Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Coworker's Screwy Computer


  • Please log in to reply
6 replies to this topic

#1 ckstrong01

ckstrong01

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 June 2006 - 10:36 AM

When computer is booted up cursor jumps to upper lefthand corner of screen and if an icon is there it will open that folder. We have no idea why it is doing this. I believe she has some sort of malware or something that is causing it to do this. I was going to do a complete reinstall of Windows, but I thought I would give this a go first....(I uninstalled service pack 2 before doing this, but the cursor does the same thing either way). If someone could look at the HJT Log and tell me if there is anything that looks suspicious I would appreciate the help. THANKS


Logfile of HijackThis v1.99.1
Scan saved at 9:32:06 AM, on 6/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\FilmLoop Player\FilmLoopService.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Documents and Settings\Mom's\Desktop\HJT\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bresnan.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: comments (such
O1 - Hosts: comments as
O1 - Hosts: comments these)
O1 - Hosts: comments may
O1 - Hosts: comments be
O1 - Hosts: comments inserted
O1 - Hosts: comments on
O1 - Hosts: comments individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2866531c-80dd-4c4d-bf1b-7d678813e894} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)
O2 - BHO: (no name) - {57976349-f603-4c58-b457-c9162f972088} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\ddcyy.dll
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm117DRUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\SYSTEM32\ddcyy.dll
O20 - Winlogon Notify: librun - C:\WINDOWS\system32\librun.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 17 June 2006 - 05:15 PM

Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
· Double-click VundoFix.exe to run it.
· Click the Scan for Vundo button.
· Once it's done scanning, click the Remove Vundo button.
· You will receive a prompt asking if you want to remove the files, click YES
· Once you click yes, your desktop will go blank as it starts removing Vundo.
· When completed, it will prompt that it will shutdown your computer, click OK.
· Turn your computer back on.
· Please post the contents of C:\vundofix.txt and a new HiJackThis log.


==================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 ckstrong01

ckstrong01
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 June 2006 - 05:42 PM

I ran VundoFix and here is the text file contents:


VundoFix V4.2.84

Checking Java version...

Scan started at 4:33:42 PM 6/17/2006

Listing files found while scanning....

C:\WINDOWS\system32\ddcyy.dll

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Has been deleted!

Performing Repairs to the registry.
Done!



Here is my second HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:40:41 PM, on 6/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\FilmLoop Player\FilmLoopService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\Documents and Settings\Mom's\Desktop\VundoFix.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mom's\Desktop\HJT\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bresnan.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: comments (such
O1 - Hosts: comments as
O1 - Hosts: comments these)
O1 - Hosts: comments may
O1 - Hosts: comments be
O1 - Hosts: comments inserted
O1 - Hosts: comments on
O1 - Hosts: comments individual
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2866531c-80dd-4c4d-bf1b-7d678813e894} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)
O2 - BHO: (no name) - {57976349-f603-4c58-b457-c9162f972088} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm117DRUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: librun - C:\WINDOWS\system32\librun.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


I am now going to run the SpySweeper program and will post again when finished.

Thank you.

#4 ckstrong01

ckstrong01
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 June 2006 - 07:36 PM

Here are the results from my SpySweeper scan:

