Hi I need help as well. Hijackthis has detected these... I don't seem to find the part that explains why www.lookfor.cc appears...

Logfile of HijackThis v1.97.7
Scan saved at 09:02:22, on 25.03.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Your system isseriously hosed. You left yourself wide open to this, since you are way behind on your patches. You need the XP Service Pack 1 (XP-SP1) and all the security patches for Internet Explorer as soon as this is cleaned up. You may even find that a full format and reinstall are required!

Before you try to fix the following, you need to run an up-to-date virus checker and adware/spyware tool against your system. I see Trend Micro's online checker Housecall recommended here a lot. Important: this list is for information only right now, until you run some tools! The list of tools wil be at the end, along with some of the problems.

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
C:\WINDOWS\System32\calsdr.dll

O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and
Settings\Christian Sugiono\Application Data\windi\windi.dll

O2 - BHO: (no name) - {7F0208C6-31B8-98CB-55E4-5072CEA2DEB4} - (no file)

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} -
C:\Documents and Settings\Christian Sugiono\Application
Data\windi\mssearch.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} -
C:\Documents and Settings\Christian Sugiono\Application Data\windi\msiesh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

O4 - HKLM\..\Run: [nsvdr] c:\program files\dialers\nsvdr\nsvdr.exe /noconnect

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\Run: [msbb] C:\WINDOWS\System32\msbb.exe

O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\webcheck.exe

O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install

The following malware is on your system: Trojan Win32.Dluca, BugBear virus, CoolWebSearch, ShopAtHome, a porn dialer, and OfferOptimizer. There may be others, as well.

Start with the online virus scan, then run CWShredder , then Ad-Aware . Make sure your data file is up-to-date before running Ad-Aware.

Once your infestation is under control, you may need to run fixer software to get your internet connection back. We'll cross that bridge when we come to it. Once you have performed the above steps, re-run HijackThis, post the new results, and we will finish the cleanup.

For future reference, the following items are superfluous and can be deleted later:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = ?

O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = ?

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/229b509722f6ea246802/netzip/RdxIE601_de.cab

I think my system also need the patch, but with dial up it takes forever and usually something screws it up(like last time I fell asleep) is there an easy way to get the patch without spending 2-3 hours waiting for it to maybe download... any way to get it on CD or from Bill gates "billionaire"???

any help would be appreciated, the shredder resets everything but eventually some bad stuff comes back and to be truthful my wife is tired of naked teens....

I think my system also need the patch, but with dial up it takes forever and usually something screws it up(like last time I fell asleep) is there an easy way to get the patch without spending 2-3 hours waiting for it to maybe download.

Spybot Search & Destroy has an "Immunize" function that blocks a lot of the bad stuff. You can also download SpywareBlaster , which can help too. Did you read my article?

The use of Mozilla for the majority of your browsing will also reduce problems, since ActiveX and browser helper objects are unique to Internet Explorer.

Which version of Windows are you running? There are other patches for Windows XP from Gibson Research .

I have now switched to Mozilla to try that out, it seems very similar to netscape was on my mac 3 versions ago... have only had it going for a short time so too early to tell if those pesky popups are still there... also i ran a hijack this report so you can tell me if there is any other stuff to get rid of...

again any other help would be great... again is there any easier way to get the proper MS patches than download??

Logfile of HijackThis v1.97.7

Scan saved at 1:06:41 PM, on 4/2/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\LTSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\System32\wydcwtgy.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsupc.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fujitsupc.com/

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\madise.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [dhphwqkr] C:\WINDOWS\System32\wydcwtgy.exe

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_XP.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://rmlsweb.com/XMLSearch/XMLCache.CAB

O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab

O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38064.9629050926

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -

Is there any easier way to get the proper MS patches than download?

You can go to the Microsoft site and request a patch CD for your version of the OS. As far as I know, it's free.

You have at least one hijacker, IESearchBar . You may want to check per their "manual removal instructions" after killing things with HijackThis.

Remove the following items:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINDOWS\madise.dll32\msdxm.ocx

O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [dhphwqkr] C:\WINDOWS\System32\wydcwtgy.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -

and you should be OK. Be aware that OSA.EXE and qttask.exe are not malicious, just worthless and wasteful.

Once you are done, reboot and delete the following:

* C:\WINDOWS\System32\wydcwtgy.exe
* C:\WINDOWS\System32\bridge.dll
* C:\Program Files\iesearchbar\iesearchbar.dll
* C:\WINDOWS\System32\wydcwtgy.exe
* C:\WINDOWS\madise.dll32\msdxm.ocx
* C:\WINDOWS\2_0_1browserhelper2.dll

well I got rid of all the items you recomended and here is what is now on the log... look good??? thanks for all your help so far...

also I was trying to add a new theme overlay. and have had no luck getting it set up, am I doing something to make it too difficult??? maybe I should just give up the idea of making mozill look better...

also is there a good reference manual/book that goes thru XP and is friendly to a novice... Im somewhat computer literate but have spent most of my home computer time on a MAC... I realy dont like the way MS hides everything and makes it so hard to determine what does what... so a resource that would let me "customize" XP with out damaging the system...

thanks and here is the latest log file...:)

Logfile of HijackThis v1.97.7
Scan saved at 8:51:59 AM, on 4/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsupc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fujitsupc.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_XP.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://rmlsweb.com/XMLSearch/XMLCache.CAB
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38064.9629050926
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7446039-EA37-45AF-AB88-710527A24FBE}: NameServer = 209.244.0.3 209.244.0.4

well I got rid of all the items you recomended and here is what is now on the log... look good??? thanks for all your help so far...

Also, I was trying to add a new theme overlay. and have had no luck getting it set up, am I doing something to make it too difficult??? maybe I should just give up the idea of making mozilla look better...

also is there a good reference manual/book that goes thru XP and is friendly to a novice... Im somewhat computer literate but have spent most of my home computer time on a MAC... I realy dont like the way MS hides everything and makes it so hard to determine what does what... so a resource that would let me "customize" XP without damaging the system...

Great job! :cheesy: It looksmuch cleaner. The lat suggestion I would make on your HjT log is that you download and install the latest version of the Adobe Reader --you have v5.0, current is v6.01. As with many other programs these days, older versions present a security risk. It's also a good idea to uninstall the old version before installing the new.

Mozilla themes are not hard. It's done from the drop-down View menu. The last item is Apply Theme and the selection is Get New Themes. The best source is mozdev.org and my favorites are Pinball, Wood, and SkyPilot. Be sure to get a theme appropriate to your Moz-version.

There are many places on the net that offer information on WinXP, geared to many levels of knowledge, understanding and interest. Two interesting ones are http://www.TheElderGeek.com and http://www.WinXPNews.com -- one caveat, while WinXPNews is a decent site, don't sign up for the newsletter! The site is run by known spammers, and the content is the hook (a realy good one, in this case). Fortunately, you don't have to sign up to read issues or search the site.