bhenry

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About bhenry

  • Rank
    Newbie
  1. [quote name='Rorschach112' post='123736' date='Nov 19 2010, 07:54 AM']Download ComboFix here : [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url] [url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url] [color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color][list] [*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them [url="http://www.bleepingcomputer.com/forums/topic114351.html"][b]Click me[/b][/url] [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [/list][color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color] [center][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/center] Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img] Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] log in your next reply.[/quote] I followed the instructions on stopping virus software and installed combofix. It stopped install (I think) and told me it would be unsafe to continue and i needed to uninstall AVG. I have been in safe mode this whole time. I tried to uninstall in safe mode and recieved an error that it could not uninstall. I went out of safe mode and tried to uninstall again, still no luck, same error. Local machine: installation failed Installation: Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key.... Access is denied. notice the comment "access is denied" but not sure why. In safe mode I logged in as administrator, and in normal mode i logged in as user with admin privleges, had a look at the user accounts and there is not a seperate admin account just my login name account (again I am the listed administrator). I have attached the report log that it provided also. Best I could do to compress the file (7 Mb) hope it works for you. Not sure how to proceed next????
  2. Please help! I have completed the 4 steps and attached info below. I am working from another machine as the infected one is having great difficulties. Step # 1 OTM run and ERDNT.exe file save to a flash drive and desktop. Step # 2 Here is the best scan log I can provide. I am unable to get update. "error - 1" Logfile created: 11/17/2010 16:31:13 Ad-Aware version: 8.3.3 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Administrator *********************** Definitions database information *********************** Lavasoft definition file: 149.470 Genotype definition file version: Unknown Extended engine definition file: 6910.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 97070 Objects detected: 0 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Scan and cleaning complete: Finished correctly after 5814 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,E:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Wed Nov 10 20:55:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Wed Nov 10 02:55:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Wed Nov 10 08:55:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Wed Nov 10 14:55:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Wed Nov 10 20:55:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: true ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: Default.eGL, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: false ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: false ID: modules, enabled:1 ID: processprotection, enabled:0, value: false ID: onaccessprotection, enabled:0, value: false ID: registryprotection, enabled:0, value: true ID: networkprotection, enabled:0, value: true ****************************** System information ****************************** Computer name: BASEMENT Processor name: Intel® Celeron® CPU 2.53GHz Processor identifier: x86 Family 15 Model 4 Stepping 1 Processor speed: ~2534MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1025, number of processors 1, processor features: [MMX,SSE,SSE2] Physical memory available: 429084672 bytes Physical memory total: 804765696 bytes Virtual memory available: 1905188864 bytes Virtual memory total: 2147352576 bytes Memory load: 46% Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Windows startup mode: Running processes: PID: 580 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 628 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 652 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 700 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 712 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 876 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 968 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1092 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1152 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1232 name: C:\Program Files\AVG\AVG9\avgchsvx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1316 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2040 name: C:\WINDOWS\Explorer.EXE owner: Administrator domain: BASEMENT PID: 1024 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Administrator domain: BASEMENT PID: 1116 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1264 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 956 name: C:\WINDOWS\System32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 1604 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Administrator domain: BASEMENT Startup items: Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: IE Privacy Keeper imagepath: "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup Name: SunJavaUpdateSched imagepath: C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe Name: AVG9_TRAY imagepath: C:\PROGRA~1\AVG\AVG9\avgtray.exe Name: NvCplDaemon imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Name: nwiz imagepath: nwiz.exe /install Name: NvMediaCenter imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Name: VirtualCloneDrive imagepath: "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s Name: HP Software Update imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime Name: SoundMan imagepath: SOUNDMAN.EXE Name: NeroCheck imagepath: C:\WINDOWS\system32\NeroCheck.exe Name: MMTray imagepath: C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe Name: mmtask imagepath: "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" Name: LyraHD2TrayApp imagepath: "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" Name: AdaptecDirectCD imagepath: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" Name: Google Desktop Search imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe Photo Downloader imagepath: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" Name: MSConfig imagepath: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Name: XML Service imagepath: msxml32.exe Name: System Recovery Scheduling Service imagepath: srss.exe Name: Windows Client/Server Runtime Server imagepath: csrs.exe Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: Windows Client/Server Runtime Server imagepath: csrs.exe Name: msnmsgr imagepath: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background Name: OTM imagepath: "C:\Documents and Settings\Administrator\Desktop\OTM.exe" Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK imagepath: C:\Corel\Graphics8\Programs\MFIndexer.exe Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk imagepath: C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk imagepath: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk imagepath: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk imagepath: C:\Program Files\Microsoft Office\Office\OSA.EXE Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk imagepath: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express Calendar Checker For My Custom Edition.lnk imagepath: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk imagepath: C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-ca\bin\WindowsSearch.exe Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: Browser displayname: Computer Browser Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: dmserver displayname: Logical Disk Manager Name: Dnscache displayname: DNS Client Name: Eventlog displayname: Event Log Name: helpsvc displayname: Help and Support Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: PlugPlay displayname: Plug and Play Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: srservice displayname: System Restore Service Name: TermService displayname: Terminal Services Name: winmgmt displayname: Windows Management Instrumentation Name: WZCSVC displayname: Wireless Zero Configuration Step # 3 Here is the GMER Log: GMER 1.0.15.15530 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Autostart scan 2010-11-17 18:21:45 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>> @UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe, @Systemkdril.exe = kdril.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>> [email protected] = avgrsstx.dll [email protected] = WgaLogon.dll HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs = C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL HKLM\SYSTEM\CurrentControlSet\Services\ >>> Apple Mobile [email protected] = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [email protected] = "C:\Program Files\AVG\AVG9\avgwdsvc.exe" [email protected] = C:\Program Files\Canon\CAL\CALMAIN.exe [email protected] = C:\Program Files\DynDNS Updater\DynDNS.exe [email protected] = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [email protected] = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [email protected] = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" MSSQL$[email protected] = C:\Program Files\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe -sPRIMAVERA /*file not found*/ [email protected] = C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER /*file not found*/ [email protected] = "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll" /prefetch:1 [email protected] = %SystemRoot%\system32\nvsvc32.exe [email protected] = %SystemRoot%\system32\drivers\scsiport.sys HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @IE Privacy Keeper"C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup = "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup @SunJavaUpdateSchedC:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe = C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe @AVG9_TRAYC:\PROGRA~1\AVG\AVG9\avgtray.exe = C:\PROGRA~1\AVG\AVG9\avgtray.exe @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit @VirtualCloneDrive"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s = "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s @HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe @iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe" @QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime @SoundManSOUNDMAN.EXE = SOUNDMAN.EXE @NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @MMTrayC:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe = C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe @mmtask"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" @LyraHD2TrayApp"C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" = "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" @AdaptecDirectCD"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" @Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup @Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" @Adobe Photo Downloader"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" @MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices >>> @XML Servicemsxml32.exe /*file not found*/ = msxml32.exe /*file not found*/ @System Recovery Scheduling Servicesrss.exe /*file not found*/ = srss.exe /*file not found*/ @Windows Client/Server Runtime Servercsrs.exe /*file not found*/ = csrs.exe /*file not found*/ [email protected] = "C:\Documents and Settings\Administrator\Desktop\OTM.exe" HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] = C:\WINDOWS\system32\ctfmon.