********
4:47 PM: | Start of Session, Saturday, June 17, 2006 |
4:47 PM: Spy Sweeper started
4:47 PM: Sweep initiated using definitions version 701
4:47 PM: Starting Memory Sweep
4:52 PM: Memory Sweep Complete, Elapsed Time: 00:04:53
4:52 PM: Starting Registry Sweep
4:52 PM: Found Adware: 2020search toolbar
4:52 PM: HKLM\software\microsoft\windows\currentversion\uninstall\2020search2\ (2 subtraces) (ID = 101922)
4:52 PM: HKLM\system\currentcontrolset\services\.net connection service\ (12 subtraces) (ID = 101924)
4:52 PM: Found Adware: comet cursor
4:52 PM: HKLM\software\microsoft\windows\currentversion\uninstall\swar\ (2 subtraces) (ID = 106748)
4:52 PM: Found Adware: coolsavings
4:52 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
4:52 PM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
4:52 PM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
4:52 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
4:52 PM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
4:52 PM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
4:52 PM: Found Adware: dashbar
4:52 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {cc90cda0-74a0-45b4-80ef-d89ca8c249b8} (ID = 126761)
4:52 PM: Found Adware: gsim
4:52 PM: HKLM\software\microsoft\windows\currentversion\uninstall\gsim\ (2 subtraces) (ID = 127019)
4:52 PM: Found Adware: 180search assistant/zango
4:52 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ncaseinstaller.dll (ID = 135764)
4:52 PM: Found Adware: opensite
4:52 PM: HKLM\software\microsoft\windows\currentversion\run\ || open site (ID = 136454)
4:52 PM: Found Adware: orbit explorer
4:52 PM: HKCR\interface\{ec99cbb3-6275-4923-bc54-8f27ac45f577}\ (8 subtraces) (ID = 136480)
4:52 PM: HKLM\software\classes\interface\{ec99cbb3-6275-4923-bc54-8f27ac45f577}\ (8 subtraces) (ID = 136499)
4:52 PM: Found Adware: websearch toolbar
4:52 PM: HKLM\software\btiein\ (14 subtraces) (ID = 146369)
4:52 PM: HKLM\software\microsoft\windows\currentversion\installer\userdata\aui\ (1 subtraces) (ID = 146479)
4:52 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481)
4:52 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496)
4:52 PM: Found Adware: geldesikme
4:52 PM: HKLM\software\microsoft\windows\currentversion\run\ || generic host process (ID = 657893)
4:52 PM: Found Adware: winantispyware 2005
4:52 PM: HKCR\pcheck.pcheck\ (5 subtraces) (ID = 812703)
4:52 PM: HKCR\pcheck.pcheck.1\ (3 subtraces) (ID = 812709)
4:52 PM: HKCR\appid\pcheck.dll\ (1 subtraces) (ID = 812730)
4:52 PM: HKCR\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (15 subtraces) (ID = 812934)
4:52 PM: HKCR\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 812960)
4:52 PM: HKLM\software\classes\pcheck.pcheck\ (5 subtraces) (ID = 813205)
4:52 PM: HKLM\software\classes\pcheck.pcheck.1\ (3 subtraces) (ID = 813211)
4:52 PM: HKLM\software\classes\appid\pcheck.dll\ (1 subtraces) (ID = 813232)
4:52 PM: HKLM\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (15 subtraces) (ID = 813436)
4:52 PM: HKLM\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 813462)
4:52 PM: Found Trojan Horse: trojan-downloader-conhook
4:52 PM: HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks\ || {ea32fb3b-21c9-42cc-b8ef-01a9b28edb0d} (ID = 1124228)
