Options
Please help me get rid of Home Search!!!
I ran HiJack This, here is my log:
Logfile of HijackThis v1.98.0
Scan saved at 5:18:18 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\drivers\KodakCCS.exe
D:\PROGRA~1\Navnt\npssvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\ScsiAccess.EXE
D:\WINDOWS\atloi32.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
D:\WINDOWS\System32\bhrbhc.exe
D:\WINDOWS\sdkkr.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Navnt\navapw32.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mzbpt.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mzbpt.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mzbpt.dll/index.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = D:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = D:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E5C401F8-2337-B367-1520-696028765338} - D:\WINDOWS\system32\ievn32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nzjxqfwpqjd] D:\WINDOWS\System32\bhrbhc.exe
O4 - HKLM\..\Run: [sdkkr.exe] D:\WINDOWS\sdkkr.exe
O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] D:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe
O4 - HKLM\..\RunOnce: [appwb32.exe] D:\WINDOWS\system32\appwb32.exe
O4 - HKLM\..\RunOnce: [apijz32.exe] D:\WINDOWS\system32\apijz32.exe
O4 - HKLM\..\RunOnce: [sdkjq32.exe] D:\WINDOWS\sdkjq32.exe
O4 - HKLM\..\RunOnce: [sdkzg32.exe] D:\WINDOWS\system32\sdkzg32.exe
O4 - HKLM\..\RunOnce: [ntpz32.exe] D:\WINDOWS\system32\ntpz32.exe
O4 - HKLM\..\RunOnce: [sysqb32.exe] D:\WINDOWS\sysqb32.exe
O4 - HKLM\..\RunOnce: [msml.exe] D:\WINDOWS\msml.exe
O4 - HKLM\..\RunOnce: [d3ce.exe] D:\WINDOWS\d3ce.exe
O4 - HKLM\..\RunOnce: [javaya.exe] D:\WINDOWS\javaya.exe
O4 - HKLM\..\RunOnce: [appeo32.exe] D:\WINDOWS\appeo32.exe
O4 - HKLM\..\RunOnce: [netcw.exe] D:\WINDOWS\netcw.exe
O4 - HKLM\..\RunOnce: [crxz.exe] D:\WINDOWS\crxz.exe
O4 - HKLM\..\RunOnce: [javaqk.exe] D:\WINDOWS\javaqk.exe
O4 - HKLM\..\RunOnce: [sysig.exe] D:\WINDOWS\sysig.exe
O4 - HKLM\..\RunOnce: [d3om.exe] D:\WINDOWS\d3om.exe
O4 - HKLM\..\RunOnce: [sdkbb32.exe] D:\WINDOWS\system32\sdkbb32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] D:\WINDOWS\sdkys.exe
O4 - HKLM\..\RunOnce: [syszm.exe] D:\WINDOWS\syszm.exe
O4 - HKLM\..\RunOnce: [addxo32.exe] D:\WINDOWS\addxo32.exe
O4 - HKLM\..\RunOnce: [mfcjl.exe] D:\WINDOWS\system32\mfcjl.exe
O4 - HKLM\..\RunOnce: [mfcdq32.exe] D:\WINDOWS\system32\mfcdq32.exe
O4 - HKLM\..\RunOnce: [atlsj.exe] D:\WINDOWS\atlsj.exe
O4 - HKLM\..\RunOnce: [ntlf.exe] D:\WINDOWS\system32\ntlf.exe
O4 - HKLM\..\RunOnce: [addws.exe] D:\WINDOWS\addws.exe
O4 - HKLM\..\RunOnce: [netau.exe] D:\WINDOWS\system32\netau.exe
O4 - HKLM\..\RunOnce: [appgs32.exe] D:\WINDOWS\appgs32.exe
