Tech Support banner

Status
Not open for further replies.
1 - 7 of 7 Posts

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter #1
I am having problems connecting to the internet with a pc I am removing spyware/viruses from. I can connect in Safe Mode under Admin user (whic is how I am connected now) but if I boot normal and use either of the 2 profiles 1 will connect but the other wont. If I reboot neither will connect. MS Anti Spyware keeps giving me a warning that Navexcel Search Toolbar is trying to install I select to remove and search for any remains and there is none.
I have used Winsockfix which will allow me to connect but not after a reboot and not with both user profiles.
In the Startdreck log, it looks as though my thumb drive has been scanned :4-dontkno F:\Tools.........sorry

I have used :
Panda Online Scanner
McAfee
Housecall
Adaware
Spybot
Ewido
MS Anti Spyware
l2mfix

I am attaching some logs, all were ran in normal mode. Can anyone see anything Im missing?

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:01:58 AM, on 9/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Spyware Nuker 2004\swn2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\program files\mcafee.com\shared\mghtml.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\ERIC MAUTHE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


______________________________________________________________
l2mfix report, after using the 2 option

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="6 Months of AOL Included"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{9A0FCE34-C7CA-4F8F-A2BD-2265244B280B}"="YDS Icon Overlay Handler"
"{4469E55B-EF37-4E08-A39B-5774F91DB50B}"="YDS Icon Handler"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atl71.dll Wed Jun 15 2005 12:11:28p A.... 89,088 87.00 K
browseui.dll Sat Jul 2 2005 10:11:28p A.... 1,019,904 996.00 K
cdfview.dll Sat Jul 2 2005 10:11:28p A.... 151,040 147.50 K
gccoll~1.dll Tue Jul 12 2005 3:35:14p A.... 126,680 123.71 K
gcunco~1.dll Tue Jul 12 2005 3:35:10p A.... 95,448 93.21 K
hashlib.dll Tue Jul 12 2005 3:35:14p A.... 117,976 115.21 K
icm32.dll Tue Jun 28 2005 9:46:00p A.... 254,976 249.00 K
iepeers.dll Sat Jul 2 2005 10:11:28p A.... 251,392 245.50 K
inseng.dll Sat Jul 2 2005 10:11:28p A.... 96,256 94.00 K
kerberos.dll Wed Jun 15 2005 1:49:30p A.... 295,936 289.00 K
mscms.dll Tue Jun 28 2005 9:46:00p A.... 74,240 72.50 K
mshtml.dll Tue Jul 19 2005 10:00:30p A.... 3,014,144 2.87 M
mshtmled.dll Sat Jul 2 2005 10:11:30p A.... 448,512 438.00 K
msrating.dll Sat Jul 2 2005 10:11:30p A.... 146,432 143.00 K
msvcp71.dll Wed Jun 15 2005 12:57:46p A.... 503,808 492.00 K
msvcr71.dll Wed Jun 15 2005 12:59:16p A.... 348,160 340.00 K
pngfilt.dll Sat Jul 2 2005 10:11:30p A.... 39,424 38.50 K
px.dll Wed Jun 15 2005 1:09:06p ..... 360,448 352.00 K
pxdrv.dll Wed Jun 15 2005 1:09:30p ..... 397,312 388.00 K
pxmas.dll Wed Jun 15 2005 1:10:26p ..... 155,648 152.00 K
pxsfs.dll Wed Jun 15 2005 1:15:26p ..... 1,093,632 1.04 M
pxwave.dll Wed Jun 15 2005 1:11:54p ..... 339,968 332.00 K
shdocvw.dll Sat Jul 2 2005 10:11:30p ..... 1,483,776 1.41 M
shlwapi.dll Sat Jul 2 2005 10:11:30p A.... 473,600 462.50 K
tapisrv.dll Fri Jul 8 2005 12:27:56p A.... 249,344 243.50 K
umpnpmgr.dll Wed Jun 29 2005 10:02:40p A.... 118,272 115.50 K
urlmon.dll Sat Jul 2 2005 10:11:30p A.... 607,744 593.50 K
vxblock.dll Wed Jun 15 2005 1:15:28p ..... 28,672 28.00 K
wininet.dll Sat Jul 2 2005 10:11:30p A.... 658,432 643.00 K

29 items found: 29 files, 0 directories.
Total of file sizes: 13,040,264 bytes 12.43 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 14A4-95FA

Directory of C:\WINDOWS\System32

09/13/2005 10:56 AM <DIR> DLLCACHE
07/18/2004 12:16 PM <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 150,468,296,704 bytes free
_________________________________________________________________



StartDreck (build 2.1.7 public stable) - 2005-09-13 @ 11:00:10 (GMT -04:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as ERIC MAUTHE at BEANBAMNEWTE

»Registry
»Run Keys
»Current User
»Run
*MSKAGENTEXE=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
*DellSupport="C:\Program Files\Dell Support\DSAgnt.exe" /startup
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
*IAAnotif=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
*ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
*diagent="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
*UpdReg=C:\WINDOWS\UpdReg.EXE
*UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
*Dell AIO Printer A960="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
*VSOCheckTask="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
*VirusScan Online="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
*MCAgentExe=c:\PROGRA~1\mcafee.com\agent\mcagent.exe
*MCUpdateExe=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
*MPSExe=c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
*MSKAGENTEXE=C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
*MSKDetectorExe=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
*Spyware Nuker=C:\Program Files\Spyware Nuker 2004\swn2.exe /h
*dla=C:\WINDOWS\system32\dla\tfswctrl.exe
*gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
*THGuard="C:\Program Files\TrojanHunter 4.1\THGuard.exe"
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
*McBrHlpr.McBrwHelper.1/{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
`InprocServer32=c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
*McAfee.PopupKiller.1/{3EC8255F-E043-4cae-8B3B-B191550C2A22}
`InprocServer32=c:\program files\mcafee.com\mps\popupkiller.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
*DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890}
`InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll
*ST/{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
`InprocServer32=C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar2.dll
*MSNToolBandBHO/{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
`InprocServer32=C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
»Internet Explorer
»Current User
*Default_Page_URL=http://www.dell4me.com/myway
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=
*Start Page=http://www.msn.com/
+SearchUrl
*provider=yaho
»Default User
*Default_Page_URL=http://www.dell4me.com/myway
*First Home Page=http://www.dell4me.com/myway
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.dell4me.com/myway
»Local Machine
*Default_Page_URL=
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.dell4me.com/myway
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
+SearchUrl
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\ERIC MAUTHE\Start Menu\Programs\Startup\DESKTOP.INI
»Default User
*\BOOTEX.LOG
*\hijackthis.log
*\Silent Runners.vbs
