1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] friend's computer big mess spyware + ?

Discussion in 'Virus & Other Malware Removal' started by catlady13, Apr 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. catlady13

    catlady13 Thread Starter

    Joined:
    Aug 4, 2003
    Messages:
    849
    I was at a friend's house this afternoon and she asked me to see why her brand new Athlon 2800 was running so slowly . I asked if she had checked for spyware but seems she is quite pc illiterate .. didn't know what that is. I tried to update and run adaware but it locked up every time when quarantining . It DID show over 700 items. I ran spybot but it refused to update first. I decided to run it anyway to remove what I could. It did remove some stuff and I let it run at start up to get the stuff that was already running. I still couldn't get adaware to run all the way through. They had to leave so I left it running syclean from trend micro and just before that took a hijack this log. Could someone please check this out .. I think there is a LOT going on in there .
    Thank you very much.

    Logfile of HijackThis v1.97.7
    Scan saved at 3:44:40 PM, on 4/4/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Srng\Srng.exe
    C:\WINDOWS\WGMTZA.exe
    C:\WINDOWS\RMWE.exe
    C:\WINDOWS\SANX.exe
    C:\WINDOWS\HRI.exe
    C:\WINDOWS\ANXF.exe
    C:\WINDOWS\HSN.exe
    C:\WINDOWS\JTB.exe
    C:\WINDOWS\CJPWDJQTA.exe
    C:\WINDOWS\LSYCJPW.exe
    C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
    C:\WINDOWS\EOYGTBDRJ.exe
    C:\WINDOWS\JUBPZH.exe
    C:\WINDOWS\JUFPZHRC.exe
    C:\WINDOWS\YFPH.exe
    C:\WINDOWS\GQIW.exe
    C:\WINDOWS\RNXFPZKUC.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\CPZH.exe
    C:\WINDOWS\LVD.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\ANITA.SOLOTKIFAMILY\Local Settings\Temp\Temporary
    Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    res://mshp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://srch-ca9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    res://mshp.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    res://mshp.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    O2 - BHO: MyWebSearch Search Assistant BHO -
    {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
    Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program
    Files\Srng\SNHelper.dll
    O2 - BHO: ctor - {204F937E-519E-4597-96FA-8F1F59F3CB6D} -
    C:\WINDOWS\System32\ctor.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
    Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program
    Files\Submit\submithook.dll (file missing)
    O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and
    Settings\KIDS FILE.SOLOTKIFAMILY\Application Data\mscg\mscg.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} -
    C:\Documents and Settings\KIDS FILE.SOLOTKIFAMILY\Application
    Data\mscg\mssearch.dll
    O2 - BHO: (no name) - {F7C0ED07-0E1B-4DDE-B944-ADD591414B41} -
    C:\WINDOWS\System32\dhevmgr.dll (file missing)
    O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents
    and Settings\kids file\Application Data\winuq\msiesh.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program
    Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {4FFB42BC-081E-408C-B424-AEC41BE89611} - (no file)
    O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital
    Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software
    Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program
    Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update
    Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card
    Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program
    Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect
    Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
    O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [WGMTZA] C:\WINDOWS\WGMTZA.exe
    O4 - HKLM\..\Run: [RMWE] C:\WINDOWS\RMWE.exe
    O4 - HKLM\..\Run: [SANX] C:\WINDOWS\SANX.exe
    O4 - HKLM\..\Run: [HRI] C:\WINDOWS\HRI.exe
    O4 - HKLM\..\Run: [ANXF] C:\WINDOWS\ANXF.exe
    O4 - HKLM\..\Run: [HSN] C:\WINDOWS\HSN.exe
    O4 - HKLM\..\Run: [JTB] C:\WINDOWS\JTB.exe
    O4 - HKLM\..\Run: [CJPWDJQTA] C:\WINDOWS\CJPWDJQTA.exe
    O4 - HKLM\..\Run: [LSYCJPW] C:\WINDOWS\LSYCJPW.exe
    O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe
    /onreboot
    O4 - HKLM\..\Run: [EOYGTBDRJ] C:\WINDOWS\EOYGTBDRJ.exe
    O4 - HKLM\..\Run: [JUBPZH] C:\WINDOWS\JUBPZH.exe
    O4 - HKLM\..\Run: [JUFPZHRC] C:\WINDOWS\JUFPZHRC.exe
    O4 - HKLM\..\Run: [YFPH] C:\WINDOWS\YFPH.exe
    O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
    O4 - HKLM\..\Run: [GQIW] C:\WINDOWS\GQIW.exe
    O4 - HKLM\..\Run: [RNXFPZKUC] C:\WINDOWS\RNXFPZKUC.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [CPZH] C:\WINDOWS\CPZH.exe
    O4 - HKLM\..\Run: [LVD] C:\WINDOWS\LVD.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital
    Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
    /background
    O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
    O4 - Startup: spamsubtract.lnk = C:\Program
    Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL
    8.0\aoltray.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
    Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from
    HP\137903\Program\BackWeb-137903.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) -
    http://install.global-netcom.de/ieloader.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) -
    http://dm.cometsystems.com/dm/dm_274.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -
    http://www.wildtangent.com/webdrivers/webinstall/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
    - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) -
    http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
    http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -
    http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
    - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Download and unzip or install these programs/applications if you haven't already got them. If you have them, then make sure they are updated and configured as described

    CWshredder from http://www.thespykiller.co.uk/

    Spybot - Search & Destroy from http://security.kolla.de

    AdAware 6 from http://www.lavasoft.de/software/adaware/

    then
    Run CWSHREDDER,

    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
    and make sure you have all Microsoftsecurity updates

    then reboot &

    Run an online antivirus check from at least one and preferably 2 of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www.anti-trojan.net/en/onlinecheck.aspx
    make sure autoclean is enabled on the scans

