My Drive does NOT detect my blank cd's. Nero caused it...

petjelly,
Do the system scans again, just as binkie told you to but do them in safe mode. Then repost a copy of your Ad-Aware. Make sure you have the latest updates and .dat files. You do not need to run scan disk or defrag again yet.

NOTE: Safe Mode does not allow for start up programs to run. This allows for complete access to your entire system.

When you reboot check your device manager to make sure you do not have an "!" beside the drive in question. If you do then re-install the drivers for it. Good luck and keep us posted.

 

thats the problem. an hour ago i did the scan on safe mode. i come back an hour later and i see a blank screen that says insert diskett. i totally got f#cked on my scan. now i gotta do it again. same thing happens when i do "full system scan"....after about a hour into the scan everything vanishes and a black screen comes up that says instert boot diskette or something like that.

you said i would be able to access anything on safe mode? same thing goes for my drivE?

 

Well, I'm not 100% sure about what you are saying, but this could be an overheating problem. Have you cleaned your system on the inside with compressed air? Your fans may not be able to cool the system properly. Get a can of compressed air and blow out all dust from the system, fans, and ventilation. You can also download a program called hmonitor. This will give your current temp within the computer. You can find that program at hmonitor.com. After installing that let me know if any of your items are running hot. For example: My processor runs between 57 and 67 Celsius. Those temperatures are pretty normal.

The other thing I want you to do is download a program called Hijack This. You can find it at hijack-this.org. Run a full system scan and post it for me to look at. If your computer is freezing in safe mode then it is either a virus or your system is overheating. You can run this program in regular start up. Post the log for me to look at and let me know the temperature of your system.

Thanks.

 

@ petjelly

You should be able to view all files and folders in safe mode if you are loged in as administrator. First let's see if we can find out what your system problem is.

 

my fans are sooo dusty. out of the 6 years of having this pc i dont think ive ever cleaned the fans lol

i'll do just that when i get time tommorow. thank you guys. this site is great. i appreciate the help alot.

 

exactly how do i open the monitor without breaking it? like i said before. i never tried taking it apart/opening it.

 

WARNING: HijackThis is intended only for advanced users. It is recommended that you do not make changes using HijackThis unless you are experienced and know what you're doing, or are able to obtain expert advice. HijackThis is an advanced tool, and requires advanced knowledge about Windows, registry files, and operating systems in general. If you delete items that it finds, without knowing what they are, it can lead to more serious complications on your PC - such as your Internet no longer working or problems with running Windows itself.

I can tell this warning is meant directly torwards me lol i am not an advance user. Sounds too risky... i'll try out spyonthis they say its user friendly.

by the way i download the hmonitor and it's not working. It wont show my temp. I get xx.x for all 3 fans????

 

@ petjelly
That is strange that hmonitor is not working. I know about the warning on Hijack This. The reason I want you to run it is so that you may post the report. Don't do anything to it until I tell you what to remove. After you are finished posting the log you may close the program. One other thing is to set up Hijack This in a folder under the c:\ drive. Just make a new folder called HJT. Then after we are finished with it you may delete it from you c:\ drive.

Go ahead and remove the hmonitor if it is not working. I wanted to see what your CPU was running at. If it is not working then we definitely have to get your system fixed. The other program you mentioned is user friendly but it does not allow me to look at your registry settings. Go ahead and run HJT, just don't make any changes on your own.

 

About the hmonitor...I looked in the hmonitor faqs guide. I came across this. This is why its not working.

Q: All three fans RPM looked as 'xxxx'. Why?

First, You need to have fans with ability to read RPM data - so-called "3-wired" or "smart" fans. On the P-II boards, CPU fan usually has such option. Next, these fans must be plugged into appropriate sockets on the mainboard for receiving this information by sensors chip. Not all sensor chips can monitor all three fans; i.e. Genesys GL518 can read data from only two fans.

Ok.. i downloaded hijackthis. I created the htj folder in my cd drive and i got 2 copys in their. Did the scan... Heres the log

Logfile of HijackThis v1.99.1
Scan saved at 5:32:50 PM, on 7/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\intell32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-system.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 221.10.124.34:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 221.10.124.34:8080:0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O1 - Hosts: yfind.com
O1 - Hosts: yfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: .zestyfind.com
O1 - Hosts: .zestyfind.com
O1 - Hosts: .offeroptimizer.com
O1 - Hosts: so.offeroptimizer.com
O1 - Hosts: 1
O1 - Hosts: 127.0.0.
O1 - Hosts: 1 www.z
O1 - Hosts: .com
O1 - Hosts: ar.com
O1 - Hosts: lbar.com
O1 - Hosts: oolbar.com
O1 - Hosts: rtoolbar.com
O1 - Hosts: 127.0.
O1 - Hosts: sertoolbar.com
O1 - Hosts: owsertoolbar.com
O1 - Hosts: 127
O1 - Hosts: 2.browsertoolbar.com
O1 - Hosts: ww2.browsertoolbar.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\tami\LOCALS~1\Temp\pxeyek.dat
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ADEA969C-91E8-86C2-98DB-AE576926F4E1} - C:\WINDOWS\system32\msadblock32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [*tcpiis] C:\WINDOWS\system32\1028\tcpiis.exe
O4 - HKLM\..\Run: [*jpegdb] C:\WINDOWS\Driver Cache\jpegdb.exe
O4 - HKLM\..\Run: [*utilvss] C:\WINDOWS\AppPatch\utilvss.exe
O4 - HKLM\..\Run: [*crbak] C:\WINDOWS\Tasks\crbak.exe
O4 - HKLM\..\Run: [*expdrv] C:\WINDOWS\system32\Microsoft\expdrv.exe
O4 - HKLM\..\Run: [*urlsvc] C:\WINDOWS\security\Database\urlsvc.exe
O4 - HKLM\..\Run: [*mckey] C:\WINDOWS\Config\mckey.exe
O4 - HKLM\..\Run: [*urljava] C:\WINDOWS\addins\urljava.exe
O4 - HKLM\..\Run: [*logbas] C:\WINDOWS\Windows Update Setup Files\logbas.exe
O4 - HKLM\..\Run: [*psvss] C:\WINDOWS\Config\psvss.exe
O4 - HKLM\..\Run: [*xmltask] C:\WINDOWS\msagent\xmltask.exe
O4 - HKLM\..\Run: [*mfcac] C:\WINDOWS\Web\mfcac.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [msadcheck] C:\WINDOWS\system32\msadcheck32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKCU\..\Run: [msadcheck] C:\WINDOWS\system32\msadcheck32.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://*.windupdates.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137192597396
O20 - Winlogon Notify: dbcab - C:\DOCUME~1\tami\LOCALS~1\Temp\bacbd.dat
O20 - Winlogon Notify: dosreg - C:\DOCUME~1\tami\LOCALS~1\Temp\gersod.dat
O20 - Winlogon Notify: hardcat - C:\DOCUME~1\tami\LOCALS~1\Temp\tacdrah.dat
O20 - Winlogon Notify: liburl - C:\DOCUME~1\tami\LOCALS~1\Temp\lrubil.dat
O20 - Winlogon Notify: msvcabr - C:\DOCUME~1\tami\LOCALS~1\Temp\rbacvsm.dat
O20 - Winlogon Notify: runun - C:\DOCUME~1\tami\LOCALS~1\Temp\nunur.dat
O20 - Winlogon Notify: svcjava - C:\DOCUME~1\tami\LOCALS~1\Temp\avajcvs.dat
O20 - Winlogon Notify: svrvss - C:\DOCUME~1\tami\LOCALS~1\Temp\ssvrvs.dat
O20 - Winlogon Notify: wintask - C:\DOCUME~1\tami\LOCALS~1\Temp\ksatniw.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

 

@ petjelly

Run HJT again and place a check next to these items.

*R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

*O2 - BHO: (no name) - SOFTWARE - (no file)

*O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

*O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL

*O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\tami\LOCALS~1\Temp\pxeyek.dat

*O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)

*O2 - BHO: (no name) - {ADEA969C-91E8-86C2-98DB-AE576926F4E1} - C:\WINDOWS\system32\msadblock32.dll

*O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup –s

*O10 - Hijacked Internet access by New.Net

*O10 - Hijacked Internet access by New.Net

*O10 - Hijacked Internet access by New.Net

*O10 - Hijacked Internet access by New.Net

*O10 - Hijacked Internet access by New.Net

After you have checked these items press the button "Fix checked"

[bold]Next Step[/bold]

Find and delete:
c:\windows\system32\msadblock32.dll <--- file
c:\Program Files\NewDotNet\newdotnet7_22.dll

Some malware files may be "hidden".
Be sure to show hidden files when looking for these file(s) and/or folder(s).


