I have completed your instructions. Already, things seem to have improved.
FYI, when I login to my account on my children's computer I get two error messages. The first one says it had an error loading MWSBAR.DLL. I can get the full path if you need it.
The second error message says Windows Defender failed to initialize.
Anyway, here is the SDFix report and the new HijackThis log:
- - -
SDFix Report:
SDFix: Version 1.58
Sun 01/14/2007 - 18:56:20.96
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
COM+ Messages
winsock32.exe
Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000501
"C:\WINDOWS\winsock32.exe"
COM+ Messages Deleted
winsock32.exe Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Killing PID 136 'smss.exe'
Killing PID 212 'winlogon.exe'
Rebooting
Normal Mode:
Checking Files:
Files will be copied to Backups folder then removed:
C:\WINDOWS\TEMP\STDRUN1.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN10.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN11.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN12.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN13.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN2.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN3.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN4.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN5.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN6.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN7.EXE - Deleted
C:\WINDOWS\TEMP\STDRUN8.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN1.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN2.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN20.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN21.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN22.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN23.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN4.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN5.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN6.EXE - Deleted
C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMP\STDRUN8.EXE - Deleted
C:\PROGRA~1\SONYER~1\MOBILE2\MOBILE~1\SETDBG~1.EXE - Deleted
C:\PROGRA~1\HP\HPSOFT~1\SELFUP~1.EXE - Deleted
C:\sstray.exe - Deleted
C:\svhost.exe - Deleted
C:\tskmgr.exe - Deleted
C:\WINDOWS\lcass.exe - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\rpcc.dll - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\tcb.pmw - Deleted
C:\WINDOWS\winSock32.exe - Deleted
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\WINDOWS\\specialoffers4.exe"="C:\\WINDOWS\\specialoffers4.exe:*:Disabled:Special Offers Networks"
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Nickelodeon\\SpongeBob Squarepants 3D Obstacle Odyssey\\sboo.exe"="C:\\Program Files\\Nickelodeon\\SpongeBob Squarepants 3D Obstacle Odyssey\\sboo.exe:*:Disabled:sboo"
"C:\\Documents and Settings\\Glen Stewart\\My Programs\\quickenw\\QW.EXE"="C:\\Documents and Settings\\Glen Stewart\\My Programs\\quickenw\\QW.EXE:*:Enabled:Quicken Home & Business 99"
"C:\\Program Files\\funkitron\\SCRABBLE\\Scrabble.exe"="C:\\Program Files\\funkitron\\SCRABBLE\\Scrabble.exe:*:Enabled:SCRABBLE ®"
"C:\\Program Files\\Tower Blaster\\TowerBlaster.exe"="C:\\Program Files\\Tower Blaster\\TowerBlaster.exe:*:Enabled:Tower Blaster "
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Rhapsody\\rhapsody.exe"="C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Disabled:RealNetworks Rhapsody"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\WINDOWS\\system32"="C:\\WINDOWS\\system32:*:Enabled:lockx"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Disabled:TrueVector Service"
"C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\WINDOWS\\winsock32.exe"="C:\\WINDOWS\\winsock32.exe:*:Disabled:winsock32"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1143472629\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Listing Files with hidden attributes:
C:\NTDETECT.COM
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\My Backups\Frodo\Favorites\Channels\Business\The Quicken.com Channel\desktop.ini
C:\WINDOWS\twain.dll
C:\WINDOWS\twain_32.dll
C:\WINDOWS\system32\gtool.dll
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\RECYCLER\S-1-5-21-73586283-1957994488-839522115-1004\Dc215\winsock32.exe
C:\WINDOWS\T?sks\arpa.exe
C:\WINDOWS\??crosoft\wuauboot.exe
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Samwise Backups\My Documents\Business\Ebe\SR Phase 2\Loan Proposal\020314\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Samwise Backups\My Documents\Business\Ebe\SR Phase 2\Loan Proposal\020314_a\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Samwise Backups\My Documents\Business\Ebe\SR Phase 2\Loan Proposal\020314_b\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Samwise Backups\My Documents\Business\Ebe\SR Phase 2\Loan Proposal\020314_c\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 Backup\EBE\Records Management\Business Plan\~WRL1391.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 Backup\EBE\SR Phase 2\Loan Proposal\020314_A\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 Backup\EBE\SR Phase 2\Loan Proposal\020314_b\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 Backup\EBE\SR Phase 2\Loan Proposal\020314_c\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 Backup\EBE\SR Phase 2\Loan Proposal\020314_d\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 Backup\Vital Archives\Business Plan\~WRL1391.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 Backup\Vital Archives\Marketing\Direct Mail Piece\~WRL1432.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\Business\P150 D Backup\Warehouse_SW\~WRL3977.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\My Backups\Frodo\My Documents\Business\EBE\SR Phase 2\Loan Proposal\020314\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\My Backups\Frodo\My Documents\Business\EBE\SR Phase 2\Loan Proposal\020314_a\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\My Backups\Frodo\My Documents\Business\EBE\SR Phase 2\Loan Proposal\020314_b\~WRL0601.tmp
C:\Documents and Settings\Glen Stewart\My Documents\My Backups\Strider Backups\My Documents\My Backups\Frodo\My Documents\Business\EBE\SR Phase 2\Loan Proposal\020314_c\~WRL0601.tmp
C:\WINDOWS\system32\llkkj.tmp
C:\WINDOWS\Temp\4hg5bgum.TMP
Finished
- - -
New HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 7:21:45 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Common Files\{10ABAD4E-05BC-1033-0823-020430020001}\Update.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Batty2\Batty2.exe
C:\Documents and Settings\Glen Stewart\My Programs\quickenw\QWDLLS.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Glen Stewart\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId= ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3F508AB1-6BBA-C983-6D11-032A0C7AF158} - C:\WINDOWS\system32\nkejwol.dll
O2 - BHO: (no name) - {746455FE-D059-47e7-AF0E-140E03F5A447} - (no file)
O2 - BHO: (no name) - {A732EF81-0A13-75C9-17D0-71F2CF5311BB} - C:\WINDOWS\system32\rkqucoe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30ABA~1\Bar888.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: Banner Rotator - {E954DB82-1533-4714-92F2-59C98D5C18CC} - C:\WINDOWS\system32\brrotate.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30ABA~1\Bar888.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [qykcscn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\qykcscn.dll,ztrtgce
O4 - HKLM\..\Run: [ms05647827968] C:\WINDOWS\ms05647827968.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [{10ABAD4E-05BC-1033-0823-020430020001}] "C:\Program Files\Common Files\{10ABAD4E-05BC-1033-0823-020430020001}\Update.exe" mc-110-12-0000501
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Billminder.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Documents and Settings\Glen Stewart\My Programs\quickenw\QWDLLS.EXE
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZJ
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Coupons -
file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Rebate Nation -
file://C:\Program Files\Rebate_Nation\Sy5300\Tp5300\scri5300a.htm
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TvUSB\EXPLBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
http://www.systemdoctor.com/download/20 ... nstall.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) -
http://www.shockwave.com/content/dinerd ... 0.0.92.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
http://cdn.drivecleaner.com/installdriv ... rstart.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) -
http://forms.real.com/real/player/downl ... st_Win.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://webmail.basf-corp.com/iNotes6W.cab
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} -
http://www.terp17.com/ax/axo.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} -
http://www.ez-tracks.com/DLMOffers/Search01/eztdl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} -
http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.com/download.yahoo.c ... mplete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://download.toontown.com/sv1.0.14.48/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) -
http://www.disney.go.com/games/download ... anager.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.shockwave.com/content/bejewe ... der_v6.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) -
http://entimg.msn.com/client/msnmusax2702.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll,BattyRun2.dll,kfghipjp.dll
O20 - Winlogon Notify: jkkll - C:\WINDOWS\system32\jkkll.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe