C:\WINDOWS\system32\atlfw3
O4 - HKLM\..\RunOnce: [apipr.exe] C:\WINDOWS\system32\apipr.
O4 - HKLM\..\RunOnce: [appan32.exe] C:\WINDOWS\appan32.exe
O4 - HKLM\..\RunOnce: [crkv.exe] C:\WINDOWS\crkv.exe
O4 - HKLM\..\RunOnce: [javalm.exe] C:\WINDOWS\system32\javalm
O4 - HKLM\..\RunOnce: [winiv.exe] C:\WINDOWS\winiv.exe
O4 - HKLM\..\RunOnce: [addcs32.exe] C:\WINDOWS\system32\addcs3
O4 - HKLM\..\RunOnce: [sdkew.exe] C:\WINDOWS\system32\sdkew.
O4 - HKLM\..\RunOnce: [ipry.exe] C:\WINDOWS\ipry.exe
O4 - HKLM\..\RunOnce: [addjd32.exe] C:\WINDOWS\system32\addjd3
O4 - HKLM\..\RunOnce: [atlif.exe] C:\WINDOWS\atlif.exe
O4 - HKLM\..\RunOnce: [msnn32.exe] C:\WINDOWS\system32\msnn32
O4 - HKLM\..\RunOnce: [netbc.exe] C:\WINDOWS\system32\netbc.
O4 - HKLM\..\RunOnce: [javaou32.exe] C:\WINDOWS\javaou32.exe
O4 - HKLM\..\RunOnce: [winwr32.exe] C:\WINDOWS\system32\winwr3
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Mic
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-A
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {4E330863-6A11-11D0-BFD8-0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-9
O16 - DPF: {90A29DA5-D020-4B18-8660-6
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-0
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
O16 - DPF: {E855A2D4-987E-4F3B-A51C-6
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Forgot to add:
When booting up, now Windows Installer runs trying to install something from Microsoft Office. I have to hit 'cancel' many time to get it to stop.....
When booting up, now Windows Installer runs trying to install something from Microsoft Office. I have to hit 'cancel' many time to get it to stop.....
>>>Thanks, that made a hugh difference! still have a problem where my IE explorer gets hijacked
Did you set the resident and tea timers in spybot?
On the task bar near the clock there shold be an icon for spybot. Right click on it and select resident IE. Make sure that there are check marks next to
(block all bad pages silently)and (use resident in IE sessions)
If you choose the advanced mode for spybot then click on the "tools" bar on the left side.There you need to find "resident" and click on it. you will see a box that says "resident protection status" both check boxes should have checks in them.
By doing this spybot will do alot of the work for you. You may start getting "spybot" popups that ask for permissions. Grant permission if there was something you downloaded or started up. If you did not do anything then deny permissions.
Now these need to get clean.
R1 - HKCU\Software\Microsoft\Wi
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C
Do you know the programs associated with these? If you dont then you might consider removing them.
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
O16 - DPF: {140F03AE-0588-11D4-BD45-0
If your ok with looking in your registry then I will take you through it as a final check.
ASKER
Thanks for your help so far. I'm kind of a newbie and I'm not quite sure what you mean by "set the resident and tea timers in spybot". I have Spybot Search & Destroy 1.3. There is no icon in the tray on the right side. Should there be? or are you referring to a different spybot program?
Thanks in advance!
Thanks in advance!
ASKER
forgot to post: Here's the latest Hijackthis log. Every time I delete :
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C 1F0F013C96 D} - C:\WINDOWS\system32\d3dl32 .dll
....it keeps coming back!
