IE Closing/PC running slow/Spykiller reason?

malachithree10 · 11-06-2003, 08:13 PM

I am having problems with my pc running very slow and IE closing down all the time on me. I ran Spykiller and it showed me that these files/folders were infected with ADware or Spyware. When I click on clean it! it takes me to a page where I have to buy the product in order for it to clean my pc. How can I clean my pc myself? Can I just delete these folders or files? Any help? I would appreciate it so very much.

Thank you.
MalachiThree10

Here is part of the log:
Started registry scan
====================
WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe
Spy - Softec Software
WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Components\8F4F491F5C6C2D1108B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA
Spy - Softec Software
Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a}
SpyWare/Adware - Alexa
Registry scan result:
Suspicious keys found: 3

Started folder scan
====================
BDE C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
Adware - Brilliant Digital

Folder scan result:
Folder processed: 0
Suspicious folders found: 1

Started file scan
====================
doubleclick C:\WINDOWS\Cookies\default@doubleclick[1].txt
Adware - doubleclick

File scan result:
Suspicious files found: 1

Scanning finished

**jgvernonco** · 11-06-2003, 08:34 PM

jgvernonco’s
recommended
security
software

Zonealarm Firewall (free edition) Zone Labs:

http://www.zonelabs.com/store/conte...reeDownload.jsp

Free antivirus software

http://www.avast.com/i_idt_153.html

Spyware blocking programs (free):

Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions).

http://www.javacoolsoftware.com/spywareblaster.html

Spyware Killers (free)!

Spybot Search & Destroy

http://download.com.com/3000-2144-1...&tag=button

Adaware
Ad-aware - Software - Lavasoft

http://www.lavasoftusa.com/software/adaware/

I run both of these, as they occasionally find something that the other did not.

Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource.

Gibson Research Corporation Home Page

http://grc.com/default.htm

The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it!

Last, but not least, if you are a Microsoft user, update, update, update! Put it on your list! The only Trojan that ever made it through my security did not take me down because I was current on my security patches, which limited what the Trojan could do. (It was still a big pain, though). Most of you will have a Windows Update selection when you click “start”, but if you do not, here’s a link:

Microsoft Windows Update

http://v4.windowsupdate.microsoft.com/en/default.asp

Stay safe! Enjoy the WWW!

All the prgrams here are free. I usually run Spybot first. Good hunting!

malachithree10 · 11-06-2003, 09:07 PM

I ran Spybot S&D and Adaware and they both come up without finding any files or folders after I ran each of them a 2nd time. But in running SpyKiller it still tells me I have the following:
Started registry scan
====================
WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe
Spy - Softec Software
WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Components\8F4F491F5C6C2D1108B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA
Spy - Softec Software
Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a}
SpyWare/Adware - Alexa
Registry scan result:
Suspicious keys found: 3

Started folder scan
====================
BDE C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
Adware - Brilliant Digital

So, which program would be correct? Spykiller does not let me clean up and redirects me to a "buy for discount " page.

I will take your advice and download all the other programs you suggested also. Thank you for the helpful advice.

But, can you tell by the log above if those files need to be deleted? I was told that the file (C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}) was actually a Microsoft Access file and needed. So, why would Spykiller tell me it was adware?

Thank you again.
MalachiThree10

**jgvernonco** · 11-06-2003, 09:29 PM

Fellow traveler, :D

I know nothing of Spykiller, so what you have experienced might be a huge scam to increase sales, or an honest mistake.

We have a problem here; we are being attacked from every direction, and folks that want to help can't keep up and folks that want to profit from our misery grow by the day.

Download HJT from the link below. Create, copy and paste a log here and somebody will have a look at it. (That is far from infallable...it depends on humans :bandit: ).

http://mjc1.com/mirror/hjt/

malachithree10 · 11-06-2003, 09:50 PM

Logfile of HijackThis v1.97.3
Scan saved at 11:52:16 PM, on 11/6/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\FRU\REMIND32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\QZTEMP\6634293\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe
O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\MY DOCUMENTS\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\stimon.exe
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccProxy] c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\RunServices: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\FRU\Remind32.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7908.829837963
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

11-06-2003, 08:13 PM	#1 (permalink)
malachithree10 Registered User Join Date: Nov 2003 Posts: 6 OS: Win 98 2nd edition	IE Closing/PC running slow/Spykiller reason? I am having problems with my pc running very slow and IE closing down all the time on me. I ran Spykiller and it showed me that these files/folders were infected with ADware or Spyware. When I click on clean it! it takes me to a page where I have to buy the product in order for it to clean my pc. How can I clean my pc myself? Can I just delete these folders or files? Any help? I would appreciate it so very much. Thank you. MalachiThree10 Here is part of the log: Started registry scan ==================== WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe Spy - Softec Software WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Components\8F4F491F5C6C2D1108B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA Spy - Softec Software Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a} SpyWare/Adware - Alexa Registry scan result: Suspicious keys found: 3 Started folder scan ==================== BDE C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} Adware - Brilliant Digital Folder scan result: Folder processed: 0 Suspicious folders found: 1 Started file scan ==================== doubleclick C:\WINDOWS\Cookies\default@doubleclick[1].txt Adware - doubleclick File scan result: Suspicious files found: 1 Scanning finished

11-06-2003, 08:34 PM	#2 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	jgvernonco’s recommended security software Zonealarm Firewall (free edition) Zone Labs: http://www.zonelabs.com/store/conte...reeDownload.jsp Free antivirus software http://www.avast.com/i_idt_153.html Spyware blocking programs (free): Spyware Blaster and Spyware Guard (the link will take you to the Blaster page. The menu bar at the top will take you to the Guard page. These two programs, written by the same developer, work hand-in-hand to protect you from invasions). http://www.javacoolsoftware.com/spywareblaster.html Spyware Killers (free)! Spybot Search & Destroy http://download.com.com/3000-2144-1...&tag=button Adaware Ad-aware - Software - Lavasoft http://www.lavasoftusa.com/software/adaware/ I run both of these, as they occasionally find something that the other did not. Additionally, Microsoft has made some poor choices about default settings in the OSs, resulting in multiple security weaknesses. Gibson Research has a number of little programs that will help you close security holes without having to edit your registry, wander My Computer, etc., just to get secure. I highly recommend this resource. Gibson Research Corporation Home Page http://grc.com/default.htm The secret to running these programs is to update at least weekly! Update Adaware and Spybot before you run a scan every time. Don’t forget to update Blaster and Guard when you are doing your maintenance. Make sure the antivirus software us up-to-date. Put a note on your computer reminding you to do it! Last, but not least, if you are a Microsoft user, update, update, update! Put it on your list! The only Trojan that ever made it through my security did not take me down because I was current on my security patches, which limited what the Trojan could do. (It was still a big pain, though). Most of you will have a Windows Update selection when you click “start”, but if you do not, here’s a link: Microsoft Windows Update http://v4.windowsupdate.microsoft.com/en/default.asp Stay safe! Enjoy the WWW! All the prgrams here are free. I usually run Spybot first. Good hunting! __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

11-06-2003, 09:07 PM	#3 (permalink)
malachithree10 Registered User Join Date: Nov 2003 Posts: 6 OS: Win 98 2nd edition	I ran Spybot S&D and Adaware.... I ran Spybot S&D and Adaware and they both come up without finding any files or folders after I ran each of them a 2nd time. But in running SpyKiller it still tells me I have the following: Started registry scan ==================== WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs--1--c:\Program Files\Microsoft Works\msworks.exe Spy - Softec Software WebPI HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Components\8F4F491F5C6C2D1108B0000CF43A92AA--c?\Program Files\Microsoft Works\msworks.exe--4334636503592D11FBCF000CF43A92AA Spy - Softec Software Alexa HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping--8192--{c95fe080-8f5d-11d2-a20b-00aa003c157a} SpyWare/Adware - Alexa Registry scan result: Suspicious keys found: 3 Started folder scan ==================== BDE C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} Adware - Brilliant Digital So, which program would be correct? Spykiller does not let me clean up and redirects me to a "buy for discount " page. I will take your advice and download all the other programs you suggested also. Thank you for the helpful advice. But, can you tell by the log above if those files need to be deleted? I was told that the file (C:\WINDOWS\SYSTEM\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}) was actually a Microsoft Access file and needed. So, why would Spykiller tell me it was adware? Thank you again. MalachiThree10

11-06-2003, 09:29 PM	#4 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	Fellow traveler, :D I know nothing of Spykiller, so what you have experienced might be a huge scam to increase sales, or an honest mistake. We have a problem here; we are being attacked from every direction, and folks that want to help can't keep up and folks that want to profit from our misery grow by the day. Download HJT from the link below. Create, copy and paste a log here and somebody will have a look at it. (That is far from infallable...it depends on humans :bandit: ). http://mjc1.com/mirror/hjt/ __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

11-06-2003, 09:50 PM	#5 (permalink)
malachithree10 Registered User Join Date: Nov 2003 Posts: 6 OS: Win 98 2nd edition	HJT log...hope this helps a bit...thank you! Logfile of HijackThis v1.97.3 Scan saved at 11:52:16 PM, on 11/6/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE C:\WINDOWS\SYSTEM\3CMLNKW.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\FRU\REMIND32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\TEMP\QZTEMP\6634293\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd O4 - HKLM\..\Run: [Easykey] C:\Program Files\Easy Keyboard\Easykey.exe O4 - HKLM\..\Run: [3Cmlink] c:\windows\SYSTEM\3cmlnkW.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\MY DOCUMENTS\PANICWARE\POP-UP STOPPER\DPPS2.EXE" O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\stimon.exe O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - HKLM\..\RunServices: [ccProxy] c:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\RunServices: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\RunServices: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\RunServices: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\FRU\Remind32.exe O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7908.829837963 O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - http://office.microsoft.com/officeup...ntent/opuc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab