I thought I fixed this by reading threads here, but apparently it didn't work. Here's a HJT log and the files that AdAware are saying are bad registry items. My System Mechanic also says there is a dangerous file type and no firewall detected. I would appreciate any help you can give and this time I won't answer my own thread. AdAware: Two registry values are HKEY_CLASSES_ROOT:regfile/shell/open/command""(notepad.exe%1) and HKEY_CLASSES_ROOT:scrfile/shell/open/comman""(notepad.exe %1) Here's the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 6:53:35 AM, on 11/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\HP\KBD\KBD.EXE C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155054091156 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Hello Ruffian15, first I would like to apologize. [bold]I[/bold] looked over your logs when you posted last time and was going to reply, but as you said, you replied and [bold]I[/bold] must have continued to look over until it was too late. Let's see if I can help this time. First, System Mechanic is correct in prompting you about not having a firewall. Having a firewall is very important. I strongly recommend you download one. Here are a few that are offered for free: Zone Alarm Free Agnitum Outpost Firewall Kerio Personal Firewall Remember to turn off Windows firewall if it is running. Second, your HjT log is relativity clean. Just some things you need to fix. Run a scan only with HijackThis, check these then click "Fix checked". [bold]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...lion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab [/bold] Java is way out of date. Still having version 4.0 is a [bold]major[/bold] security issue. Go here and download [bold]Java Runtime Environment 5.0 Update 9[/bold]. Uninstall all previous version and updates of JRE via [bold]Add/Remove Programs[/bold]. Restart and install [bold]Update 9[/bold]. Then, let's run an online scan to see if it can find anything. Go here to run [bold]Kaspersky Online Scanner[/bold]. After downloading, click "[bold]My Computer[/bold]" to scan. After scanning, click "[bold]Save report as[/bold]". Save as a text file on the desktop. Please post back with the Kaspersky log and a new HijackThis log.
Thank you for your help on this. You do know that we all appreciate the work you do for us. Ok...firewall. The problem is that I DO have a firewall, but the scans are saying that they don't detect it. That fact, and the fact that AdAware comes up with that weird notebook entry and System Mechanic says there are security vulnerabilties tells me that something is amiss somewhere. Anyway..here are new logs. And I'm sorry, but stupid me forgot to save in a txt file format. HJT log: Logfile of HijackThis v1.99.1 Scan saved at 8:39:21 AM, on 11/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe C:\Program Files\iTunes\iTunesHelper.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155054091156 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Kaspersky log: KASPERSKY ONLINE SCANNER REPORT Saturday, November 25, 2006 8:35:15 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 25/11/2006 Kaspersky Anti-Virus database records: 231601 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan Statistics Total number of scanned objects 103514 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 01:01:47 Infected Object Name Virus Name Last Action C:\Documents and Settings\HP_Owner\Application Data\ispnews\ispn.ini Object is locked skipped C:\Documents and Settings\HP_Owner\Application Data\ispnews\ispnc.items Object is locked skipped C:\Documents and Settings\HP_Owner\Application Data\ispnews\ispnr.items Object is locked skipped C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012006112520061126\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\dbupdate.log Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Qrt.log Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\fsbwupst.log Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\L0000054.FCS Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\main.log Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\Common\admin.pub Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\Common\policy.bpf Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\Common\policy.ipf Object is locked skipped C:\Program Files\Charter High-Speed Security Suite\Spam Control\log\fs_sa_log.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\rnapxs\rnapxs.dat Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{C499BED5-6860-45F1-992A-2CEDC1E7874C}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
Your computer is clean. System Mechanic is prompting you about a firewall probably because it can't recognize F-Secure's Firewall. Even I looked over it, the reason I posted the link for a firewall. What you'll need to do is change the setting in System Mechanic to not look for a firewall. Now, personally I've never use System Mechanic so I wouldn't know where that setting would be. Just search around for it and let me know if you find it. If not, I'll search for you answer on how to change it to not detect a firewall.
Thank you, Niobis. I guess it's good to know everything's clean. I can't imagine why all this time all my scanning programs showed everything was clean and then boom! problems showed up with security issues. f-Secure had a troubleshooting thing where I could send my info if it's not recognizing my firewall, so I'll wait for a reply from them. Do you have any idea what those notepad indicators are from AdAware? They are listed under registry items and never showed up until recently.
Thoses Ad-Aware entires are not bad. Ad-Aware lists many safe registry keys along with many safe files. It's just the way Ad-Aware logs things. Keep me posted on the firewall issue.
@Ruffian I have those same two notepad entries im my registry but my AdAware does not flag them. I noticed if I empty the prefetch folder and reboot there is alway an entry put back in there that the notepad program was invoked of sorts as prefetch keeps track of programs that have been used. Im not sure if it has always been that way or not or why it was used. What I might do is rename the notepad.exe file to note.exe and reboot to see if anything gets unhappy. Ill let you know
The notepad item you speak of in prefetch is the layout file,i think it just starts up programs in order at bootup
I'm not sure what a prefetch file is or how to rename a notepad file, but let me ask this. Could there be a hidden file somewhere that is making these scans flag items? System Mechanic says there is a dangerous file type and can't fix it. These are things that I should just ignore and have the program ignore? Thanks, everyone, for your input.
Well some pretty strange stuff happened. First notepad seems to be in both the c:windows and c:windoes/system32 folders. Seems strange. Then I tried to rename them to note.exe but they recreated themselfs as I think they are windows protected files. So ok up to this point. I went to the folder that had wordpad and noticed there was a file named Note.exe I thought it was just what I created with a new operating system generated notepad.exe next to it. I deleated the Note.exe file then I reboot and all hell breaks loose. The screen flashes and does all kind of weird things, opens a couple of opereating system screens and a bunch of other strange stuff. So I close the windows and it all looked normal. I cleared the prefech folder and rebooted again. Now notepad did not show up in the prefetch folder which means something that used it was no using it anymore at startup. For kicks I did a system restore to yesterday and all looks well just like normal except notepad no longer is auto launched by what ever was using it. Note.exe did not return even with a system restore. Now the bad news. Renaming it to note.exe might not have been a good idea because now I don't know if it was there all along or not. Note.exe was what microsoft called notepad a long time ago. Note.exe is also created buy several trogen keyloggers and several other bad things. While I don't know if removing note.exe did any good or bad I do know that notepad no longer launches at startup and what ever created it in the first place has not created it again. Notepad works as normal so I didn't hurt that. Could something be hiding? There might be. I don't know. My HJT log and everything else I run says im clean and have no strange things happening with the system. It was your first post that made me nosy enough to go look at this. Im not sure if I should thank you of not LOL Sidenote: I just did a cold restart and all appears to still be fine. The fact your program flags it and mine does not would bother me. I have nothing on ignore.
Well, either you're welcome or I'm sorry. LOL Here's something else to throw into the mix. My System Mechanic keeps saying that I have an unnecessary/dangerous file in start-up and it flags for removal, but somehow it keeps coming back. I used to be able to have a totally clean Ad Aware and System Mechanic scan (less dumb ad cookies) but never any problems like this that show up. They all showed up at once and I can't get it back to the clean scans anymore. I'm stumped.