*\Startup Programs (USER1) 2005-09-09 14.42.06.txt
*\Tools\aawsepersonal 1.06.exe
*\Tools\aawsepersonal.exe
*\Tools\advisor.exe
*\Tools\avg70free_289a392.exe
*\Tools\ccsetup119.exe
*\Tools\CleanUp312.exe
*\Tools\CleanUp40.exe
*\Tools\CRYSTA~1.ZIP
*\Tools\CWShredder Version 2.14.exe
*\Tools\CWShredder.exe
*\Tools\CWSSMA~1.ZIP
*\Tools\delcwssk.zip
*\Tools\disabled.exe
*\Tools\DllCompare.exe
*\Tools\ETRemoverV11.zip
*\Tools\FixBlast.exe
*\Tools\FixKlez.com
*\Tools\FxIstbar.exe
*\Tools\FxNetsky.exe
*\Tools\HIJACK~1.ZIP
*\Tools\HJT_CS.exe
*\Tools\HJT_CS.zip
*\Tools\HOSTS
*\Tools\idsuite.exe
*\Tools\ie6setup.exe
*\Tools\kf141.zip
*\Tools\KillBox.exe
*\Tools\KillExplorer.exe
*\Tools\license.txt
*\Tools\LSPFIX.EXE
*\Tools\MicrosoftAntiSpywareInstall.exe
*\Tools\MINIRE~1.EXE
*\Tools\mozilla-win32-1.7.2-installer.exe
*\Tools\mozilla-win32-1.7.6-installer.exe
*\Tools\mozilla-win32-1.7.7-installer.exe
*\Tools\mwav.exe
*\Tools\mx400_win9x_2008[1].exe.zip
*\Tools\nd98enst.exe
*\Tools\ndntenst.exe
*\Tools\NOD32.lnk
*\Tools\plvx2cleaner.exe
*\Tools\psapi.dll
*\Tools\radius.td3
*\Tools\RecoverMyFiles-Setup.exe
*\Tools\regh.exe
*\Tools\RegSrch.zip
*\Tools\ResetBrowserToolbar.reg
*\Tools\rnav2003.exe
*\Tools\spybotsd13.exe
*\Tools\spybotsd131tx DSO exploit.exe
*\Tools\SPYBOT~3.EXE
*\Tools\spybotsd14b2.exe
*\Tools\spywareguardsetup.exe
*\Tools\StartDreck.exe
*\Tools\StartDreck.txt
*\Tools\StartDreck.zip
*\Tools\STARTU~1.EXE
*\Tools\stinger.exe
*\Tools\tds3setup.exe
*\Tools\te30.exe
*\Tools\TrojanHunter.exe
*\Tools\vb40032.dll
*\Tools\vb4de32.dll
*\Tools\VB6RunTime.exe
*\Tools\VX2Finder.exe
*\Tools\VX2Finder9x
*\Tools\Whatsnew.txt
*\Tools\WhatsRunning2_Setup.exe
*\Tools\WhatsRunning2_Setup.zip
*\Tools\WindowsXP-KB823980-x86-ENU.exe
*\Tools\WinsockFix.exe
*\Tools\winzip80.exe
*\Tools\ewido-setup.exe
*\Tools\nailfix.exe
*\Tools\AboutBuster5.zip
*\Tools\FxIstbar.log
*\Tools\stinger.opt
*\Tools\smitRem.exe
*\Tools\l2mfix.exe
*\Grisoft\AVG Licence.txt
*\Tools\Zone Alarm\Shortcut (2) to zlsSetup_55_062_000.lnk
*\Tools\Zone Alarm\Shortcut to zlsSetup_55_062_000.lnk
*\Tools\Zone Alarm\ZLSSET~1.EXE
*\Tools\Zone Alarm\ZLSSET~2.EXE
*\Tools\Zone Alarm\ZLSSET~3.EXE
*\Tools\Zone Alarm\ZLSSET~4.EXE
*\Tools\Zone Alarm\ZLDB69~1.EXE
*\Tools\Zone Alarm\zlsSetup_60_631_003.exe
*\Tools\Zip Files\AC97.zip
*\Tools\Zip Files\CWSsmartkiller.zip
*\Tools\Zip Files\delcwssk.zip
*\Tools\Zip Files\ETRemoverV11.zip
*\Tools\Zip Files\HJT_CS.zip
*\Tools\Zip Files\hosts.zip
*\Tools\Zip Files\mx400_win9x_2008[1].exe.zip
*\Tools\Zip Files\StartDreck.zip
*\Tools\Zip Files\startuplist.zip
*\Tools\Zip Files\WhatsRunning2_Setup.zip
*\Tools\Zip Files\Winsock2Fix.zip
*\Tools\Zip Files\WinsockFix.zip
*\Tools\Zip Files\WinZip.lnk
*\Tools\Zip Files\AboutBuster.zip
*\Tools\Unknown Device\PCIDEVS.TXT
*\Tools\Unknown Device\UNKNOW~1.EXE
*\Tools\Unknown Device\UnknownDevices.zip
*\Tools\Startuplist\StartupList.exe
*\Tools\Startuplist\startuplist.txt
*\Tools\Startuplist\startuplist.zip
*\Tools\Sasser removal\Windows-KB841720-ENU.exe
*\Tools\New HJT\HJT_CS Full Install.exe
*\Tools\New HJT\HJT_CS.exe
*\Tools\New HJT\HJT_CS.zip
*\Tools\New HJT\HJT_CS98.exe