4:52 PM: Found Adware: sidesearch
4:52 PM: HKU\S-1-5-21-995833392-2405621192-1971861785-1013\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
4:52 PM: Registry Sweep Complete, Elapsed Time:00:00:21
4:52 PM: Starting Cookie Sweep
4:52 PM: Found Spy Cookie: websponsors cookie
4:52 PM: mom's@a.websponsors[2].txt (ID = 3665)
4:52 PM: Found Spy Cookie: yieldmanager cookie
4:52 PM: mom's@ad.yieldmanager[1].txt (ID = 3751)
4:52 PM: Found Spy Cookie: specificclick.com cookie
4:52 PM: mom's@adopt.specificclick[2].txt (ID = 3400)
4:52 PM: Found Spy Cookie: nextag cookie
4:52 PM: mom's@adq.nextag[1].txt (ID = 5015)
4:52 PM: Found Spy Cookie: addynamix cookie
4:52 PM: mom's@ads.addynamix[1].txt (ID = 2062)
4:52 PM: Found Spy Cookie: casalemedia cookie
4:52 PM: mom's@as.casalemedia[1].txt (ID = 2355)
4:52 PM: Found Spy Cookie: atlas dmt cookie
4:52 PM: mom's@atdmt[2].txt (ID = 2253)
4:52 PM: Found Spy Cookie: atwola cookie
4:52 PM: mom's@atwola[1].txt (ID = 2255)
4:52 PM: Found Spy Cookie: belnk cookie
4:52 PM: mom's@belnk[1].txt (ID = 2292)
4:52 PM: Found Spy Cookie: bizrate cookie
4:52 PM: mom's@bizrate[2].txt (ID = 2308)
4:52 PM: Found Spy Cookie: overture cookie
4:52 PM: mom's@data1.perf.overture[2].txt (ID = 3106)
4:52 PM: mom's@data3.perf.overture[2].txt (ID = 3106)
4:52 PM: mom's@data4.perf.overture[1].txt (ID = 3106)
4:52 PM: Found Spy Cookie: dealtime cookie
4:52 PM: mom's@dealtime[1].txt (ID = 2505)
4:52 PM: Found Spy Cookie: did-it cookie
4:52 PM: mom's@did-it[1].txt (ID = 2523)
4:52 PM: mom's@dist.belnk[2].txt (ID = 2293)
4:52 PM: Found Spy Cookie: starware.com cookie
4:52 PM: mom's@h.starware[1].txt (ID = 3442)
4:52 PM: Found Spy Cookie: linksynergy cookie
4:52 PM: mom's@linksynergy[1].txt (ID = 2926)
4:52 PM: Found Spy Cookie: webtrends cookie
4:52 PM: mom's@m.webtrends[1].txt (ID = 3669)
4:52 PM: Found Spy Cookie: mediaplex cookie
4:52 PM: mom's@mediaplex[1].txt (ID = 6442)
4:52 PM: Found Spy Cookie: 2o7.net cookie
4:52 PM: mom's@microsoftwga.112.2o7[1].txt (ID = 1958)
4:52 PM: mom's@msnportal.112.2o7[1].txt (ID = 1958)
4:52 PM: mom's@nextag[2].txt (ID = 5014)
4:52 PM: Found Spy Cookie: pub cookie
4:52 PM: mom's@pub[2].txt (ID = 3205)
4:52 PM: Found Spy Cookie: questionmarket cookie
4:52 PM: mom's@questionmarket[2].txt (ID = 3217)
4:52 PM: mom's@stat.dealtime[1].txt (ID = 2506)
4:52 PM: Found Spy Cookie: tribalfusion cookie
4:52 PM: mom's@tribalfusion[1].txt (ID = 3589)
4:52 PM: mom's@try.starware[1].txt (ID = 3442)
4:52 PM: Found Spy Cookie: xiti cookie
4:52 PM: mom's@xiti[1].txt (ID = 3717)
4:52 PM: Found Spy Cookie: abetterinternet cookie
4:52 PM: system@abetterinternet[1].txt (ID = 2035)
4:52 PM: Found Spy Cookie: adknowledge cookie
4:52 PM: system@adknowledge[2].txt (ID = 2072)
4:52 PM: Found Spy Cookie: precisead cookie
4:52 PM: system@adopt.precisead[2].txt (ID = 3182)
4:52 PM: Found Spy Cookie: azjmp cookie
4:52 PM: system@azjmp[2].txt (ID = 2270)
4:52 PM: Found Spy Cookie: a cookie
4:52 PM: system@a[2].txt (ID = 2027)
4:52 PM: Found Spy Cookie: banners cookie
4:52 PM: system@banners[1].txt (ID = 2282)
4:52 PM: Found Spy Cookie: cliks cookie
4:52 PM: system@cliks[1].txt (ID = 2414)
4:52 PM: Found Spy Cookie: tickle cookie
4:52 PM: system@cookie.tickle[1].txt (ID = 3530)