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
...these are both files associated with Tiny Personal Firewall
Here's the log:
Logfile of HijackThis v1.98.0
Scan saved at 4:17:18 PM, on 8/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\System32\driver s\CDAC11BA .EXE
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEED D~1\nopdb. exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\System32\MsPMSP Sv.exe
C:\WINDOWS\TWAIN.DLL:ymhor
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.ex e
C:\PROGRA~1\NORTON~1\NORTO N~1\navapw 32.exe
C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 10IC2.EXE
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\netig3 2.exe
C:\unzipped\hijackthis\Hij ackThis.ex e
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C 1F0F013C96 D} - C:\WINDOWS\system32\d3dl32 .dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn1 \ycomp5_3_ 16_0.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex e
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSu p3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTO N~1\navapw 32.exe
O4 - HKLM\..\Run: [Verizon Control Pad] "C:\Program Files\Verizon Online\ControlPad\cpad.exe " #SPLASH
O4 - HKLM\..\Run: [netig32.exe] C:\WINDOWS\system32\netig3 2.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo n.exe
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\ DRIVERS\W3 2X86\3\E_S 10IC2.EXE /A "C:\WINDOWS\System32\E_S11 .tmp"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad obe Gamma Loader.exe
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-A DF037C8DDB C} - C:\Program Files\Verizon Online\ControlPad\Misc\a_m enu.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0 0B0D0A1DE4 5} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9 63509EAE56 B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4E330863-6A11-11D0-BFD8-0 0609723787 7} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/2901cdb6bd246dc06f06/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E 099162EEEC 5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-9 79C4A75F53 B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6 689520C7CD 7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0 0105AA9B6A E} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0 F47A330807 8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7 C6C9569B8C 7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-6 4D10A7E247 9} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{A B6B1167-64 5C-4B5A-A9 AD-4AD165D 51E4E}: NameServer = 199.45.32.43 199.45.32.38
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C
....it keeps coming back!
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
...these are both files associated with Tiny Personal Firewall
Here's the log:
Logfile of HijackThis v1.98.0
Scan saved at 4:17:18 PM, on 8/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\System32\driver
C:\WINDOWS\system32\cisvc.
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEED
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\System32\MsPMSP
C:\WINDOWS\TWAIN.DLL:ymhor
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\PROGRA~1\NORTON~1\NORTO
C:\WINDOWS\System32\spool\
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\netig3
C:\unzipped\hijackthis\Hij
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTO
O4 - HKLM\..\Run: [Verizon Control Pad] "C:\Program Files\Verizon Online\ControlPad\cpad.exe
O4 - HKLM\..\Run: [netig32.exe] C:\WINDOWS\system32\netig3
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O6 - HKCU\Software\Policies\Mic
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-A
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {4E330863-6A11-11D0-BFD8-0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-9
O16 - DPF: {90A29DA5-D020-4B18-8660-6
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
O16 - DPF: {E855A2D4-987E-4F3B-A51C-6
O17 - HKLM\System\CCS\Services\T
You can set those in spybot under the advance mode.
"If you choose the advanced mode for spybot then click on the "tools" bar on the left side.There you need to find "resident" and click on it. you will see a box that says "resident protection status" both check boxes should have checks in them.
"
C:\WINDOWS\system32\d3dl32 .dll>>>thi s needs to be deleted not the system32 file but the d3dl32.dll.
You will need to "show all files" and "show hidden extension" to see them all.
fix these after you have removed the .dll above.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C 1F0F013C96 D} - C:\WINDOWS\system32\d3dl32 .dll
O16 - DPF: {4E330863-6A11-11D0-BFD8-0 0609723787 7} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-9 79C4A75F53 B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{A B6B1167-64 5C-4B5A-A9 AD-4AD165D 51E4E}: NameServer = 199.45.32.43 199.45.32.38
"If you choose the advanced mode for spybot then click on the "tools" bar on the left side.There you need to find "resident" and click on it. you will see a box that says "resident protection status" both check boxes should have checks in them.
"
C:\WINDOWS\system32\d3dl32
You will need to "show all files" and "show hidden extension" to see them all.
fix these after you have removed the .dll above.
