1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

bxxs5.dll , zls5.exe, 1u3ce.exe errors

Discussion in 'Virus & Other Malware Removal' started by schotzy, Sep 6, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. schotzy

    schotzy Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    4
    Always get the bxxs5.dll error at start up. Occasionally the other two. I run Norton virus scan and it detects adware, but can't delete them. Cannot run scandisk, hangs about 1/4 of the way through.
    HELP !!!

    Logfile of HijackThis v1.98.2
    Scan saved at 9:22:35 AM, on 9/6/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TEMP\1U3CE.EXE
    C:\WINDOWS\TEMP\ZLS5.EXE
    C:\WINDOWS\SYSTEM\GXXGKG.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\IEHOST.EXE
    C:\WINDOWS\SYSTEM\DP-HIM.EXE
    C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\2NDACYPT.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\ATIRW.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOWLIGHT.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
    R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SE\V11\SE.DLL
    F1 - win.ini: run=hpfsched
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - (no file)
    O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - (no file)
    O2 - BHO: Support Software - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\SUPPORT SOFTWARE\SS2.DLL
    O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SE\V11\SE.DLL
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1410.DLL
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: (no name) - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\SYSTEM\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [1U3CE.EXE] C:\WINDOWS\TEMP\1U3CE.EXE
    O4 - HKLM\..\Run: [ZLS5.EXE] C:\WINDOWS\TEMP\ZLS5.EXE
    O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [pauxkazobgxg] C:\WINDOWS\SYSTEM\gxxgkg.exe
    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [PFRST13H] C:\WINDOWS\SYSTEM\PFRST13H.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [v7tf37T] 2NDACYPT.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\PROGRAM FILES\ANONYMIZER\SK\SPYWAREKILLER.EXE /BOOT /SCAN
    O4 - HKCU\..\Run: [ew2pRXfFU] ADDCRAP.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1410.DLL
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

    :(
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi schotzy

    Welcome to TSG! :)

    Click here to download CWShredder. Close all browser windows, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

    When it is finished restart your computer.



    Go here and download Adaware SE.

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window :Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Restart your computer.


    Also I see you are running Hijack This from a temp folder now. This is a bad idea because it cannot create and restore backups from there. You need to create a new folder in My Documents and name it Hijack This. Move the hijackthis.exe from the temp folder to the Hijack This folder you created. That way it can create and restore backups if needed. HJT will store the backups in the same location that it is run from.

    Come back here and post another Hijack This log after moving HJT to a permanent folder and we'll get rid of what's left.
     
  3. schotzy

    schotzy Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    4
    I ran cw shredder . Rebooted computer. THen followed instructions on adaware with updates. When I try to perform a scan it starts then locks up computer. Tried it 3 times times with same results.

    New Hi jack this log:
    Logfile of HijackThis v1.98.2
    Scan saved at 10:55:04 AM, on 9/6/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TEMP\1U3CE.EXE
    C:\WINDOWS\TEMP\ZLS5.EXE
    C:\WINDOWS\SYSTEM\GXXGKG.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\IEHOST.EXE
    C:\WINDOWS\SYSTEM\DP-HIM.EXE
    C:\PROGRAM FILES\AUTOUPDATE\AUTOUPDATE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\2NDACYPT.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\ATIRW.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOWLIGHT.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SE\V11\SE.DLL
    F1 - win.ini: run=hpfsched
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
    O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - (no file)
    O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - (no file)
    O2 - BHO: Support Software - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\SUPPORT SOFTWARE\SS2.DLL
    O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SE\V11\SE.DLL
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1410.DLL
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: (no name) - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\SYSTEM\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
    O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
    O4 - HKLM\..\Run: [1U3CE.EXE] C:\WINDOWS\TEMP\1U3CE.EXE
    O4 - HKLM\..\Run: [ZLS5.EXE] C:\WINDOWS\TEMP\ZLS5.EXE
    O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
    O4 - HKLM\..\Run: [pauxkazobgxg] C:\WINDOWS\SYSTEM\gxxgkg.exe
    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE
    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [PFRST13H] C:\WINDOWS\SYSTEM\PFRST13H.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [v7tf37T] 2NDACYPT.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE
    O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\PROGRAM FILES\ANONYMIZER\SK\SPYWAREKILLER.EXE /BOOT /SCAN
    O4 - HKCU\..\Run: [ew2pRXfFU] ADDCRAP.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)
    O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1410.DLL
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-se...look=stmpl1&fw=

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-se...look=stmpl1&fw=

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-se...look=stmpl1&fw=

    R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SE\V11\SE.DLL

    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL

    O2 - BHO: (no name) - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - (no file)

    O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\PROGRAM FILES\TV MEDIA\TvmBho.dll

    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL

    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - (no file)

    O2 - BHO: Support Software - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\SUPPORT SOFTWARE\SS2.DLL

    O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SE\V11\SE.DLL

    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - (no file)

    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)

    O2 - BHO: (no name) - SOFTWARE - (no file)

    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL

    O2 - BHO: Sidesearch BHO - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1410.DLL

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

    O3 - Toolbar: (no name) - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - (no file)

    O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun

    O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe

    O4 - HKLM\..\Run: [1U3CE.EXE] C:\WINDOWS\TEMP\1U3CE.EXE

    O4 - HKLM\..\Run: [ZLS5.EXE] C:\WINDOWS\TEMP\ZLS5.EXE

    O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe

    O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

    O4 - HKLM\..\Run: [pauxkazobgxg] C:\WINDOWS\SYSTEM\gxxgkg.exe

    O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H

    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\SYSTEM\IEHost.exe

    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\DP-HIM.EXE

    O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"

    O4 - HKLM\..\Run: [PFRST13H] C:\WINDOWS\SYSTEM\PFRST13H.exe

    O4 - HKLM\..\Run: [v7tf37T] 2NDACYPT.EXE

    O4 - HKCU\..\Run: [TV Media] C:\PROGRAM FILES\TV MEDIA\TVM.EXE

    O4 - HKCU\..\Run: [ew2pRXfFU] ADDCRAP.EXE

    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)

    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\ms.exe (file missing)

    O9 - Extra button: Sidesearch - {000007C6-17DF-4438-92A4-DE5537471BA3} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1410.DLL


    Restart to safe mode.

    How to start your computer in safe mode

    First in safe mode click on My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Apply then OK. Click Yes to confirm.

    Now find and delete these files:

    C:\WINDOWS\wupdt.exe
    C:\WINDOWS\ALCHEM.exe
    C:\WINDOWS\SYSTEM\PFRST13H.exe
    C:\WINDOWS\SYSTEM\gxxgkg.exe
    C:\WINDOWS\SYSTEM\IEHost.exe
    C:\WINDOWS\SYSTEM\DP-HIM.EXE
    C:\WINDOWS\SYSTEM\2NDACYPT.EXE
    C:\WINDOWS\SYSTEM\ADDCRAP.EXE

    Delete these folders:

    C:\Program Files\ClearSearch
    C:\PROGRAM FILES\SE
    c:\Program Files\AutoUpdate
    C:\PROGRAM FILES\TV MEDIA
    C:\PROGRAM FILES\CXTPLS
    C:\PROGRAM FILES\MYWAY

    Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    Empty the Recycle Bin


    Now try running Adaware again.
     
  5. schotzy

    schotzy Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    4
    no more error on start up. Do you see any other problems ?

    Latest Hijack this log:

    Logfile of HijackThis v1.98.2
    Scan saved at 8:28:49 PM, on 9/6/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS

    \SOUNDMAN.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOWLIGHT.EXE
    C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\ATIRW.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=hpfsched
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\SYSTEM\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [ehjkwlwzikop] C:\WINDOWS\SYSTEM\GXXGKG.EXE
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\PROGRAM FILES\ANONYMIZER\SK\SPYWAREKILLER.EXE /BOOT /SCAN
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB

    :D
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    R3 - Default URLSearchHook is missing

    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL

    O4 - HKLM\..\Run: [ehjkwlwzikop] C:\WINDOWS\SYSTEM\GXXGKG.EXE


    Restart to safe mode and delete this file:

    C:\WINDOWS\SYSTEM\GXXGKG.EXE

    Delete this folder:

    C:\PROGRAM FILES\MYWAY
     
  7. schotzy

    schotzy Thread Starter

    Joined:
    Sep 6, 2004
    Messages:
    4
    First let me say you guys are the greatest. I will be donating to a very good cause.

    I have done as instructed, but could not find the file
    C: \windows\system\gxxgkg.exe.

    Here is my latest Hi jcak this log:
    Logfile of HijackThis v1.98.2
    Scan saved at 8:07:39 PM, on 9/7/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\NVSVC.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE
    C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.0002.1001\EN-US\MSNAPPAU.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\ATIRW.EXE
    C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
    C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOWLIGHT.EXE
    C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F1 - win.ini: run=hpfsched
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\D00C53NS.SLT\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.2001.0001\EN-US\MSNTB.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\SYSTEM\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE
    O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\nvsvc.exe -runservice
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\PROGRAM FILES\ANONYMIZER\SK\SPYWAREKILLER.EXE /BOOT /SCAN
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Clean! (y)
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/270768

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice