Removal of Transponder Pynix

  • Thread starter Thread starter Graham
  • Start date Start date
G

Graham

Hi,

I wondered if anyone has managed to removal the spyware
Transponder pynix (part of the Adware BetterInternet I
think)? It keeps trying to install on startup and windows
anti spyware beta is preventing it, however I would like to
remove it from my system completely. I've looked in all the
obvious places for it (Regedit Windows-run etc.) and delete
various related files according to this website:
http://www.doxdesk.com/parasite/Transponder.html
But still it lives! Can anyone help me? I'm running XP home.

Thanks in advance
 
Open Microsoft AntiSpyware and send a suspected spyware
report from the Tools
Menu.

For maximum effectiveness, proceed as follows:


Update your Microsoft Antispyware definitions. Is your
antivirus application also up to date?


Restart the machine in safe mode and Login as Administrator


Do a full, deep scan with Microsoft Antispyware (and,
ideally, your antivirus as well)

Download
http://www.lavasoftusa.com/support/download/
and on the left panel, look for add-on, download the fix
for VX2.

This is what I found (You better download HijackThis and
run it)

Variant: Pynix is one of the last of the VX2/Host
variants
File Name: pynix.dll
CLSID: {00000000-DD60-0064-6EC2-6E0100000000}
MD5: 5bd94bb7d4a9a6624612a6eb7f801151
Components: Pynix.dll, Pynix.inf, Pynix.cab, polall1p.exe,
thnall1p.exe

File Locations:
download.abetterinternet.com/download/cabs/PYNXDLL/pynix.ca
b
download.abetterinternet.com/download/cabs/PYNXDLL/polall1p
..exe
static.callinghome.biz/download/cabs/THNALL1P/thnall1p.exe

Registry Entries:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{00000000-DD60-0064-
6EC2-6E0100000000}]


**
[HKEY_CLASSES_ROOT\CLSID\{00000000-DD60-0064-6EC2-
6E0100000000}]
@="PynixObj Class"

[HKEY_CLASSES_ROOT\CLSID\{00000000-DD60-0064-6EC2-
6E0100000000}\InprocServer32]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\Pynix.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{00000000-DD60-0064-6EC2-
6E0100000000}\ProgID]
@="Pynix.PynixObj.1"

[HKEY_CLASSES_ROOT\CLSID\{00000000-DD60-0064-6EC2-
6E0100000000}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{00000000-DD60-0064-6EC2-
6E0100000000}\TypeLib]
@="{09049e4f-8d9e-4c8a-a952-5baf1a115c59}"

[HKEY_CLASSES_ROOT\CLSID\{00000000-DD60-0064-6EC2-
6E0100000000}\VersionIndependentProgID]
@="Pynix.PynixObj"

**
[HKEY_CLASSES_ROOT\Interface\{94984402-B480-45C7-AD2D-
84E5EB52CFCD}]
@="IPynixDllObj"

[HKEY_CLASSES_ROOT\Interface\{94984402-B480-45C7-AD2D-
84E5EB52CFCD}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{94984402-B480-45C7-AD2D-
84E5EB52CFCD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{94984402-B480-45C7-AD2D-
84E5EB52CFCD}\TypeLib]
@="{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}"
"Version"="1.1"

**
[HKEY_CLASSES_ROOT\PynixDll.PynixDllObj]
@="Pynix Functional Class"

[HKEY_CLASSES_ROOT\PynixDll.PynixDllObj\CLSID]
@="{00000000-DD60-0064-6EC2-6E0100000000}"

[HKEY_CLASSES_ROOT\PynixDll.PynixDllObj\CurVer]
@="PynixDll.PynixDllObj.1"

**
[HKEY_CLASSES_ROOT\PynixDll.PynixDllObj.1]
@="PynixObj Class"

[HKEY_CLASSES_ROOT\PynixDll.PynixDllObj.1\CLSID]
@="{00000000-DD60-0064-6EC2-6E0100000000}"

**
[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}]

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1]
@="PynixDll 1.1 Type Library"

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\0]

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\0\win32]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\Pynix.dll"

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\FLAGS]
@="0"

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\HELPDIR]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\"

**
[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}]

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1]
@="PynixDll 1.1 Type Library"

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\0]

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\0\win32]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\Pynix.dll"

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\FLAGS]
@="0"

[HKEY_CLASSES_ROOT\TypeLib\{09049E4F-8D9E-4C8A-A952-
5BAF1A115C59}\1.1\HELPDIR]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\"

**
[HKEY_CURRENT_USER\Software\Pynix]
"PYI2d3OfSInst"="{F7BA28A1-78BE-483B-842D-4A588E027D16}"
"PYC2n3trMsgSDisp"=dword:00000032
"PYT2o3pListSPos"=dword:00000000
"PYs2t3icky1S"="lflshdt%3D1107813726%26lstlogdt%3D20050207%
260%3D%26cntp%3Dcable%26"
"PYs2t3icky2S"="fstcidt%3D1107813726382%260%3D%26"
"PYs2t3icky3S"="0"
"PYs2t3icky4S"="0"
"PYC1o2d3eOfSFinalAd"="0"
"PYT2i3m4eOfSFinalAd"="0"
"PYD2s3tSSEnd"="'>-,ÀÀÍ,fÌ,f<SÔOYÕZͶ^"Ì>o"
"PY2N3a4tionSCode"="US"
"PYP2D3om"=".?"-^?'?",<^YÌ'Y"
"PYI2n3ProgSCab"=dword:00000000
"PYI2n3ProgSEx"=dword:00000000
"PYI2n3ProgSLstest"=dword:00000000
"PYL2a3stSSChckin"=dword:0000041a
"PYB2D3om"=">??ZS>">??"S-ÜT?ZTf<T?Á?."
"PYC2u3rrentSMode"=dword:00000001
"PYC2n3tFyl"=dword:00000000
"PYM2o3deSSync"=dword:0000000b
"PYT2h3rshSBath"=dword:00002710
"PYT2h3rshSysSInf"=dword:000007d0
"PYT2h3rshSCheckSIn"=dword:0000002d
"PYT2h3rshSMots"=dword:00000064
"PYL2n3Title"=dword:0000001e
"PYI2g3noreS"="Tf
"PYS2t3atusOfSInst"="roger"

**
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-DD60-
0064-6EC2-6E0100000000}]
@="PynixObj Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-DD60-
0064-6EC2-6E0100000000}\InprocServer32]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\Pynix.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-DD60-
0064-6EC2-6E0100000000}\ProgID]
@="Pynix.PynixObj.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-DD60-
0064-6EC2-6E0100000000}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-DD60-
0064-6EC2-6E0100000000}\TypeLib]
@="{09049e4f-8d9e-4c8a-a952-5baf1a115c59}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-DD60-
0064-6EC2-6E0100000000}\VersionIndependentProgID]
@="Pynix.PynixObj"


**
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94984402-
B480-45C7-AD2D-84E5EB52CFCD}]
@="IPynixDllObj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94984402-
B480-45C7-AD2D-84E5EB52CFCD}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94984402-
B480-45C7-AD2D-84E5EB52CFCD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94984402-
B480-45C7-AD2D-84E5EB52CFCD}\TypeLib]
@="{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}"
"Version"="1.1"
**
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PynixDll.PynixDllObj]
@="Pynix Functional Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PynixDll.PynixDllObj\C
LSID]
@="{00000000-DD60-0064-6EC2-6E0100000000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PynixDll.PynixDllObj\C
urVer]
@="PynixDll.PynixDllObj.1"


**
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PynixDll.PynixDllObj.1
]
@="PynixObj Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PynixDll.PynixDllObj.1
\CLSID]
@="{00000000-DD60-0064-6EC2-6E0100000000}"