*\Tools\New HJT\HJT_CS98.zip
*\Tools\MemoryTest\install.bat
*\Tools\MemoryTest\memt32.zip
*\Tools\MemoryTest\memtest.bin
*\Tools\MemoryTest\rawrite.exe
*\Tools\MemoryTest\README.txt
*\Tools\Keyfinder\keyfinder.exe
*\Tools\Keyfinder\kf141.zip
*\Tools\Ieradicator\IEradicator.txt
*\Tools\Ieradicator\IEradicator2001.exe
*\Tools\Ieradicator\ieradicator2001.zip
*\Tools\HiJackThis\HijackThis.exe
*\Tools\HiJackThis\hijackthis.log
*\Tools\HiJackThis\hijackthis.zip
*\Tools\AdawareDefinitions\defs.zip
*\Tools\Spybot Definitions\spybotsd_includes.exe
*\Tools\AboutBuster5\reflist.dll
*\Tools\AboutBuster5\AboutBuster 5.0.txt
*\Tools\AboutBuster5\AboutBuster.exe
*\Tools\AboutBuster5\Ab LogFile.txt
*\Tools\PSGuard Tool\XoftSpy415_112.exe
*\Tools\l2mfix\l2mfix.bat
*\Tools\l2mfix\locate.com
*\Tools\l2mfix\Ntrights.exe
*\Tools\l2mfix\Process.exe
*\Tools\l2mfix\readme.txt
*\Tools\l2mfix\Reboot.exe
*\Tools\l2mfix\RegDACL.exe
*\Tools\l2mfix\second.bat
*\Tools\l2mfix\zip.exe
*\Tools\l2mfix\fixautont.html.url
*\Tools\l2mfix\strings.exe
*\Tools\StartDreck\disabled.exe
*\Tools\StartDreck\changes.txt
*\Tools\StartDreck\license.txt
*\Tools\StartDreck\psapi.dll
*\Tools\StartDreck\StartDreck.exe
*\Tools\StartDreck\StartDreck.txt
*\Tools\StartDreck\vb40032.dll
*\Tools\StartDreck\vb4de32.dll
*\Tools\StartDreck\Whatsnew.txt
*\Grisoft\AVG7\avg.snu
*\Grisoft\AVG7\set_vers.cfg
*\Grisoft\AVG7\AVGBAT.BAV
*\Grisoft\AVG7\AVGCC.EXE
*\Grisoft\AVG7\AVG.EXE
*\Grisoft\AVG7\AVG7.LNG
*\Grisoft\AVG7\dos2nt.dll
*\Grisoft\AVG7\AVG7PL.LNG
*\Grisoft\AVG7\AVG7CORE.VXD
*\Grisoft\AVG7\AVG7SC.LNG
*\Grisoft\AVG7\AVG7RS.VXD
*\Grisoft\AVG7\avg7dos.lng
*\Grisoft\AVG7\avg6cmpt.dll
*\Grisoft\AVG7\avi7.avg
*\Grisoft\AVG7\MINIAVI.AVG
*\Grisoft\AVG7\UPD_VERS.CFG
*\Grisoft\AVG7\MICROAVI.AVG
*\Grisoft\AVG7\SETUP.DAT
*\Grisoft\AVG7\AVGAMINT.DLL
*\Grisoft\AVG7\AVGABOUT.DLL
*\Grisoft\AVG7\AVGAMIUI.DLL
*\Grisoft\AVG7\AVGAMSVR.EXE
*\Grisoft\AVG7\AVGAMUI.DLL
*\Grisoft\AVG7\AVGCCKRN.DLL
*\Grisoft\AVG7\AVGCFG.DLL
*\Grisoft\AVG7\AVGCORE.DLL
*\Grisoft\AVG7\avgamsps.dll
*\Grisoft\AVG7\AVGCTRL.DLL
*\Grisoft\AVG7\AVGEMC.EXE
*\Grisoft\AVG7\AVGEMSUI.DLL
*\Grisoft\AVG7\AVGINET.EXE
*\Grisoft\AVG7\AVGINET.DLL
*\Grisoft\AVG7\AVGKLIB.DLL
*\Grisoft\AVG7\SETUP.LNS
*\Grisoft\AVG7\AVGRES.DLL
*\Grisoft\AVG7\AVGSCAN.DLL
*\Grisoft\AVG7\AVGSET.DLL
*\Grisoft\AVG7\AVGTEST.DLL
*\Grisoft\AVG7\AVGTMGR.DLL
*\Grisoft\AVG7\AVGLOG.DLL
*\Grisoft\AVG7\SETUPPL.LNS
*\Grisoft\AVG7\avgemcps.dll
*\Grisoft\AVG7\AVGLNG.DLL
*\Grisoft\AVG7\AVGUNARC.DLL
*\Grisoft\AVG7\AVGTRES.DLL
*\Grisoft\AVG7\SETUP.EXE
*\Grisoft\AVG7\AVGVAULT.DLL
*\Grisoft\AVG7\AVGVV.EXE
*\Grisoft\AVG7\avgdos.ico
*\Grisoft\AVG7\AVGW.EXE
*\Grisoft\AVG7\AVGWA.DAT
*\Grisoft\AVG7\libsasl.dll
*\Grisoft\AVG7\sasllogin.dll
*\Grisoft\AVG7\SASLPL~1.DLL
*\Grisoft\AVG7\AVGMAIL.DLL
*\Grisoft\AVG7\saslcrammd5.dll
*\Grisoft\AVG7\sasldigestmd5.dll
*\Grisoft\AVG7\AVGEUD32.DLL
*\Grisoft\AVG7\SETUPSC.LNS
*\Grisoft\AVG7\AVGWB.DAT
*\Grisoft\AVG7\DFNCFG.DAT
*\Grisoft\AVG7\AVGTDI.VXD
*\Grisoft\AVG7\TRBND.DLL
*\Grisoft\AVG7\avgupd.dll
*\Grisoft\AVG7\AVGOFF2K.DLL
*\Grisoft\AVG7\AVGREP.DLL
*\Grisoft\AVG7\AVGSCAN.EXE
*\Grisoft\AVG7\regapp.bak