O4 - HKLM\..\RunOnce: [winss32.exe] D:\WINDOWS\system32\winss32.exe
O4 - HKLM\..\RunOnce: [winbw32.exe] D:\WINDOWS\system32\winbw32.exe
O4 - HKLM\..\RunOnce: [appjz.exe] D:\WINDOWS\appjz.exe
O4 - HKLM\..\RunOnce: [addca32.exe] D:\WINDOWS\system32\addca32.exe
O4 - HKLM\..\RunOnce: [mfcat.exe] D:\WINDOWS\system32\mfcat.exe
O4 - HKLM\..\RunOnce: [ieuf32.exe] D:\WINDOWS\system32\ieuf32.exe
O4 - HKLM\..\RunOnce: [msfb32.exe] D:\WINDOWS\system32\msfb32.exe
O4 - HKLM\..\RunOnce: [d3bq32.exe] D:\WINDOWS\d3bq32.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] D:\WINDOWS\system32\apizh32.exe
O4 - HKLM\..\RunOnce: [iefp.exe] D:\WINDOWS\iefp.exe
O4 - HKLM\..\RunOnce: [ievv.exe] D:\WINDOWS\ievv.exe
O4 - HKLM\..\RunOnce: [netiv32.exe] D:\WINDOWS\system32\netiv32.exe
O4 - HKLM\..\RunOnce: [apitw.exe] D:\WINDOWS\system32\apitw.exe
O4 - HKLM\..\RunOnce: [ipzz32.exe] D:\WINDOWS\system32\ipzz32.exe
O4 - HKLM\..\RunOnce: [appdk.exe] D:\WINDOWS\system32\appdk.exe
O4 - HKLM\..\RunOnce: [javaxb32.exe] D:\WINDOWS\javaxb32.exe
O4 - HKLM\..\RunOnce: [crrk32.exe] D:\WINDOWS\crrk32.exe
O4 - HKLM\..\RunOnce: [javazf.exe] D:\WINDOWS\javazf.exe
O4 - HKLM\..\RunOnce: [atlmu.exe] D:\WINDOWS\system32\atlmu.exe
O4 - HKLM\..\RunOnce: [sdkum.exe] D:\WINDOWS\sdkum.exe
O4 - HKLM\..\RunOnce: [atloi32.exe] D:\WINDOWS\atloi32.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll
I am very frustrated and would like to get rid of the junk ASAP!
Thank you!
Logfile of HijackThis v1.98.0
Scan saved at 5:18:18 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\drivers\KodakCCS.exe
D:\PROGRA~1\Navnt\npssvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\ScsiAccess.EXE
D:\WINDOWS\atloi32.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
D:\WINDOWS\System32\bhrbhc.exe
D:\WINDOWS\sdkkr.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Navnt\navapw32.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mzbpt.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mzbpt.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mzbpt.dll/index.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = D:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = D:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E5C401F8-2337-B367-1520-696028765338} - D:\WINDOWS\system32\ievn32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nzjxqfwpqjd] D:\WINDOWS\System32\bhrbhc.exe
O4 - HKLM\..\Run: [sdkkr.exe] D:\WINDOWS\sdkkr.exe
O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] D:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe
O4 - HKLM\..\RunOnce: [appwb32.exe] D:\WINDOWS\system32\appwb32.exe
O4 - HKLM\..\RunOnce: [apijz32.exe] D:\WINDOWS\system32\apijz32.exe
O4 - HKLM\..\RunOnce: [sdkjq32.exe] D:\WINDOWS\sdkjq32.exe
O4 - HKLM\..\RunOnce: [sdkzg32.exe] D:\WINDOWS\system32\sdkzg32.exe
O4 - HKLM\..\RunOnce: [ntpz32.exe] D:\WINDOWS\system32\ntpz32.exe
O4 - HKLM\..\RunOnce: [sysqb32.exe] D:\WINDOWS\sysqb32.exe
O4 - HKLM\..\RunOnce: [msml.exe] D:\WINDOWS\msml.exe
O4 - HKLM\..\RunOnce: [d3ce.exe] D:\WINDOWS\d3ce.exe
O4 - HKLM\..\RunOnce: [javaya.exe] D:\WINDOWS\javaya.exe
O4 - HKLM\..\RunOnce: [appeo32.exe] D:\WINDOWS\appeo32.exe
O4 - HKLM\..\RunOnce: [netcw.exe] D:\WINDOWS\netcw.exe
O4 - HKLM\..\RunOnce: [crxz.exe] D:\WINDOWS\crxz.exe
O4 - HKLM\..\RunOnce: [javaqk.exe] D:\WINDOWS\javaqk.exe
O4 - HKLM\..\RunOnce: [sysig.exe] D:\WINDOWS\sysig.exe
O4 - HKLM\..\RunOnce: [d3om.exe] D:\WINDOWS\d3om.exe
O4 - HKLM\..\RunOnce: [sdkbb32.exe] D:\WINDOWS\system32\sdkbb32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] D:\WINDOWS\sdkys.exe
O4 - HKLM\..\RunOnce: [syszm.exe] D:\WINDOWS\syszm.exe
O4 - HKLM\..\RunOnce: [addxo32.exe] D:\WINDOWS\addxo32.exe
O4 - HKLM\..\RunOnce: [mfcjl.exe] D:\WINDOWS\system32\mfcjl.exe
O4 - HKLM\..\RunOnce: [mfcdq32.exe] D:\WINDOWS\system32\mfcdq32.exe
O4 - HKLM\..\RunOnce: [atlsj.exe] D:\WINDOWS\atlsj.exe
O4 - HKLM\..\RunOnce: [ntlf.exe] D:\WINDOWS\system32\ntlf.exe
O4 - HKLM\..\RunOnce: [addws.exe] D:\WINDOWS\addws.exe
O4 - HKLM\..\RunOnce: [netau.exe] D:\WINDOWS\system32\netau.exe
O4 - HKLM\..\RunOnce: [appgs32.exe] D:\WINDOWS\appgs32.exe
O4 - HKLM\..\RunOnce: [winss32.exe] D:\WINDOWS\system32\winss32.exe
O4 - HKLM\..\RunOnce: [winbw32.exe] D:\WINDOWS\system32\winbw32.exe
O4 - HKLM\..\RunOnce: [appjz.exe] D:\WINDOWS\appjz.exe
O4 - HKLM\..\RunOnce: [addca32.exe] D:\WINDOWS\system32\addca32.exe
O4 - HKLM\..\RunOnce: [mfcat.exe] D:\WINDOWS\system32\mfcat.exe
O4 - HKLM\..\RunOnce: [ieuf32.exe] D:\WINDOWS\system32\ieuf32.exe
O4 - HKLM\..\RunOnce: [msfb32.exe] D:\WINDOWS\system32\msfb32.exe
O4 - HKLM\..\RunOnce: [d3bq32.exe] D:\WINDOWS\d3bq32.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] D:\WINDOWS\system32\apizh32.exe
O4 - HKLM\..\RunOnce: [iefp.exe] D:\WINDOWS\iefp.exe
O4 - HKLM\..\RunOnce: [ievv.exe] D:\WINDOWS\ievv.exe
O4 - HKLM\..\RunOnce: [netiv32.exe] D:\WINDOWS\system32\netiv32.exe
O4 - HKLM\..\RunOnce: [apitw.exe] D:\WINDOWS\system32\apitw.exe
O4 - HKLM\..\RunOnce: [ipzz32.exe] D:\WINDOWS\system32\ipzz32.exe
O4 - HKLM\..\RunOnce: [appdk.exe] D:\WINDOWS\system32\appdk.exe
O4 - HKLM\..\RunOnce: [javaxb32.exe] D:\WINDOWS\javaxb32.exe
O4 - HKLM\..\RunOnce: [crrk32.exe] D:\WINDOWS\crrk32.exe
O4 - HKLM\..\RunOnce: [javazf.exe] D:\WINDOWS\javazf.exe
O4 - HKLM\..\RunOnce: [atlmu.exe] D:\WINDOWS\system32\atlmu.exe
O4 - HKLM\..\RunOnce: [sdkum.exe] D:\WINDOWS\sdkum.exe
O4 - HKLM\..\RunOnce: [atloi32.exe] D:\WINDOWS\atloi32.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll
I am very frustrated and would like to get rid of the junk ASAP!
Thank you!
