yourgo

Members
  • Content Count

    32
  • Joined

  • Last visited

Community Reputation

0 Neutral

About yourgo

  • Rank
    Advanced Member
  1. HI CalamityJane Should have checked before I sent the last post. The LEAD tech reminder is gone. Thanks again for you expertise, everything looks and works good.
  2. HI CalamityJane Boy that was fun. " think I see the LEAD tech item, but of more concern is that I see some malware running" Where can I delete the LEAD tech reminder. Yourgo
  3. HI CalamityJane Here is the files from http://www.eset.com/onlinescan/index.php # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2544 (20070921) # vers_arch_module=1.058 (20070906) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=b3622d1b8b62f346b76cfbd1c0df76b2 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2007-09-21 06:07:59 # local_time=2007-09-21 11:07:59 (-0800, Pacific Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=448952 # found=5 # scan_time=4018 C:\Documents and Settings\Owner\My Documents\Unzipped\backup\avenger\svhhost.exe Win32/Rbot trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application (unable to clean - deleted) 00000000000000000000000000000000 C:\SDFix\backups\backups.zip a variant of Win32/Adware.WinFixer application (deleted) 00000000000000000000000000000000 C:\SDFix\backups\backups.zip »ZIP »backups/USDR6_9999_N18M1603NetInstaller.exe a variant of Win32/Adware.WinFixer application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_9999_N18M1603NetInstaller.exe a variant of Win32/Adware.WinFixer application (unable to clean - deleted) 00000000000000000000000000000000 Myturn is clean. "And you need to think about upgrading your IE to IE 7 - it's much more secure than IE 6. http://www.microsoft.com/windows/products/...ault.mspx" I rather stay with IE 6.
  4. HI CalamityJane "You'll need to use Internet Explorer with ActiveX enabled to run the scan." Where do I look to see if I have this. "Before you being scanning, be sure to temporarily turn off any other active security monitoring programs (Avast)" I found this option on the spinning ball. Have to get with Myturn to clean up his user account. I see some \things on my account that where removed but still show up like Battlefield 1942, Battlefield Vietnam and PartyPoker. Yourgo
  5. HI CalamityJane Boy that was fun I restarted the computer (after eveything was finished) Win firewall kept jump in to do a (checking file system on C: . but here is the info. 1. There was no :\WINDOWS\system32\msdp.dll on C: 2.ComboFix 07-09-18.4 - "Owner" 2007-09-19 19:29:20.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1118 [GMT -7:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\adrotate.dll . ((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 ))))))))))))))))))))))))))))))) . 2007-09-19 19:28 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 16:43 <DIR> d-------- C:\WINDOWS\ERUNT 2007-09-09 12:41 445,440 ---hs---- C:\WINDOWS\system32\msdp.dll 2007-09-08 16:00 <DIR> dr------- C:\Program Files\Trend Micro 2007-08-20 12:20 <DIR> d-------- C:\Program Files\viewsonic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-19 11:12 --------- d-------- C:\Program Files\Morpheus 2007-09-15 14:17 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Vso 2007-09-08 09:51 --------- d-------- C:\Program Files\Replay AV 8 2007-09-06 03:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 03:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 03:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 03:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 03:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-20 12:20 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-15 19:29 5632 --ahs---- C:\Program Files\Thumbs.db 2007-08-09 16:55 --------- d-------- C:\Program Files\Common Files\EasyInfo 2007-08-04 17:42 --------- d-------- C:\Program Files\PeerGuardian2 2007-08-03 17:28 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent 2007-07-24 08:59 --------- d-------- C:\DOCUME~1\Guest\APPLIC~1\Google 2007-07-21 17:23 737280 --a------ C:\WINDOWS\iun6002.exe 2007-07-21 12:21 --------- d-------- C:\Program Files\UltraISO 2007-07-21 12:21 --------- d-------- C:\Program Files\Common Files\EZB Systems 2007-02-04 17:24 1023 --a------ C:\Program Files\Power Point PPTVIEW.lnk 2005-09-04 15:26 774144 --a------ C:\Program Files\RngInterstitial.dll 2005-08-14 14:31 20798256 --a------ C:\Program Files\AdbeRdr70_enu_full.exe 2004-03-12 17:42 307200 --a------ C:\Program Files\SmaPanel.exe 2005-07-14 18:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-09-16 05:39 C:\WINDOWS\SOUNDMAN.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "farstone"="" [] "LTMSG"="LTMSG.exe" [2003-07-14 10:52 C:\WINDOWS\ltmsg.exe] "Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-08-06 17:01] "RestoreIT!"="C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.exe" [2004-05-27 10:54] "PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 18:56] "tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 18:37] "EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.exe" [2004-05-19 13:00] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 12:01] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-09 19:27] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-05 12:39] "nwiz"="nwiz.exe" [2006-04-05 12:39 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-05 12:39] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 02:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe" [] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-04 10:08:33] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 15:23:00] USB Sharing.lnk - C:\Program Files\USB Sharing\usbshare.exe [2005-09-18 11:10:06] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips FunCam Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips FunCam Monitor.lnk backup=C:\WINDOWS\pss\Philips FunCam Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TM Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TM Monitor.lnk backup=C:\WINDOWS\pss\TM Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys R2 FBAPI;FBAPI;\??\C:\WINDOWS\system32\drivers\FBAPI.sys R3 CXTuner;Conexant TVTuner;C:\WINDOWS\system32\drivers\CXTuner.sys R3 CXVideo;Conexant Capture;C:\WINDOWS\system32\drivers\CXVCap.sys R3 CXXBar;Conexant Crossbar;C:\WINDOWS\system32\drivers\CXXBar.sys R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\fide.sys S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys S3 SunkFilt6;Alcor Micro Corp - 6360;\??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys S3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-19 19:34:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-19 19:37:09 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-19 19:37 . --- E O F --- Question: Do you have another user account on this system? called: MyTurn --Yes