4:52 PM: Found Spy Cookie: dlmax cookie
4:52 PM: system@dlm.dlmax[2].txt (ID = 2532)
4:52 PM: Found Spy Cookie: exitexchange cookie
4:52 PM: system@exitexchange[1].txt (ID = 2633)
4:52 PM: Found Spy Cookie: mx-targeting cookie
4:52 PM: system@master.mx-targeting[2].txt (ID = 3024)
4:52 PM: Found Spy Cookie: offeroptimizer cookie
4:52 PM: system@offeroptimizer[1].txt (ID = 3087)
4:52 PM: Found Spy Cookie: rednova cookie
4:52 PM: system@rednova[1].txt (ID = 3245)
4:52 PM: Found Spy Cookie: servlet cookie
4:52 PM: system@servlet[2].txt (ID = 3345)
4:52 PM: Found Spy Cookie: statstracking cookie
4:52 PM: system@stats-tracking[1].txt (ID = 3453)
4:52 PM: Found Spy Cookie: webservicehosts cookie
4:52 PM: system@webservicehosts[1].txt (ID = 3662)
4:52 PM: Found Spy Cookie: eadexchange cookie
4:52 PM: system@www.eadexchange[2].txt (ID = 2556)
4:52 PM: system@www.rednova[1].txt (ID = 3246)
4:52 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
4:52 PM: Starting File Sweep
4:52 PM: Found Adware: delfin
4:52 PM: c:\windows\system32\nsvsvc (1 subtraces) (ID = -2147481119)
4:52 PM: c:\documents and settings\all users\application data\nsv (18 subtraces) (ID = -2147481136)
4:52 PM: Found Adware: flashtrack
4:52 PM: c:\program files\flen (2 subtraces) (ID = -2147480975)
4:52 PM: Found Adware: broadcastpc
4:52 PM: c:\program files\bpc_search (2 subtraces) (ID = -2147481335)
4:52 PM: Found Adware: begin2search
4:52 PM: c:\windows\system32\cache32_rtneg2 (2 subtraces) (ID = -2147481388)
4:52 PM: Found Adware: winad
4:52 PM: c:\program files\media access (1 subtraces) (ID = -2147480020)
4:52 PM: Found Adware: virtualbouncer
4:52 PM: c:\documents and settings\all users\application data\vbouncer (9 subtraces) (ID = -2147480097)
4:52 PM: Found Adware: bookedspace
4:52 PM: c:\windows\bsx32 (2 subtraces) (ID = -2147481346)
4:52 PM: c:\program files\common files\winsoftware (1 subtraces) (ID = -2147476682)
4:52 PM: Found Adware: webrebates
4:52 PM: c:\program files\web_rebates (27 subtraces) (ID = -2147480050)
4:52 PM: c:\windows\system32\fleok (ID = -2147480556)
4:54 PM: Found Adware: lopdotcom
4:54 PM: aim once.exe (ID = 307)
4:55 PM: wmv2007.dbd (ID = 57693)
4:56 PM: Found Adware: elitebar
4:56 PM: temperror32.dat (ID = 59978)
4:56 PM: wmv1920.dbd (ID = 57692)
4:56 PM: Found Adware: shopathomeselect
4:56 PM: p1fumi62.dat (ID = 75851)
4:57 PM: saie_gdf.dat (ID = 70626)
4:58 PM: Found Adware: ebates money maker
4:58 PM: conflicts2.htm (ID = 59712)
5:00 PM: setup.exe (ID = 158822)
5:01 PM: saieau.dat (ID = 70623)
5:02 PM: mssgrimdrjj.gif (ID = 68762)
5:02 PM: jssgrimdrjj.gif (ID = 66660)
5:02 PM: fssgrimdrjj.gif (ID = 66436)
5:02 PM: eessgrimdrjj.gif (ID = 66753)
5:02 PM: Warning: Failed to open file "c:\documents and settings\mom's\desktop\keeps\dillan\local settings\temp\temporary internet files\content.ie5\klu3k9m3\casla5t6.readmessage%26messageid%3d122960353%26type%3dinbox%26status%3dnew%26mytoken%3df3a2e5a5-1136-d5be-3a8693c045ea620021532219&rsi_title=". The system cannot find the path specified
5:02 PM: Warning: Failed to open file "c:\documents and settings\mom's\desktop\keeps\dillan\local settings\temp\temporary internet files\content.ie5\0xe30p2v\cagt2zk5.readmessage%26messageid%3d122960353%26type%3dinbox%26status%3dnew%26mytoken%3df3a2e5a5-1136-d5be-3a8693c045ea620021532219&rsi_title=". The system cannot find the path specified
