Tech Support Forum - View Single Post

**ChandyNJoe** · 07-16-2005, 11:24 AM

I posted under windows xp and this is what was recommened
I ran spybot and ad-awre and numerous other programs . SOmeone said i have malware
thi is my hijack log
this is my orignal post: I have a major problem and have done soooo much so far and nothing helps. My brother likes to come over and look at questionable website. He was over last night and i tried using my computer today with many problems. I found viruses and fixed that but the problem now is when i click something i usually get redirected to either a site i didn't want or it says quick survey before veiwing site and this comes up.... http://7search.com/scripts/security...affiliate=63957

also i go to a bookmarked site i have www.badgeaddicts.com for club pogo which i play and it auto goes to an adult site. I have mcafee and spybot and adware and noadware and spyblocs adn i have ran them all but not working. CAN ANYONE PLEASE HELP ME!!
Thanks so very much!
chandy

this is my current log
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\eBlocs\SpyBlocs\GLFB.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chandy\Local Settings\Temp\Temporary Directory 4 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {4BC1DC20-0E9B-A9E7-FDD7-975E92B0C60A} - syspanel.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NetGuideBHO Class - {0FD7DAF0-BBEF-4990-B19E-2805D280571F} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [msag] cmon14.exe
O4 - HKLM\..\Run: [Bogobot] ATLIEHELPER.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [bnui] NsCplTray.exe
O4 - HKCU\..\Run: [pizda] killall.exe
O4 - HKCU\..\Run: [FLKPT] SYSTRAV.exe
O4 - HKCU\..\Run: [SpyBlocs] C:\Program Files\eBlocs\SpyBlocs\GLFB.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.3...-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.83/users/sale/web/...m::/update.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121476091327
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...a/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B881672-58B5-4979-8FAC-728F72BBD7DD}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{1431AD6A-52E0-4C2C-AD1D-EAF41E89E88C}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E30007-42D0-4AE7-89AF-EF88E5B6AC93}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B881672-58B5-4979-8FAC-728F72BBD7DD}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{0B881672-58B5-4979-8FAC-728F72BBD7DD}: NameServer = 69.50.188.180,85.255.112.5
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

thanks so very much!!!

07-16-2005, 11:24 AM	#1 (permalink)
ChandyNJoe I helped the forums. Join Date: Jul 2005 Location: PA Posts: 28 OS: xp	please help I posted under windows xp and this is what was recommened I ran spybot and ad-awre and numerous other programs . SOmeone said i have malware thi is my hijack log this is my orignal post: I have a major problem and have done soooo much so far and nothing helps. My brother likes to come over and look at questionable website. He was over last night and i tried using my computer today with many problems. I found viruses and fixed that but the problem now is when i click something i usually get redirected to either a site i didn't want or it says quick survey before veiwing site and this comes up.... http://7search.com/scripts/security...affiliate=63957 also i go to a bookmarked site i have www.badgeaddicts.com for club pogo which i play and it auto goes to an adult site. I have mcafee and spybot and adware and noadware and spyblocs adn i have ran them all but not working. CAN ANYONE PLEASE HELP ME!! Thanks so very much! chandy this is my current log Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Visioneer OneTouch\OneTouchMon.exe C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\PROGRA~1\AWS\WEATHE~1\Weather.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\eBlocs\SpyBlocs\GLFB.exe C:\Program Files\AIM\aim.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Chandy\Local Settings\Temp\Temporary Directory 4 for hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {4BC1DC20-0E9B-A9E7-FDD7-975E92B0C60A} - syspanel.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NetGuideBHO Class - {0FD7DAF0-BBEF-4990-B19E-2805D280571F} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file) O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START O4 - HKLM\..\Run: [msag] cmon14.exe O4 - HKLM\..\Run: [Bogobot] ATLIEHELPER.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [bnui] NsCplTray.exe O4 - HKCU\..\Run: [pizda] killall.exe O4 - HKCU\..\Run: [FLKPT] SYSTRAV.exe O4 - HKCU\..\Run: [SpyBlocs] C:\Program Files\eBlocs\SpyBlocs\GLFB.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.4.3...-ob-assets.cab O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.5.2...-ob-assets.cab O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.2.1.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.2...-ob-assets.cab O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.1.5.2...-ob-assets.cab O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.1.3.2...-ob-assets.cab O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.1.4.2...-ob-assets.cab O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt1_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.83/users/sale/web/...m::/update.exe O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab? O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1121476091327 O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/def...ebLauncher.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...a/imloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0B881672-58B5-4979-8FAC-728F72BBD7DD}: NameServer = 69.50.188.180,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{1431AD6A-52E0-4C2C-AD1D-EAF41E89E88C}: NameServer = 69.50.188.180,85.255.112.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1E30007-42D0-4AE7-89AF-EF88E5B6AC93}: NameServer = 69.50.188.180,85.255.112.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B881672-58B5-4979-8FAC-728F72BBD7DD}: NameServer = 69.50.188.180,85.255.112.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{0B881672-58B5-4979-8FAC-728F72BBD7DD}: NameServer = 69.50.188.180,85.255.112.5 O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe thanks so very much!!!