0
Comments
boot into safe mode, remove the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mzbpt.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mzbpt.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\mzbpt.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mzbpt.dll/index.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = D:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = D:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {E5C401F8-2337-B367-1520-696028765338} - D:\WINDOWS\system32\ievn32.dll
O4 - HKLM\..\Run: [nzjxqfwpqjd] D:\WINDOWS\System32\bhrbhc.exe
O4 - HKLM\..\Run: [sdkkr.exe] D:\WINDOWS\sdkkr.exe
O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe
O4 - HKLM\..\RunOnce: [appwb32.exe] D:\WINDOWS\system32\appwb32.exe
O4 - HKLM\..\RunOnce: [apijz32.exe] D:\WINDOWS\system32\apijz32.exe
O4 - HKLM\..\RunOnce: [sdkjq32.exe] D:\WINDOWS\sdkjq32.exe
O4 - HKLM\..\RunOnce: [sdkzg32.exe] D:\WINDOWS\system32\sdkzg32.exe
O4 - HKLM\..\RunOnce: [ntpz32.exe] D:\WINDOWS\system32\ntpz32.exe
O4 - HKLM\..\RunOnce: [sysqb32.exe] D:\WINDOWS\sysqb32.exe
O4 - HKLM\..\RunOnce: [msml.exe] D:\WINDOWS\msml.exe
O4 - HKLM\..\RunOnce: [d3ce.exe] D:\WINDOWS\d3ce.exe
O4 - HKLM\..\RunOnce: [javaya.exe] D:\WINDOWS\javaya.exe
O4 - HKLM\..\RunOnce: [appeo32.exe] D:\WINDOWS\appeo32.exe
O4 - HKLM\..\RunOnce: [netcw.exe] D:\WINDOWS\netcw.exe
O4 - HKLM\..\RunOnce: [crxz.exe] D:\WINDOWS\crxz.exe
O4 - HKLM\..\RunOnce: [javaqk.exe] D:\WINDOWS\javaqk.exe
O4 - HKLM\..\RunOnce: [sysig.exe] D:\WINDOWS\sysig.exe
O4 - HKLM\..\RunOnce: [d3om.exe] D:\WINDOWS\d3om.exe
O4 - HKLM\..\RunOnce: [sdkbb32.exe] D:\WINDOWS\system32\sdkbb32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] D:\WINDOWS\sdkys.exe
O4 - HKLM\..\RunOnce: [syszm.exe] D:\WINDOWS\syszm.exe
O4 - HKLM\..\RunOnce: [addxo32.exe] D:\WINDOWS\addxo32.exe
O4 - HKLM\..\RunOnce: [mfcjl.exe] D:\WINDOWS\system32\mfcjl.exe
O4 - HKLM\..\RunOnce: [mfcdq32.exe] D:\WINDOWS\system32\mfcdq32.exe
O4 - HKLM\..\RunOnce: [atlsj.exe] D:\WINDOWS\atlsj.exe
O4 - HKLM\..\RunOnce: [ntlf.exe] D:\WINDOWS\system32\ntlf.exe
O4 - HKLM\..\RunOnce: [addws.exe] D:\WINDOWS\addws.exe
O4 - HKLM\..\RunOnce: [netau.exe] D:\WINDOWS\system32\netau.exe
O4 - HKLM\..\RunOnce: [appgs32.exe] D:\WINDOWS\appgs32.exe
O4 - HKLM\..\RunOnce: [winss32.exe] D:\WINDOWS\system32\winss32.exe
O4 - HKLM\..\RunOnce: [winbw32.exe] D:\WINDOWS\system32\winbw32.exe
O4 - HKLM\..\RunOnce: [appjz.exe] D:\WINDOWS\appjz.exe
O4 - HKLM\..\RunOnce: [addca32.exe] D:\WINDOWS\system32\addca32.exe
O4 - HKLM\..\RunOnce: [mfcat.exe] D:\WINDOWS\system32\mfcat.exe
O4 - HKLM\..\RunOnce: [ieuf32.exe] D:\WINDOWS\system32\ieuf32.exe
O4 - HKLM\..\RunOnce: [msfb32.exe] D:\WINDOWS\system32\msfb32.exe
O4 - HKLM\..\RunOnce: [d3bq32.exe] D:\WINDOWS\d3bq32.exe
O4 - HKLM\..\RunOnce: [apizh32.exe] D:\WINDOWS\system32\apizh32.exe
O4 - HKLM\..\RunOnce: [iefp.exe] D:\WINDOWS\iefp.exe
O4 - HKLM\..\RunOnce: [ievv.exe] D:\WINDOWS\ievv.exe
O4 - HKLM\..\RunOnce: [netiv32.exe] D:\WINDOWS\system32\netiv32.exe
O4 - HKLM\..\RunOnce: [apitw.exe] D:\WINDOWS\system32\apitw.exe
O4 - HKLM\..\RunOnce: [ipzz32.exe] D:\WINDOWS\system32\ipzz32.exe
O4 - HKLM\..\RunOnce: [appdk.exe] D:\WINDOWS\system32\appdk.exe
O4 - HKLM\..\RunOnce: [javaxb32.exe] D:\WINDOWS\javaxb32.exe
O4 - HKLM\..\RunOnce: [crrk32.exe] D:\WINDOWS\crrk32.exe
O4 - HKLM\..\RunOnce: [javazf.exe] D:\WINDOWS\javazf.exe
O4 - HKLM\..\RunOnce: [atlmu.exe] D:\WINDOWS\system32\atlmu.exe
O4 - HKLM\..\RunOnce: [sdkum.exe] D:\WINDOWS\sdkum.exe
O4 - HKLM\..\RunOnce: [atloi32.exe] D:\WINDOWS\atloi32.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll
the names of the first few entries may change, but remove them.
now delete all of those files.
reboot, and rerun hijackthis. post a new log for us.