*\Grisoft\AVG7\volny.dll
*\Grisoft\AVG7\nfr.dll
*\Grisoft\AVG7\yto.dll
*\Grisoft\AVG7\chipcz.dll
*\Grisoft\AVG7\atc.dll
*\Grisoft\AVG7\lynx.dll
*\Grisoft\AVG7\libra.dll
*\Grisoft\AVG7\nex_sk.dll
*\Grisoft\AVG7\idgpl.dll
*\Grisoft\AVG7\privsf.dll
*\Grisoft\AVG7\evas.dll
*\Grisoft\AVG7\INCAVI.AVM
*\Grisoft\AVG7\avgse.dll
*\Grisoft\AVG7\avgtitle.dat
*\Grisoft\AVG7\avgupdln.exe
*\Grisoft\AVG7\avgczs.cnt
*\Grisoft\AVG7\avgczs.hlp
*\Grisoft\AVG7\avgsks.cnt
*\Grisoft\AVG7\avgsks.hlp
*\Grisoft\AVG7\avguss.cnt
*\Grisoft\AVG7\avguss.hlp
*\Grisoft\AVG7\avgges.cnt
*\Grisoft\AVG7\avgges.hlp
*\Grisoft\AVG7\avgfrs.cnt
*\Grisoft\AVG7\avgfrs.hlp
*\Grisoft\AVG7\avgpbs.cnt
*\Grisoft\AVG7\avgpbs.hlp
*\Grisoft\AVG7\avgpls.cnt
*\Grisoft\AVG7\avgpls.hlp
*\Grisoft\AVG7\avgscs.cnt
*\Grisoft\AVG7\avgscs.hlp
*\Grisoft\AVG7\bootup.exe
*\Grisoft\AVG7\czech.dll
*\Grisoft\AVG7\license_cz.txt
*\Grisoft\AVG7\license_sk.txt
*\Grisoft\AVG7\license_us.txt
*\Grisoft\AVG7\license_ge.txt
*\Grisoft\AVG7\license_fr.txt
*\Grisoft\AVG7\license_pb.txt
*\Grisoft\AVG7\license_pl.txt
*\Grisoft\AVG7\license_sc.txt
*\Grisoft\AVG7\readme_cz.txt
*\Grisoft\AVG7\readme_sk.txt
*\Grisoft\AVG7\readme_us.txt
*\Grisoft\AVG7\readme_ge.txt
*\Grisoft\AVG7\readme_fr.txt
*\Grisoft\AVG7\readme_pb.txt
*\Grisoft\AVG7\readme_pl.txt
*\Grisoft\AVG7\readme_sc.txt
*\Grisoft\AVG7\contact_cz.txt
*\Grisoft\AVG7\contact_sk.txt
*\Grisoft\AVG7\contact_us.txt
*\Grisoft\AVG7\contact_ge.txt
*\Grisoft\AVG7\contact_fr.txt
*\Grisoft\AVG7\contact_pb.txt
*\Grisoft\AVG7\contact_pl.txt
*\Grisoft\AVG7\contact_sc.txt
*\Grisoft\AVG7\order_cz.pdf
*\Grisoft\AVG7\order_sk.pdf
*\Grisoft\AVG7\order_us.pdf
*\Grisoft\AVG7\order_ge.pdf
*\Grisoft\AVG7\order_fr.pdf
*\Grisoft\AVG7\order_pb.pdf
*\Grisoft\AVG7\order_pl.pdf
*\Grisoft\AVG7\order_sc.pdf
*\Grisoft\AVG7\order_cz.txt
*\Grisoft\AVG7\order_sk.txt
*\Grisoft\AVG7\order_us.txt
*\Grisoft\AVG7\order_ge.txt
*\Grisoft\AVG7\order_fr.txt
*\Grisoft\AVG7\order_pb.txt
*\Grisoft\AVG7\order_pl.txt
*\Grisoft\AVG7\order_sc.txt
*\Grisoft\AVG7\register_cz.pdf
*\Grisoft\AVG7\register_sk.pdf
*\Grisoft\AVG7\register_us.pdf
*\Grisoft\AVG7\register_ge.pdf
*\Grisoft\AVG7\register_fr.pdf
*\Grisoft\AVG7\register_pb.pdf
*\Grisoft\AVG7\register_pl.pdf
*\Grisoft\AVG7\register_sc.pdf
*\Grisoft\AVG7\register_cz.txt
*\Grisoft\AVG7\register_sk.txt
*\Grisoft\AVG7\register_us.txt
*\Grisoft\AVG7\register_ge.txt
*\Grisoft\AVG7\register_fr.txt
*\Grisoft\AVG7\register_pb.txt
*\Grisoft\AVG7\register_pl.txt
*\Grisoft\AVG7\register_sc.txt
*\Grisoft\AVG7\mfc42.dll
*\Grisoft\AVG7\psapi.dll
*\Grisoft\AVG7\dbghelp.dll
*\Grisoft\AVG6\AVGSE.DLL
*\Tools\HiJackThis\HJT 1.98\HijackThis.exe
*\Tools\HiJackThis\HJT 1.98\HijackThis1982.zip
*\Tools\AdawareDefinitions\defs\defs.ref
*\Tools\l2mfix\regfixes\winlogondefaults.reg
*\Tools\l2mfix\regfixes\win2000def.reg
*\Grisoft\AVG6\$AVGUPD$.BKP\avgcc32.exe
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\TASKMGR.COM
*C:\WINDOWS\system32\taskmgr.exe
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\WINHLP32.EXE
*C:\WINDOWS\winhlp32.exe
+C:\WINDOWS\REGEDIT.COM
*C:\WINDOWS\regedit.exe
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
 