**
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1]
@="PynixDll 1.1 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\0\win32]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\Pynix.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\FLAGS]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\HELPDIR]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\"


**
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1]
@="PynixDll 1.1 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\0\win32]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\Pynix.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\FLAGS]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09049E4F-
8D9E-4C8A-A952-5BAF1A115C59}\1.1\HELPDIR]
@="C:\\DOCUME~1\\pjordan\\LOCALS~1\\Temp\\"


**
[HKEY_USERS\S-1-5-21-1993962763-1708537768-1850160755-1003
\Software\Pynix]
"PYI2d3OfSInst"="{F7BA28A1-78BE-483B-842D-4A588E027D16}"
"PYC2n3trMsgSDisp"=dword:00000032
"PYT2o3pListSPos"=dword:00000000
"PYs2t3icky1S"="lflshdt%3D1107813726%26lstlogdt%3D20050207%
260%3D%26cntp%3Dcable%26"
"PYs2t3icky2S"="fstcidt%3D1107813726382%260%3D%26"
"PYs2t3icky3S"="0"
"PYs2t3icky4S"="0"
"PYC1o2d3eOfSFinalAd"="0"
"PYT2i3m4eOfSFinalAd"="0"
"PYD2s3tSSEnd"="'>-,ÀÀÍ,fÌ,f<SÔOYÕZͶ^"Ì>o"
"PY2N3a4tionSCode"="US"
"PYP2D3om"=".?"-^?'?",<^YÌ'Y"
"PYI2n3ProgSCab"=dword:00000000
"PYI2n3ProgSEx"=dword:00000000
"PYI2n3ProgSLstest"=dword:00000000
"PYL2a3stSSChckin"=dword:0000041a
"PYB2D3om"=">??ZS>">??"S-ÜT?ZTf<T?Á?."
"PYC2u3rrentSMode"=dword:00000001
"PYC2n3tFyl"=dword:00000000
"PYM2o3deSSync"=dword:0000000b
"PYT2h3rshSBath"=dword:00002710
"PYT2h3rshSysSInf"=dword:000007d0
"PYT2h3rshSCheckSIn"=dword:0000002d
"PYT2h3rshSMots"=dword:00000064
"PYL2n3Title"=dword:0000001e
"PYI2g3noreS"="Tf
"PYS2t3atusOfSInst"="roger"
 
Hi Engel,

I did what you said; updated my definitions, restarted in
safe mode and ran a full deep scan and also downloaded the
lavasoft removal software but its still there - windows
anti spyware detects it on startup! I have included a
hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 08:13:39, on 15/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\audio\MOTU\FireWire Audio\MFWAKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Graham
Archer\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet
Explorer\SearchURL,(Default) = http://www.google.co.uk
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://www.york.ac.uk/proxy.config
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = wwwcache.sns.york.ac.uk:8080
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) -
_{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) -
{BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: BT Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN
Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program
Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program
Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task]
"C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner]
C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program
Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: MFWAKeys.lnk = C:\audio\MOTU\FireWire
Audio\MFWAKeys.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: BT Yahoo! Sidebar -
{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program
Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar -
{51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program
Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: BT -
{94879043-16A1-425D-90CC-EB5D3F8F73C6} - http://www.bt.com
(file missing) (HKCU)
O9 - Extra button: Homepage -
{97367153-69C3-4610-835E-ACF3A3CEB6EC} -
http://bt.yahoo.com (file missing) (HKCU)
O16 - DPF: ppctlcab -
http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
(SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276}
(yucsetreg Class) - C:\Program
Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(YInstStarter Class) - C:\Program
Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093180511655
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7}
(DmiReader Class) -
http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer,
Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)
Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) -
Unknown owner - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) -
Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos
Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: YPCService - Yahoo! Inc. -
C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

If you can help it would be great.
 
Back
Top