5:03 PM: Found Adware: directrevenue-abetterinternet
5:03 PM: rndrcus.exe (ID = 83491)
5:03 PM: remf.exe (ID = 304)
5:03 PM: rem75.exe (ID = 304)
5:04 PM: 21.xml (ID = 82763)
5:05 PM: remf0.exe (ID = 304)
5:06 PM: ebmm_button_submit.gif (ID = 59635)
5:08 PM: gsim.inf (ID = 61964)
5:08 PM: Found Adware: dialerplatform
5:08 PM: wsmicon2.ico (ID = 58328)
5:09 PM: mmaker4b.exe (ID = 59685)
5:09 PM: mmaker4b.exe (ID = 59685)
5:09 PM: mmaker4b.exe (ID = 59685)
5:10 PM: conflicts2.htm (ID = 59712)
5:12 PM: readme.txt (ID = 119871)
5:12 PM: elitetoolbar version 60.dll (ID = 59975)
5:12 PM: mmaker4b.exe (ID = 59685)
5:13 PM: ni.mht (ID = 51847)
5:14 PM: thirdgrey.exe (ID = 308)
5:14 PM: gkgvpjpm.exe (ID = 304)
5:14 PM: user four.exe (ID = 308)
5:14 PM: windowmore.exe (ID = 308)
5:15 PM: ebmm_button_submit.gif (ID = 59635)
5:16 PM: inside program.exe (ID = 121)
5:21 PM: dfd.sys (ID = 153501)
5:21 PM: kdlmjh8r.dat (ID = 75676)
5:21 PM: tab_0.mht (ID = 51850)
5:23 PM: Found Trojan Horse: lzio
5:23 PM: csaoutb.exe (ID = 69099)
5:25 PM: skip bait.exe (ID = 308)
5:26 PM: tm97pj39.dat (ID = 75644)
5:26 PM: phone deaf.exe (ID = 306)
5:26 PM: wrapperouter.exe (ID = 82854)
5:27 PM: mmaker4b.exe (ID = 59685)
5:27 PM: sixth creative.exe (ID = 308)
5:27 PM: mmaker4b.exe (ID = 59685)
5:33 PM: mmaker4b.exe (ID = 59685)
5:33 PM: mmaker4b.exe (ID = 59685)
5:33 PM: mmaker4b.exe (ID = 59685)
5:33 PM: ertyymeq.exe (ID = 304)
5:34 PM: Warning: Failed to open file "c:\documents and settings\mom's\desktop\keeps\dillan\local settings\temp\temporary internet files\content.ie5\w1cv8r0j\ca4dc33t.inbox%26mytoken%3de5bab6ab-5261-91b2-774012415ee1c5a034709219%26rcode%3d1%26mytoken%3db371b045-1537-59ed-e13ccfcf5f2bb5cd34707437&rsi_title=". The system cannot find the path specified
5:34 PM: flap corn.exe (ID = 308)
5:34 PM: fiveflaw.exe (ID = 306)
5:36 PM: mmaker4b.exe (ID = 59685)
5:37 PM: mmaker4b.exe (ID = 59685)
5:37 PM: mmaker4b.exe (ID = 59685)
5:37 PM: once road.exe (ID = 307)
5:37 PM: mmaker4b.exe (ID = 59685)
5:37 PM: mmaker4b.exe (ID = 59685)
5:37 PM: platformgrey.exe (ID = 308)
5:37 PM: windowmemo.exe (ID = 305)
5:38 PM: multi blah.exe (ID = 305)
5:39 PM: copyfast.exe (ID = 307)
5:41 PM: pjyzwyqf.exe (ID = 304)
5:41 PM: mmaker4b.exe (ID = 59685)
5:41 PM: mmaker4b.exe (ID = 59685)
5:41 PM: grid gpl.exe (ID = 306)
5:42 PM: mmaker4b.exe (ID = 59685)
5:42 PM: mmaker4b.exe (ID = 59685)
5:42 PM: mmaker4b.exe (ID = 59685)
5:45 PM: Warning: Failed to open file "c:\documents and settings\mom's\desktop\keeps\dillan\local settings\temp\temporary internet files\content.ie5\wlmvg12n\cawj1be2.readmessage%26messageid%3d122959155%26type%3dinbox%26status%3dnew%26mytoken%3d126dda13-96f2-e2ce-ea47bb1476afbf4021303107&rsi_title=". The system cannot find the path specified
5:46 PM: meal soap.exe (ID = 305)
5:48 PM: mmaker4b.exe (ID = 59685)
5:48 PM: mmaker4b.exe (ID = 59685)
5:49 PM: mmaker4b.exe (ID = 59685)
5:49 PM: mmaker4b.exe (ID = 59685)
5:49 PM: findslow.exe (ID = 305)
5:51 PM: Found Adware: exact cashback/bargain buddy
5:51 PM: bbi8019.exe (ID = 50554)
5:52 PM: drive size.exe (ID = 305)