  6. HI CalamityJane As you requested SDFix: Version 1.106 Run by Owner on Wed 09/19/2007 at 04:46 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher" "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe:*:Enabled:CoDUOMP" "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP" "C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam" "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942" "C:\\Program Files\\Microsoft Digital Image 2006\\PIXPhotoStory.exe"="C:\\Program Files\\Microsoft Digital Image 2006\\PIXPhotoStory.exe:*:Enabled:Photo Story 3.1" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus" "C:\\Documents and Settings\\Owner\\My Documents\\Download programs\\BitComet\\BitComet.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Download programs\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service" "C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Myturn\Favorites\Links\Fold\organizer.com.url C:\Documents and Settings\Myturn\Favorites\Links\Linlk\Welcome to Saintmovies.com.url C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\1 SYS\New x\z New xx\Folder\New 22\www.otbm.com_ELW_Haley_part05.wmv C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\1 SYS\New x\z New xx\Folder\New 22\www.otbm.com_ELW_Haley_part06.wmv C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\1 SYS\New x\z New xx\Folder\New 22\www.otbm.com_ELW_Haley_part07.wmv C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\1 SYS\New x\z New xx\Folder\New 22\www.otbm.com_ELW_Haley_part08.wmv C:\Documents and Settings\Myturn\My Documents\System Data\disk Folder\New Folder\1 SYS\New Folder x\realgirlsing.com_teenhitchhikers17-01[1].mpeg C:\Documents and Settings\Myturn\My Documents\System Data\disk Folder\New Folder\4 New Folder\femaleejaculations.janswebring.com-sample3.mpeg C:\Documents and Settings\Myturn\My Documents\System Data\Pics\www.oceanvids.com_519c.mpg C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\albumbase.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\dgui.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\ezdll.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\EzFile.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\filefpx.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\fpxlib.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\jpeglib.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\PrintLabelRes.dll C:\Program Files\Replay AV 8\14_43260.dll C:\Program Files\Replay AV 8\28_83260.dll C:\Program Files\Replay AV 8\atrc3260.dll C:\Program Files\Replay AV 8\cook3260.dll C:\Program Files\Replay AV 8\cygwin1.dll C:\Program Files\Replay AV 8\cygz.dll C:\Program Files\Replay AV 8\dnet3260.dll C:\Program Files\Replay AV 8\drv23260.dll C:\Program Files\Replay AV 8\drv33260.dll C:\Program Files\Replay AV 8\drv43260.dll C:\Program Files\Replay AV 8\ivvideo.dll C:\Program Files\Replay AV 8\qtmlClient.dll C:\Program Files\Replay AV 8\raac.dll C:\Program Files\Replay AV 8\sipr3260.dll C:\WINDOWS\system32\AVSredirect.dll C:\WINDOWS\system32\msdp.dll C:\Documents and Settings\Myturn\My Documents\System Data\1 SYS Info\Briefcase\System dos 06\Party Film\ArcSoft\Printer\Print_Label.exe C:\WINDOWS\system32\Tools\All.exe C:\WINDOWS\system32\Tools\Change.exe C:\WINDOWS\system32\Tools\CheckPath.exe C:\WINDOWS\system32\Tools\Counter.exe C:\WINDOWS\system32\Tools\DelFolders.exe C:\WINDOWS\system32\Tools\DirectSetup.exe C:\WINDOWS\system32\Tools\RegClean.exe C:\WINDOWS\system32\Tools\Regexe.exe C:\WINDOWS\system32\Tools\Restart.exe C:\WINDOWS\system32\Tools\RunRegexe.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Office\Shortcut Bar\Off2F.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0004.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0005.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0064.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0106.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0111.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0144.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0183.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0200.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0203.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0204.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0223.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0232.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0242.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0256.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0257.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0264.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0268.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0273.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0295.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0302.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0303.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0316.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0317.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0321.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0323.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0332.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0334.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0358.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0361.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0393.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0395.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0451.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0456.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0464.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0494.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0498.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0510.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0516.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0533.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0570.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0580.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0587.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0660.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0665.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0671.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0673.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0682.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0702.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0714.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0726.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0737.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0740.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0766.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0779.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0788.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0791.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0818.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0830.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0835.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0840.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0848.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0860.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0878.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0885.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0901.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0902.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0904.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0905.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0910.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0914.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0928.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0931.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0940.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0947.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0979.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL0993.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1028.