[bold]Next Step[/bold]

Go to
C:\WINDOWS\Driver Cache and delete all files

[bold]Next Step[/bold]
Open your web browser and select Tools-> Internet Options

Empty Cookies
Empty Temporary Internet files
Clear URL’s & Search History

Post a new HJT log after all this is done. I am going to see if dolphin2 will take a look at the new log.

Thank you! Hopefully we will have you running smooth again soon.

 

It wont let me delete c:\Program Files\NewDotNet\newdotnet7_22.dll?
It says its being used by another program.

 

Let me see. Can you remove it from safe mode or does your computer still not allow you to enter safe mode? Reboot and press F8 over and over until you get the option.

In the mean time I will see if I can find another way to remove it.

 

petjelly

Try this link for removal.
http://www.pchell.com/support/savenow.shtml

There are several steps to remove it and I'm not sure what your folder looks like. Let me know if you have any problems.

 

just to let you know i tried deleting it in safe mode and it did not work....

 

try that link I gave you.

 

I got it to delete. thanks and heres my scan log.


Logfile of HijackThis v1.99.1
Scan saved at 10:09:12 PM, on

7/11/2006
Platform: Windows XP (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00

(6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common

Files\Real\Update_OB\realsched.ex

e
C:\WINDOWS\System32\intell32.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://search-system.com/
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL

=

http://red.clientapps.yahoo.com/c

ustomize/ie/defaults/su/ymsgr6/*h

ttp://www.yahoo.com
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/c

ustomize/ie/defaults/sb/ymsgr6/*h

ttp://www.yahoo.com/ext/search/se

arch.html
R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://us.rd.yahoo.com/customize/

ie/defaults/sp/msgr7/*http://www.

yahoo.com
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R0 -

HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 -

HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.com/customize/

ie/defaults/su/msgr7/*http://www.

yahoo.com
R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title =

Microsoft Internet Explorer

provided by CenturyTel
R1 -

HKCU\Software\Microsoft\Windows\C

urrentVersion\Internet

Settings,AutoConfigURL =

221.10.124.34:8080
R1 -

HKCU\Software\Microsoft\Windows\C

urrentVersion\Internet

Settings,ProxyServer =

221.10.124.34:8080:0
R0 -

HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName

=
O1 - Hosts: nu.com
O1 - Hosts: nu.com
O1 - Hosts: .whenu.com
O1 - Hosts: .whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: c.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: nc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: inc.whenu.com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O1 - Hosts: yfind.com
O1 - Hosts: yfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: .zestyfind.com
O1 - Hosts: .zestyfind.com
O1 - Hosts: .offeroptimizer.com
O1 - Hosts: so.offeroptimizer.com
O1 - Hosts: 1
O1 - Hosts: 127.0.0.
O1 - Hosts: 1 www.z
O1 - Hosts: .com
O1 - Hosts: ar.com
O1 - Hosts: lbar.com
O1 - Hosts: oolbar.com
O1 - Hosts: rtoolbar.com
O1 - Hosts: 127.0.
O1 - Hosts: sertoolbar.com
O1 - Hosts: owsertoolbar.com
O1 - Hosts: 127
O1 - Hosts: 2.browsertoolbar.com
O1 - Hosts:

ww2.browsertoolbar.com
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF105774

73F7} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5

CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C908

2467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [*tcpiis]

C:\WINDOWS\system32\1028\tcpiis.e

xe
O4 - HKLM\..\Run: [*jpegdb]

C:\WINDOWS\Driver

Cache\jpegdb.exe
O4 - HKLM\..\Run: [*utilvss]

C:\WINDOWS\AppPatch\utilvss.exe
O4 - HKLM\..\Run: [*crbak]

C:\WINDOWS\Tasks\crbak.exe
O4 - HKLM\..\Run: [*expdrv]

C:\WINDOWS\system32\Microsoft\exp

drv.exe
O4 - HKLM\..\Run: [*urlsvc]

C:\WINDOWS\security\Database\urls

vc.exe
O4 - HKLM\..\Run: [*mckey]

C:\WINDOWS\Config\mckey.exe
O4 - HKLM\..\Run: [*urljava]

C:\WINDOWS\addins\urljava.exe
O4 - HKLM\..\Run: [*logbas]

C:\WINDOWS\Windows Update Setup

Files\logbas.exe
O4 - HKLM\..\Run: [*psvss]

C:\WINDOWS\Config\psvss.exe
O4 - HKLM\..\Run: [*xmltask]

C:\WINDOWS\msagent\xmltask.exe
O4 - HKLM\..\Run: [*mfcac]

C:\WINDOWS\Web\mfcac.exe
O4 - HKLM\..\Run: [MSConfig]

C:\WINDOWS\PCHealth\HelpCtr\Binar

ies\MSConfig.exe /auto
O4 - HKLM\..\Run: [msadcheck]

C:\WINDOWS\system32\msadcheck32.e

xe
O4 - HKLM\..\Run: [TkBellExe]

"C:\Program Files\Common

Files\Real\Update_OB\realsched.ex

e" -osboot
O4 - HKLM\..\Run: [intell32.exe]

C:\WINDOWS\System32\intell32.exe
O4 - HKCU\..\Run: [msadcheck]

C:\WINDOWS\system32\msadcheck32.e

xe
O8 - Extra context menu item:

&Google Search - res://c:\program

files\google\GoogleToolbar2.dll/c

msearch.html
O8 - Extra context menu item:

&Search -

http://ka.bar.need2find.com/KA/me

nusearch.html?p=KA
O8 - Extra context menu item:

Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/c

mbacklinks.html
O8 - Extra context menu item:

Cached Snapshot of Page -

res://c:\program

files\google\GoogleToolbar2.dll/c

mcache.html
O8 - Extra context menu item:

Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/c

msimilar.html
O8 - Extra context menu item:

Translate into English -

res://c:\program

files\google\GoogleToolbar2.dll/c

mtrans.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\j2re1.4.2_04\bin\npjpi

142_04.dll
O9 - Extra 'Tools' menuitem: Sun

Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C60

8501} - C:\Program

Files\Java\j2re1.4.2_04\bin\npjpi

142_04.dll
O15 - Trusted Zone:

http://*.windupdates.com
O16 - DPF:

{1D4DB7D2-6EC9-47A3-BD87-1E41684E

07BB} -

http://ak.imgfarm.com/images/noca

che/funwebproducts/ei/PopularScre

enSaversInitialSetup1.0.0.8.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E

833C} (WUWebControl Class) -

http://update.microsoft.com/windo

wsupdate/v6/V5Controls/en/x86/cli

ent/wuweb_site.cab?1137192597396
O20 - Winlogon Notify: dbcab -

C:\DOCUME~1\tami\LOCALS~1\Temp\ba

cbd.dat
O20 - Winlogon Notify: dosreg -

C:\DOCUME~1\tami\LOCALS~1\Temp\ge

rsod.dat
O20 - Winlogon Notify: hardcat -

C:\DOCUME~1\tami\LOCALS~1\Temp\ta

cdrah.dat
O20 - Winlogon Notify: liburl -

C:\DOCUME~1\tami\LOCALS~1\Temp\lr

ubil.dat
O20 - Winlogon Notify: msvcabr -

C:\DOCUME~1\tami\LOCALS~1\Temp\rb

acvsm.dat
O20 - Winlogon Notify: runun -

C:\DOCUME~1\tami\LOCALS~1\Temp\nu

nur.dat
O20 - Winlogon Notify: svcjava -

C:\DOCUME~1\tami\LOCALS~1\Temp\av

ajcvs.dat
O20 - Winlogon Notify: svrvss -

C:\DOCUME~1\tami\LOCALS~1\Temp\ss

vrvs.dat
O20 - Winlogon Notify: wintask -

C:\DOCUME~1\tami\LOCALS~1\Temp\ks

atniw.dat
O23 - Service: Adobe LM Service -

Adobe Systems - C:\Program

Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service

for CDROM Access - Creative

Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer

Status Agent2 (EPSONStatusAgent2)

- SEIKO EPSON CORPORATION -

C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\11\Int

el 32\IDriverT.exe