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/ @{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\System32\hticons.dll /*file not found*/ = C:\WINDOWS\System32\hticons.dll /*file not found*/ @{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) = @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL @{5E44E225-A408-11CF-B581-008029601108} /*Adaptec DirectCD Shell Extension*/C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll = C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll @{E0D79300-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll @{E0D79301-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll @{E0D79302-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll @{0A082D00-EC93-11D0-B1E6-80580BC10627} /*Corel Media Folder Root Menu Handler*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll @{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} /*Folder To Corel Media Folder Menu Handler*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll @{854AF161-1AE1-11D1-AB9B-00C0F00683EB} /*Corel Media Folder*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll @{E856F161-1AE5-11d1-AB9B-00C0F00683EB} /*Corel Media Folder*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll @{CDB89701-262F-11D1-AB9C-00C0F00683EB} /*Corel Media Find Folder*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll @{F8152501-455F-11D1-B1E6-444553540000} /*Corel Media Folder Copy Hook Handler*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll @{8E524B0D-04F0-11D1-B74A-00A0C90646A4} /*IconFactTemp.NSIconHandlerFactory*/C:\Corel\Graphics8\programs\CNSFlt80.dll = C:\Corel\Graphics8\programs\CNSFlt80.dll @{A2AC368A-F883-11D0-B745-00A0C90646A4} /*NSFiltManDll.FiltManCom*/C:\Corel\Graphics8\programs\CNSFlt80.dll = C:\Corel\Graphics8\programs\CNSFlt80.dll @{B63FCD5A-2396-11D1-B762-00A0C90646A4} /*¼*/C:\Corel\Graphics8\programs\CMFFnd80.dll = C:\Corel\Graphics8\programs\CMFFnd80.dll @{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} /*TIShelEx Shell Extension*/C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll = C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll @{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Program Files\MSN Toolbar Suite\EXT2.05.0001.1119\en-ca\msnlExt.dll = C:\Program Files\MSN Toolbar Suite\EXT2.05.0001.1119\en-ca\msnlExt.dll @{97090E2F-3062-4459-855B-014F0D3CDBB1} /*MSN Deskbar*/C:\Program Files\MSN Toolbar Suite\DB2.05.0000.1082\en-ca\deskbar.dll = C:\Program Files\MSN Toolbar Suite\DB2.05.0000.1082\en-ca\deskbar.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll @{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Universal Plug and Play Devices*/(null) = @{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) = @{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll @{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files\AVG\AVG9\avgse.dll = C:\Program Files\AVG\AVG9\avgse.dll @{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) = @{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{B7056B8E-4F99-44f8-8CBD-282390FE5428} /*VirtualCloneDrive*/C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll = C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL @{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll @{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll @{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll @{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Program Files\Microsoft Office\Office12\VISSHE.DLL = C:\Program Files\Microsoft Office\Office12\VISSHE.DLL @{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Program Files\Microsoft Office\Office12\VISSHE.DLL = C:\Program Files\Microsoft Office\Office12\VISSHE.DLL @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll @{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} /*Snagit*/C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll = C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll @{CF74B903-3389-469c-B3B6-0204D204FCBD} /*SnagIt Shell Extension*/C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll = C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll @{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll @{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) = HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> AVG9 Shell [email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll [email protected]{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll [email protected]{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll [email protected]{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\NavShExt.dll" [email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [email protected]{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> [email protected]{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} = C:\Corel\Graphics8\programs\CMFFld80.dll [email protected]{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll [email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [email protected]{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> AVG9 Shell [email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll [email protected]{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll [email protected]{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\NavShExt.dll" [email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [email protected]{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{00C6482D-C502-44C8-8409-FCE54AD9C208}C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll = C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll @{0347C33E-8762-4905-BF09-768834316C61}C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll @{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll @{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG9\avgssie.dll = C:\Program Files\AVG\AVG9\avgssie.dll @{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll = C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll @{6D53EC84-6AAE-4787-AEEE-F4628F01010C}C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL = C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL @{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll @{A3BC75A2-1F87-4686-AA43-5347D756017C}C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll = C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll @{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll @{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll = C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll @{D4027C7F-154A-4066-A1AD-4243D8127440}C:\Program Files\Ask.com\GenericAskToolbar.dll = C:\Program Files\Ask.com\GenericAskToolbar.dll @{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll @{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll @{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll HKCU\Control Panel\[email protected] = %SystemRoot%\System32\logon.scr HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\[email protected] = C:\Program Files\Internet Explorer\Plugins\NPUPano.dll HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] @Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/[email protected] = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> [email protected] = C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [email protected] = C:\WINDOWS\system32\msvidctl.dll [email protected] = C:\WINDOWS\System32\itss.dll [email protected] = C:\WINDOWS\System32\msvidctl.dll [email protected] = C:\Program Files\AVG\AVG9\avgpp.dll [email protected] = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [email protected] = %SystemRoot%\System32\inetcomm.dll [email protected] = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [email protected] = C:\WINDOWS\System32\itss.dll [email protected] = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [email protected] = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL [email protected] = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [email protected] = C:\WINDOWS\system32\msvidctl.dll [email protected] = C:\WINDOWS\System32\wiascr.dll HKLM\Software\Classes\PROTOCOLS\Handler\[email protected] = C:\Program Files\Windows Live\Mail\mailcomm.dll C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>> Corel MEDIA FOLDERS INDEXER 8.LNK = Corel MEDIA FOLDERS INDEXER 8.LNK HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk HPAiODevice(hp psc 900 series) - 1.lnk = HPAiODevice(hp psc 900 series) - 1.lnk Microsoft Find Fast.lnk = Microsoft Find Fast.lnk NkbMonitor.exe.lnk = NkbMonitor.exe.lnk Office Startup.lnk = Office Startup.lnk Service Manager.lnk = Service Manager.lnk Ulead Photo Express Calendar Checker For My Custom Edition.lnk = Ulead Photo Express Calendar Checker For My Custom Edition.lnk Windows Desktop Search.lnk = Windows Desktop Search.lnk ---- EOF - GMER 1.0.15 ---- Step #4 Here is the Highjackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:35:35 PM, on 11/17/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://windowsupdate.microsoft.com/"]http://windowsupdate.microsoft.com/[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {4CA9620D-E062-6AC1-8471-155504FB2E4F} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [XML Service] msxml32.exe O4 - HKLM\..\RunServices: [System Recovery Scheduling Service] srss.exe O4 - HKLM\..\RunServices: [Windows Client/Server Runtime Server] csrs.exe O4 - HKLM\..\RunOnce: [OTM] "C:\Documents and Settings\Administrator\Desktop\OTM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Windows Client/Server Runtime Server] csrs.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Windows Client/Server Runtime Server] csrs.exe (User 'Default user') O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-ca\bin\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing) O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url="http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - [url="http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab"]http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab[/url] O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab"]http://messenger.zone.msn.com/binary/MineSweeper.cab[/url] O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab"]http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab[/url] O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - [url="http://upload.facebook.com/controls/FacebookPhotoUploader3.cab"]http://upload.facebook.com/controls/Facebo...toUploader3.cab[/url] O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [url="http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab"]http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab[/url] O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader.cab"]http://upload.facebook.com/controls/Facebo...otoUploader.cab[/url] O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [url="http://go.divx.com/plugin/DivXBrowserPlugin.cab"]http://go.divx.com/plugin/DivXBrowserPlugin.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsClient.cab"]http://messenger.zone.msn.com/binary/Messe...StatsClient.cab[/url] O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - [url="http://img.funtigo.com/images/uploader/ssiPictureUploader.cab"]http://img.funtigo.com/images/uploader/ssi...ureUploader.cab[/url] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url="http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab"]http://messenger.msn.com/download/MsnMesse...pDownloader.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url="http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab"]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url] O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [url="http://www.adobe.com/products/acrobat/nos/gp.cab"]http://www.adobe.com/products/acrobat/nos/gp.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]https://download.macromedia.com/pub/shockwa...ash/swflash.cab[/url] O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab"]http://upload.facebook.com/controls/Facebo...Uploader4_5.cab[/url] O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - [url="http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326"]http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326[/url] O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - [url="http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab"]http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab[/url]? O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab"]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url] O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url="http://messenger.zone.msn.com/binary/SolitaireShowdown.cab"]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{2F19639F-3F00-4E58-B1B6-BC63A8270DB1}: NameServer = 85.255.114.73,85.255.112.227 O17 - HKLM\System\CCS\Services\Tcpip\..\{51486A4B-D838-4747-9DA3-8912C4BF8DF7}: NameServer = 85.255.114.73,85.255.112.227 O17 - HKLM\System\CCS\Services\Tcpip\..\{C2455EF4-DA52-4258-8B6E-EAEA71293817}: NameServer = 85.255.114.73,85.255.112.227 O17 - HKLM\System\CCS\Services\Tcpip\..\{F6FF5342-76C5-4990-95E0-3D080CFDB78E}: NameServer = 85.255.114.73,85.255.112.227 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 15318 bytes Thanks in advance, would not have made it this far without this help so far. I still hold a glimmer of hope. Bigball