Logfile of HijackThis v1.98.0
Scan saved at 5:13:25 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\drivers\KodakCCS.exe
D:\PROGRA~1\Navnt\npssvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\ScsiAccess.EXE
D:\WINDOWS\atloi32.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
D:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Navnt\navapw32.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\sdkkr.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B1EC0AC-4B60-2E3C-6008-EA958BCC19DD} - D:\WINDOWS\ieto32.dll
O2 - BHO: (no name) - {3A5153EA-63AF-772D-4B56-4C560E2D983E} - D:\WINDOWS\system32\sdkez32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] D:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sdkkr.exe] D:\WINDOWS\sdkkr.exe
O4 - HKLM\..\RunOnce: [ieid32.exe] D:\WINDOWS\ieid32.exe
O4 - HKLM\..\RunOnce: [winjj.exe] D:\WINDOWS\system32\winjj.exe
O4 - HKLM\..\RunOnce: [netgx.exe] D:\WINDOWS\netgx.exe
O4 - HKLM\..\RunOnce: [javael32.exe] D:\WINDOWS\javael32.exe
O4 - HKLM\..\RunOnce: [sdkmg.exe] D:\WINDOWS\sdkmg.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0B1EC0AC-4B60-2E3C-6008-EA958BCC19DD} - D:\WINDOWS\ieto32.dll
O2 - BHO: (no name) - {3A5153EA-63AF-772D-4B56-4C560E2D983E} - D:\WINDOWS\system32\sdkez32.dll
O4 - HKLM\..\Run: [sdkkr.exe] D:\WINDOWS\sdkkr.exe
O4 - HKLM\..\RunOnce: [ieid32.exe] D:\WINDOWS\ieid32.exe
O4 - HKLM\..\RunOnce: [winjj.exe] D:\WINDOWS\system32\winjj.exe
O4 - HKLM\..\RunOnce: [netgx.exe] D:\WINDOWS\netgx.exe
O4 - HKLM\..\RunOnce: [javael32.exe] D:\WINDOWS\javael32.exe
O4 - HKLM\..\RunOnce: [sdkmg.exe] D:\WINDOWS\sdkmg.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [SpyKiller] D:\Program Files\SpyKiller\spykiller.exe /startup
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - D:\WINDOWS\msopt.dll
Then you're going to want to manually delete the following files:
D:\WINDOWS\sdkkr.exe
D:\WINDOWS\ieid32.exe
D:\WINDOWS\system32\winjj.exe
D:\WINDOWS\netgx.exe
D:\WINDOWS\javael32.exe
D:\WINDOWS\sdkmg.exe
D:\WINDOWS\ieto32.dll
D:\WINDOWS\system32\sdkez32.dll
After you do that, reboot, re-run HJT, and post a new log
Here is my latest saga. I booted in safe mode, ran HJT. Deleted all files above as directed by primesuspect. Ran AdAware and Spybot, removed/quarantined suspicious files. Re-set my Internet options.
Re-booted in regular mode and re-ran HJT. There are still some bad files in there because I'm still not being directed to Yahoo when I open my browser and I'm still getting pop-ups telling me my computer is infected with Spyware! (groan.) Everytime I delete the bad files, there are more in there as soon as I re-open Internet Explorer. Not sure what to do next except maybe re-load Windows altogether, which I want to avoid if possible. And I'm not sure if that would even fix the problem? Here is my latest HJT log:
Logfile of HijackThis v1.98.0
Scan saved at 1:43:33 PM, on 7/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\drivers\KodakCCS.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
D:\PROGRA~1\Navnt\npssvc.exe
D:\WINDOWS\system32\iplf.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\pctspk.exe
D:\WINDOWS\System32\ScsiAccess.EXE
D:\WINDOWS\atloi32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Navnt\navapw32.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\zorov.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://zorov.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://zorov.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\zorov.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\zorov.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://zorov.dll/index.html#37680
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5932D6CD-5850-EB9A-AF22-5C40F8C3A50A} - D:\WINDOWS\system32\sdkkc32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MoneyStartUp10.0] "D:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] D:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] D:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NPS Event Checker] D:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] D:\PROGRA~1\Navnt\defalert.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iplf.exe] D:\WINDOWS\system32\iplf.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = D:\Program Files\Navnt\navapw32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
Any assistance is appreciated!
Thanks,
krissiemoon