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C
O16 - DPF: {4E330863-6A11-11D0-BFD8-0
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-9
O17 - HKLM\System\CCS\Services\T
ASKER
I can't seem to check the "sd helper" box. The other one is now checked. Consequently, when I right click on the icon next to the clock, the "resident ie" is grayed out......
hmm...ok if you go back into spybot there is a "immunize" button. Click on this one and let it immunize everything. On the right side the is a box that says "permanently running bad..." make sure the "enable" box is checked and the menu below that says "block all pages silently".
Then go to the "tools" bar and click on it. make sure all the boxes are checked.(ie: view report,resident,shredder,e tc).
this should set that to the right setting.
Did you find the C:\WINDOWS\system32\d3dl32 .dll and remove it?
Then go to the "tools" bar and click on it. make sure all the boxes are checked.(ie: view report,resident,shredder,e
this should set that to the right setting.
Did you find the C:\WINDOWS\system32\d3dl32
ASKER
most curious....From the Immunize screen, I cannot check the 'enable permanent blocking of bad addresses'' . There is a yellow exclamation mark that indicates: "Browser helper to block bad addresses in NOT installed.....
I did delete the d3dl32.dll file but it keeps returning...I have system restore off. Should I be doing all this as an Administrator in Safe Mode? Up to this point, I've signed onto XP with my individual screen (We have 4 users in house)
I did delete the d3dl32.dll file but it keeps returning...I have system restore off. Should I be doing all this as an Administrator in Safe Mode? Up to this point, I've signed onto XP with my individual screen (We have 4 users in house)
>>>>Should I be doing all this as an Administrator in Safe Mode?
answer>>>YES
I would uninstall and re install spybot.
What has ad-aware SE done? I use it along with spybot and my Anti virus as a 1-2-3 punch on baddies out there.
Also your an update behind in HijackThis. Newest is 1.98.2
answer>>>YES
I would uninstall and re install spybot.
What has ad-aware SE done? I use it along with spybot and my Anti virus as a 1-2-3 punch on baddies out there.
Also your an update behind in HijackThis. Newest is 1.98.2
If none of these have worked completely then there are a couple more downloads that may help.
When you re install spybot make sure that the wizard lets you check the resident and tea timer that way it will be installed.
When you re install spybot make sure that the wizard lets you check the resident and tea timer that way it will be installed.
Hi!
Just a note to add to what akboss has advised:
Have HJT fix this one -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://software-dl.real.com/2901cdb6bd246dc06f06/netzip/RdxIE601.cab
Also, search your computer for all instances of any of the dll's or exe's
that have been pinpointed for removal, and delete all you find.
Particularly check your prefetch, dllcache, and ALL temp folders.
Regards...
RF
Just a note to add to what akboss has advised:
Have HJT fix this one -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
Also, search your computer for all instances of any of the dll's or exe's
that have been pinpointed for removal, and delete all you find.
Particularly check your prefetch, dllcache, and ALL temp folders.
Regards...
RF
ASKER
Logfile of HijackThis v1.98.0
Scan saved at 8:02:40 AM, on 8/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.ex
C:\PROGRA~1\NORTON~1\NORTO
C:\WINDOWS\System32\driver
C:\WINDOWS\system32\cisvc.
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEED
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\WINDOWS\System32\MsPMSP
C:\WINDOWS\TWAIN.DLL:ymhor
C:\WINDOWS\System32\wuaucl
C:\WINDOWS\System32\msiexe
C:\unzipped\hijackthis\Hij
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {935FF0DB-6EAC-6699-8318-C
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.ex
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSu
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTO
O4 - HKLM\..\Run: [Verizon Control Pad] "C:\Program Files\Verizon Online\ControlPad\cpad.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Ad
O6 - HKCU\Software\Policies\Mic
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-A
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {01A88BB1-1174-41EC-ACCB-9
O16 - DPF: {140F03AE-0588-11D4-BD45-0
O16 - DPF: {4E330863-6A11-11D0-BFD8-0
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-9
O16 - DPF: {90A29DA5-D020-4B18-8660-6
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-0
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
O16 - DPF: {E855A2D4-987E-4F3B-A51C-6
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F