·
Registered
Joined
·
6,574 Posts
Hi TJ.

You may have to System Restore from Safe Mode.

Stability problems
Versions up to at least 2.0.4 of NavExcel (the latest at the time of writing) are incompatible with Windows XP Service Pack 2, and will cause both Internet Explorer and Windows Explorer (the main Window user interface) to crash every time they are started. Such a system will have to be rescued from Safe Mode or by using System Restore.
In addition you could remove SP2 and then clean the system as you know best. Then re-instate SP2... :4-dontkno
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter #3
I wiped out system restore after I assumed it was clean to set a "clean" restore point, then after going into the other profile I noticed the sporatic internet connections.
Internet Explorer and Windows Explorer are not crashing, I just cant connect to the internet. Winsockfix works till I reboot.
What about a repair install?
 

·
Registered
Joined
·
6,574 Posts
IMO the definition of 'crash' would cover 'behaving incoreectly'. Navexcel and SP2 do not go together.. Like Driving and Alcohol, Water and Electricity.

I added an additional point to try and remove SP2. Additional, you could wait for sUBs or MicroBell to offer there opinion.

Hope u get it sorted, either way. :sayyes:
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter #5
SP2 is not listed in Add/Remove Programs, what is the proceedure of removal?
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
I copied this from here > http://support.microsoft.com/kb/875350

Use the hidden $NtServicePackUninstall$ folder
  • Click Start, click Run, type c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe in the Open box, and then click OK.
  • When the Windows XP Service Pack 2 Removal Wizard starts, click Next.
  • Follow the instructions on the screen to remove Windows XP SP2.
I have used the above method to successfully remove SP2 before.

But I dont think it's SP2 that's causing the problem. You should get LSPFix & have a look at what's inserted in the LSP chain.
 

·
Registered
Joined
·
6,574 Posts
sUBs said:
But I dont think it's SP2 that's causing the problem. You should get LSPFix & have a look at what's inserted in the LSP chain.
Ah see... now I never thought of that, but it's a damn good suggestion. TJ - try LSPfix first, to see what dll's are involved.

Another suggestion may be to reset the Hosts, make sure there is no way of it 'calling home'.
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top