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1038.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1058.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1082.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1090.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1115.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1122.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1134.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1163.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1170.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1185.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1190.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1214.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1227.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1232.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1233.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1240.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1246.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1261.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1267.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1270.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1278.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1312.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1314.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1324.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1326.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1332.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1342.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1371.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1384.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1417.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1430.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1448.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1465.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1466.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1481.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1491.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1511.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1529.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1566.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1577.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1663.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1678.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1688.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1750.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1819.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1850.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1851.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1852.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1858.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1872.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1886.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1920.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1925.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1958.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1977.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL1993.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2032.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2036.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2077.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2080.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2090.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2095.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2130.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2160.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2163.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2185.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2206.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2231.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2248.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2255.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2258.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2307.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2343.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2378.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2385.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2403.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2470.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2482.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2490.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2496.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2497.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2509.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2513.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2521.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2524.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2572.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2578.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2581.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2582.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2603.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2630.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2634.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2636.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2637.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2644.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2662.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2704.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2712.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2729.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2733.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2758.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2774.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2798.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2822.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2831.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2873.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2896.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2914.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2933.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2938.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2941.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2943.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2946.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2962.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2972.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2975.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2979.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3007.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3009.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3014.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3073.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3115.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3120.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3126.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3148.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3163.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3179.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3192.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3208.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3216.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3217.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3226.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3279.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3293.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3302.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3324.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3350.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3351.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3352.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3361.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3375.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3400.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3418.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3421.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3433.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3448.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3463.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3465.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3486.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3531.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3545.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3568.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3585.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3596.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3601.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3638.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3640.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3711.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3716.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3718.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3738.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3757.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3764.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3794.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3816.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3841.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3874.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3910.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3915.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3916.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3930.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3971.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3973.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3976.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3977.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL3981.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL4033.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL4066.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL4092.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0448.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0892.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1013.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1309.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1558.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1675.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1779.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1926.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2310.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2841.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3160.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3621.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3725.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3807.tmp C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3866.tmp C:\Documents and Settings\Owner\Local Settings\Temp\mvuB2.tmp\Thumbs.db C:\Documents and Settings\Owner\Local Settings\Temp\nszC8.tmp\Thumbs.db C:\Documents and Settings\Owner\My Documents\~WRL0981.tmp C:\Documents and Settings\Owner\My Documents\~WRL3265.tmp C:\Documents and Settings\Owner\My Documents\My Pictures\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\~WRL0005.tmp C:\Documents and Settings\Owner\My Documents\My Pictures\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\~WRL0178.tmp C:\Documents and Settings\Owner\My Documents\My Pictures\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\Spero\1 Spero's Folders\Teamsters files 02 03\~WRL1217.tmp C:\Documents and Settings\Owner\My Documents\My Pictures\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\Spero\1 Spero's Folders\Teamsters files 02 03\~WRL1541.tmp C:\Documents and Settings\Owner\My Documents\My Pictures\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\Spero\Olympia 2004\~WRL0648.tmp C:\Documents and Settings\Owner\My Documents\Spero Home Information\Spero's Folders\Teamsters files 02 03\~WRL1217.tmp C:\Documents and Settings\Owner\My Documents\Spero Home Information\Spero's Folders\Teamsters files 02 03\~WRL1541.tmp C:\Documents and Settings\Owner\My Documents\Spero Information\OLYMPIA 2003-2006\Olympia 2006\1 Olympia 2004\~WRL0648.tmp C:\My Pictures 2\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\~WRL0005.tmp C:\My Pictures 2\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\~WRL0178.tmp C:\My Pictures 2\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\Spero\1 Spero's Folders\Teamsters files 02 03\~WRL1217.tmp C:\My Pictures 2\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\Spero\1 Spero's Folders\Teamsters files 02 03\~WRL1541.tmp C:\My Pictures 2\Z A Oly-Philips-Web cam back up pics\Files from Tiny-Ibm\KINGSTON (F)\My Documents\Spero\Olympia 2004\~WRL0648.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\724081fd4b90373d6fc8053f53278ba1\BIT7.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bd1cd727f9156915edd6700037e6f705\BITE7A.tmp Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:01:31 PM, on 9/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE C:\WINDOWS\PowerS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\support.com\bin\tgcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\USB Sharing\usbshare.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620" O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: USB Sharing.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail...gwebinstall.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playgames.comcast.net/online2/heavy...aploader_v6.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - http://www.stnicholastacoma.org/dancers.gif -- End of file - 10801 bytes
  7. HI CalamityJane C:\WINDOWS\system32\kbdauc.exe can't find any where. I sent this again C:\avenger\backup.zip I think i sent it wrong the first time. Thank You for your time. Yourgo
  8. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ujvaoice ******************* Script file located at: \??\C:\Documents and Settings\gkbjdrwq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\svhhost.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. CalamityJane Sent the following Avenger.txt file named Avenger\backup.zip. I am not quite sure what you want me to do with this or where to find it?? "Now do the same again with this file: C:\WINDOWS\system32\kbdauc.exe" Did you mean Open HijackThis and do a *system scan only* When it finishes, place a checkmark next to each of these items listed When you have checkmarked those entries (and those only) then press the *fix checked* button. Close Hijackthis and send a neww Hijackthis File?
  9. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ujvaoice ******************* Script file located at: \??\C:\Documents and Settings\gkbjdrwq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\svhhost.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. CalamityJane Sent the following Avenger.txt file named Avenger\backup.zip. I am not quite sure what you want me to do with this "Now do the same again with this file: C:\WINDOWS\system32\kbdauc.exe"
  10. I hope it all gets to you Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:05:23 PM, on 9/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\PowerS.exe C:\Program Files\support.com\bin\tgcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\USB Sharing\usbshare.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620" O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [kbdauc] C:\WINDOWS\system32\kbdauc.exe O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: USB Sharing.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail...gwebinstall.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playgames.comcast.net/online2/heavy...aploader_v6.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - http://www.stnicholastacoma.org/dancers.gif -- End of file - 10804 bytes
  11. Per your request Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:54:29 PM, on 9/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\LTMSG.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE C:\WINDOWS\PowerS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\support.com\bin\tgcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\svhhost.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\USB Sharing\usbshare.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fryssupport.net/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620" O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Microsoft Critical Services] svhhost.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\RunServices: [Microsoft Critical Services] svhhost.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~2\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [kbdauc] C:\WINDOWS\system32\kbdauc.exe O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\EpsonReg\EPSONREG.EXE O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: USB Sharing.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...easeInstall.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07b430cd786595...tzip/RdxIE6.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121977009468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126113073296 O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail...gwebinstall.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://playgames.comcast.net/online2/heavy...aploader_v6.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O24 - Desktop Component 0: (no name) - http://www.stnicholastacoma.org/dancers.gif -- End of file - 11314 bytes Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Photoshop 7.0 Adobe Reader 7.0.9 Adobe Shockwave Player ArcSoft ShowBiz DVD 2 ArcSoft Software Suite ArcSoft TotalMedia avast! Antivirus AVI MPEG Video Converter BitComet 0.70 Call of Duty - United Offensive Call of Duty Game of the Year Edition Call of Duty® 2 Canon PhotoRecord Canon PIXMA iP1500 Canon Utilities Easy-PhotoPrint Cars ComcastSUPPORT ConvertXtoDVD 2.0.13 DivX DVD Decrypter (Remove Only) DVD Shrink 3.2 DVDFab Decrypter 2.9.8.3 Easy-WebPrint EPSON CardMonitor EPSON Copy Utility 3 EPSON PhotoStarter3.2 EPSON Printer Software EPSON Scan EPSON Smart Panel EPSON SPRX620 Reference Guide EPSON Web-To-Page Family Tree Maker 6.0 Google Toolbar for Internet Explorer GTR 2 1.0.0.0 HijackThis 2.0.2 Hotfix for Windows XP (KB926239) IBM ViaVoice Pro - US English Icons Image Resizer Powertoy for Windows XP ImageMixer VCD/DVD2 for OLYMPUS InCD IrfanView (remove only) Java 6 Update 2 Lavasoft VX2 Cleaner Logitech Gaming Software Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Suite 2006 Microsoft Links 2001 Microsoft Office Professional Edition 2003 Microsoft Picture It! Photo Premium 2001 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Windows Script Host Microsoft Works 2000 Microsoft Works 2000 Setup Launcher Morpheus 5.2 (remove only) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) Multimedia Card Reader MX vs ATV Unleashed Need for Speedâ„¢ Most Wanted Nero Digital Nero Media Player Nero OEM NVIDIA Drivers PeerGuardian 2.0 Photodex Presenter ProShow Gold QuickTime RealArcade RealPlayer Realtek AC'97 Audio Recover Pro Replay AV 8 ScanToWeb Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Shockwave Sierra Utilities Snail Mail Online TV Station UltraISO Premium V8.63 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) USB Sharing ViewSonic Monitor Drivers Windows Defender Signatures Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 WinPcap 3.1 WinZip Word in Works Suite add-in WordPerfect Office 12
  12. Hi Calamity Jane I looked at the info. I never purchaced the product and don't even remember down loading a 30 day evalution period. I sure an"t going buy the product to remove this. Would there be a problem deleting from the Regedit at Hkey_Local_Machine\Software\Lead Technologies or where do you thing the reminder is hidden? Yourgo
  13. Hi Calamity Jane I checked the ad/remove programs and i think this maybe the one. Microsoft Compression Client pack 1.0 for Winndows XP. I have not removed it yet. Yourgo
  14. Help Every time I open a video in Win media player 10 a pop up ( reminder ) uppers from “LEAD Technologies, Incâ€. asking to check their product out with options of ( Check it out or later) I have searched my computer for this reminder and found it in the Regedit at Hkey_Local_Machine\Software\Lead Technologies. I have run Avast and Ad-Aware SE personal. No help. Can I delete this file from the Regedit. Running Windows XP Home Any help is appreciated Yourgo
  15. CalamityJane I would like to thank you again for all your Excellent help these past few days. I learned a lot. Thanks again. Yourgo