5:52 PM: swsettings.xml (ID = 82816)
5:52 PM: barb dale.exe (ID = 305)
5:54 PM: mmaker4b.exe (ID = 59685)
5:54 PM: mmaker4b.exe (ID = 59685)
5:55 PM: Found Adware: hotbar
5:55 PM: hotbar.exe (ID = 62342)
5:55 PM: remcd.exe (ID = 304)
5:55 PM: mmaker4b.exe (ID = 59685)
5:55 PM: stabd.exe (ID = 309)
5:56 PM: f.bak (ID = 61077)
6:02 PM: mmaker4b.exe (ID = 59685)
6:02 PM: mmaker4b.exe (ID = 59685)
6:02 PM: mmaker4b.exe (ID = 59685)
6:02 PM: mmaker4b.exe (ID = 59685)
6:02 PM: mmaker4b.exe (ID = 59685)
6:03 PM: rem22.exe (ID = 304)
6:04 PM: mmaker4b.exe (ID = 59685)
6:04 PM: mmaker4b.exe (ID = 59685)
6:05 PM: mmaker4b.exe (ID = 59685)
6:05 PM: mmaker4b.exe (ID = 59685)
6:06 PM: mmaker4b.exe (ID = 59685)
6:06 PM: mmaker4b.exe (ID = 59685)
6:07 PM: mmaker4b.exe (ID = 59685)
6:07 PM: mmaker4b.exe (ID = 59685)
6:07 PM: mmaker4b.exe (ID = 59685)
6:07 PM: mmaker4b.exe (ID = 59685)
6:07 PM: mmaker4b.exe (ID = 59685)
6:08 PM: flapsignlove.exe (ID = 90)
6:09 PM: extra browse.exe (ID = 308)
6:09 PM: prcheck.dll (ID = 153518)
6:09 PM: uninst.exe (ID = 302367)
6:10 PM: vcspam.exe (ID = 308)
6:11 PM: rectbike.exe (ID = 304)
6:11 PM: bisc7.exe (ID = 304)
6:11 PM: great meet.exe (ID = 308)
6:11 PM: avgocuci.exe (ID = 304)
6:11 PM: bis582.exe (ID = 304)
6:12 PM: sta8f1.exe (ID = 304)
6:12 PM: installer_marketing18.exe (ID = 50679)
6:12 PM: sta38e.exe (ID = 304)
6:12 PM: setup.exe (ID = 149875)
6:12 PM: thnall2c.exe (ID = 83623)
6:12 PM: hfprma.exe (ID = 68995)
6:12 PM: randreco.exe (ID = 83452)
6:13 PM: soap stop.exe (ID = 308)
6:15 PM: help beep.exe (ID = 308)
6:15 PM: sta3a1.exe (ID = 304)
6:16 PM: that mapi.exe (ID = 308)
6:17 PM: qzzbnkis.exe (ID = 304)
6:17 PM: randreco.exe (ID = 83452)
6:17 PM: bib trans.exe (ID = 91)
6:17 PM: mmaker4b.exe (ID = 59685)
6:17 PM: mmaker4b.exe (ID = 59685)
6:17 PM: slow sign.exe (ID = 308)
6:17 PM: msbbi.exe (ID = 70567)
6:18 PM: mmaker4b.exe (ID = 59685)
6:19 PM: mmaker4b.exe (ID = 59685)
6:19 PM: mmaker4b.exe (ID = 59685)
6:21 PM: ceres.inf (ID = 83251)
6:21 PM: wmv0315.ddx (ID = 57680)
6:21 PM: wmv1204.ddx (ID = 57680)
6:21 PM: wmv1125.ddx (ID = 57685)
6:21 PM: wmv1909.ddx (ID = 57691)
6:21 PM: Found Adware: ieplugin
6:21 PM: $10 internet, 30 days free.url.dsk (ID = 63336)
6:21 PM: belt.inf (ID = 83154)
6:21 PM: biini.inf (ID = 83199)
6:21 PM: alchem.inf (ID = 83109)
6:21 PM: ceres.inf (ID = 83251)
6:21 PM: user.xml (ID = 82817)
6:26 PM: Warning: Unhandled Archive Type
6:26 PM: Warning: Invalid Stream
6:26 PM: Warning: Invalid file - not a PKZip file
6:27 PM: readme.lnk (ID = 119871)
6:27 PM: File Sweep Complete, Elapsed Time: 01:34:35
6:27 PM: Full Sweep has completed. Elapsed time 01:36:27
6:27 PM: Traces Found: 454
6:28 PM: Removal process initiated
6:28 PM: Quarantining All Traces: 180search assistant/zango
6:28 PM: Quarantining All Traces: directrevenue-abetterinternet
6:28 PM: Quarantining All Traces: elitebar
6:28 PM: Quarantining All Traces: lopdotcom
6:28 PM: Quarantining All Traces: lzio
6:28 PM: Quarantining All Traces: websearch toolbar
6:28 PM: Quarantining All Traces: 2020search toolbar
6:28 PM: Quarantining All Traces: begin2search
6:28 PM: Quarantining All Traces: bookedspace
6:28 PM: Quarantining All Traces: broadcastpc
6:28 PM: Quarantining All Traces: comet cursor
6:28 PM: Quarantining All Traces: delfin
6:28 PM: Quarantining All Traces: hotbar
6:28 PM: Quarantining All Traces: orbit explorer
6:28 PM: Quarantining All Traces: shopathomeselect
6:28 PM: Quarantining All Traces: sidesearch
6:28 PM: Quarantining All Traces: trojan-downloader-conhook
6:28 PM: Quarantining All Traces: winad
6:28 PM: Quarantining All Traces: coolsavings
6:28 PM: Quarantining All Traces: dialerplatform
6:28 PM: Quarantining All Traces: ebates money maker
6:29 PM: Quarantining All Traces: exact cashback/bargain buddy
6:29 PM: Quarantining All Traces: flashtrack
6:29 PM: Quarantining All Traces: geldesikme
6:29 PM: Quarantining All Traces: gsim
6:29 PM: Quarantining All Traces: ieplugin
6:29 PM: Quarantining All Traces: opensite
6:29 PM: Quarantining All Traces: virtualbouncer
6:29 PM: Quarantining All Traces: webrebates
6:29 PM: Quarantining All Traces: 2o7.net cookie
6:29 PM: Quarantining All Traces: a cookie
6:29 PM: Quarantining All Traces: abetterinternet cookie
6:29 PM: Quarantining All Traces: addynamix cookie
6:29 PM: Quarantining All Traces: adknowledge cookie
6:29 PM: Quarantining All Traces: atlas dmt cookie
6:29 PM: Quarantining All Traces: atwola cookie
6:29 PM: Quarantining All Traces: azjmp cookie
6:29 PM: Quarantining All Traces: banners cookie
6:29 PM: Quarantining All Traces: belnk cookie
6:29 PM: Quarantining All Traces: bizrate cookie
6:29 PM: Quarantining All Traces: casalemedia cookie
6:29 PM: Quarantining All Traces: cliks cookie
6:29 PM: Quarantining All Traces: dashbar
6:29 PM: Quarantining All Traces: dealtime cookie
6:29 PM: Quarantining All Traces: did-it cookie
6:29 PM: Quarantining All Traces: dlmax cookie
6:29 PM: Quarantining All Traces: eadexchange cookie
6:29 PM: Quarantining All Traces: exitexchange cookie
6:29 PM: Quarantining All Traces: linksynergy cookie
6:29 PM: Quarantining All Traces: mediaplex cookie
6:29 PM: Quarantining All Traces: mx-targeting cookie
6:29 PM: Quarantining All Traces: nextag cookie
6:29 PM: Quarantining All Traces: offeroptimizer cookie
6:29 PM: Quarantining All Traces: overture cookie
6:29 PM: Quarantining All Traces: precisead cookie
6:29 PM: Quarantining All Traces: pub cookie
6:29 PM: Quarantining All Traces: questionmarket cookie
6:29 PM: Quarantining All Traces: rednova cookie
6:29 PM: Quarantining All Traces: servlet cookie
6:29 PM: Quarantining All Traces: specificclick.com cookie
6:29 PM: Quarantining All Traces: starware.com cookie
6:29 PM: Quarantining All Traces: statstracking cookie
6:29 PM: Quarantining All Traces: tickle cookie
6:29 PM: Quarantining All Traces: tribalfusion cookie
6:29 PM: Quarantining All Traces: webservicehosts cookie
6:29 PM: Quarantining All Traces: websponsors cookie
6:29 PM: Quarantining All Traces: webtrends cookie
6:29 PM: Quarantining All Traces: winantispyware 2005
6:29 PM: Quarantining All Traces: xiti cookie
6:29 PM: Quarantining All Traces: yieldmanager cookie
6:30 PM: Removal process completed. Elapsed time 00:02:21
********
4:44 PM: | Start of Session, Saturday, June 17, 2006 |
4:44 PM: Spy Sweeper started
4:44 PM: Messenger service has been disabled.
4:45 PM: Your spyware definitions have been updated.
4:47 PM: | End of Session, Saturday, June 17, 2006 |



And here is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 6:35:51 PM, on 6/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\FilmLoop Player\FilmLoopService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Mom's\Desktop\HJT\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bresnan.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2866531c-80dd-4c4d-bf1b-7d678813e894} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)
O2 - BHO: (no name) - {57976349-f603-4c58-b457-c9162f972088} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm117DRUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: librun - C:\WINDOWS\system32\librun.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



I await your latest opinion/suggestion. Will see if problem is fixed.

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 17 June 2006 - 08:14 PM

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: (no name) - {2866531c-80dd-4c4d-bf1b-7d678813e894} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)

O2 - BHO: (no name) - {57976349-f603-4c58-b457-c9162f972088} - C:\DOCUME~1\Dillan\LOCALS~1\Temp\nutlngcf.dll (file missing)

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe –FastScan

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxdm117DRUS

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

O20 - Winlogon Notify: librun - C:\WINDOWS\system32\librun.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\SmileyDistrict
C:\Program Files\outlook
c:\freescan
C:\WINDOWS\system32\librun.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 ckstrong01

ckstrong01
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 June 2006 - 09:53 PM

Here is (hopefully) the final HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:50:12 PM, on 6/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\FilmLoop Player\FilmLoopService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mom's\Desktop\HJT\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bresnan.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoopService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150596029812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: librun - C:\WINDOWS\system32\librun.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



Also, I was not able to delete the file C:\WINDOWS\system32\librun.dll using KillBox. But the computer is running fine now. Thanks for everything.

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 18 June 2006 - 10:00 AM

Try removing that file with killbox, but use the delete on reboot option

be sure to reboot


If that O20 ends up with a file missing then fix it with hijack
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users