    Then

    Run Sybot S&D

    After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

    Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

    then reboot &

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

    reboot again

    then post a new hijackthis log to check what is left
     
  3. catlady13

    catlady13 Thread Starter

    Joined:
    Aug 4, 2003
    Messages:
    849
    Hi , I am so sorry to be so long in doing all of this but I finally persuaded my friend to let me have the computer for a couple of days so I could get all of this done.. have done the adaware , the spybot , cwshredder and several virus scans and here is the new hijack this log.. thank you
    PS it did not show any viruses in any of the scans
    Logfile of HijackThis v1.97.7
    Scan saved at 10:11:58 PM, on 4/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\ANITA.SOLOTKIFAMILY\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca9.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F7C0ED07-0E1B-4DDE-B944-ADD591414B41} - C:\WINDOWS\System32\dhevmgr.dll (file missing)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {4FFB42BC-081E-408C-B424-AEC41BE89611} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [WGMTZA] C:\WINDOWS\WGMTZA.exe
    O4 - HKLM\..\Run: [RMWE] C:\WINDOWS\RMWE.exe
    O4 - HKLM\..\Run: [SANX] C:\WINDOWS\SANX.exe
    O4 - HKLM\..\Run: [HRI] C:\WINDOWS\HRI.exe
    O4 - HKLM\..\Run: [ANXF] C:\WINDOWS\ANXF.exe
    O4 - HKLM\..\Run: [HSN] C:\WINDOWS\HSN.exe
    O4 - HKLM\..\Run: [JTB] C:\WINDOWS\JTB.exe
    O4 - HKLM\..\Run: [EOYGTBDRJ] C:\WINDOWS\EOYGTBDRJ.exe
    O4 - HKLM\..\Run: [JUBPZH] C:\WINDOWS\JUBPZH.exe
    O4 - HKLM\..\Run: [JUFPZHRC] C:\WINDOWS\JUFPZHRC.exe
    O4 - HKLM\..\Run: [YFPH] C:\WINDOWS\YFPH.exe
    O4 - HKLM\..\Run: [GQIW] C:\WINDOWS\GQIW.exe
    O4 - HKLM\..\Run: [RNXFPZKUC] C:\WINDOWS\RNXFPZKUC.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [FLSFPCJ] C:\WINDOWS\FLSFPCJ.exe
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  4. catlady13

    catlady13 Thread Starter

    Joined:
    Aug 4, 2003
    Messages:
    849
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    R3 - Default URLSearchHook is missing

    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL

    O2 - BHO: (no name) - {F7C0ED07-0E1B-4DDE-B944-ADD591414B41} - C:\WINDOWS\System32\dhevmgr.dll (file missing)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: (no name) - {4FFB42BC-081E-408C-B424-AEC41BE89611} - (no file)

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKLM\..\Run: [WGMTZA] C:\WINDOWS\WGMTZA.exe

    O4 - HKLM\..\Run: [RMWE] C:\WINDOWS\RMWE.exe

    O4 - HKLM\..\Run: [SANX] C:\WINDOWS\SANX.exe

    O4 - HKLM\..\Run: [HRI] C:\WINDOWS\HRI.exe

    O4 - HKLM\..\Run: [ANXF] C:\WINDOWS\ANXF.exe

    O4 - HKLM\..\Run: [HSN] C:\WINDOWS\HSN.exe

    O4 - HKLM\..\Run: [JTB] C:\WINDOWS\JTB.exe

    O4 - HKLM\..\Run: [EOYGTBDRJ] C:\WINDOWS\EOYGTBDRJ.exe

    O4 - HKLM\..\Run: [JUBPZH] C:\WINDOWS\JUBPZH.exe

    O4 - HKLM\..\Run: [JUFPZHRC] C:\WINDOWS\JUFPZHRC.exe

    O4 - HKLM\..\Run: [YFPH] C:\WINDOWS\YFPH.exe

    O4 - HKLM\..\Run: [GQIW] C:\WINDOWS\GQIW.exe

    O4 - HKLM\..\Run: [RNXFPZKUC] C:\WINDOWS\RNXFPZKUC.exe

    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe

    O4 - HKLM\..\Run: [FLSFPCJ] C:\WINDOWS\FLSFPCJ.exe

    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab


    Restart to safe mode.

    How to start your computer in safe mode

    First in safe mode click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now navigate to the C:\Windows folder and find and delete these files:

    HRI.exe
    ANXF.exe
    HSN.exe
    EOYGTBDRJ.exe
    JUBPZH.exe
    JUFPZHRC.exe
    YFPH.exe
    GQIW.exe
    RNXFPZKUC.exe
    WGMTZA.exe
    RMWE.exe
    SANX.exe
    sysupd.exe
    FLSFPCJ.exe


    Also delete the C:\Program Files\MyWebSearch folder
     
  6. catlady13

    catlady13 Thread Starter

    Joined:
    Aug 4, 2003
    Messages:
    849
    HI and thank you so very much for helping. I fixed those items with hijack this. The other files I could only find in the prefetch folder in windows so I deleted them there. They didn't appear anywhere else as I did look . Here is the new hijack this log and I am hoping that it is clean.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:46:44 AM, on 4/12/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\ANITA.SOLOTKIFAMILY\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-ca9.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {4FFB42BC-081E-408C-B424-AEC41BE89611} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Looks good! (y)
     
  8. catlady13

    catlady13 Thread Starter

    Joined:
    Aug 4, 2003
    Messages:
    849
    oh thank you so much. My friend will be so very happy as they just got this computer a few months ago and it was such a mess, and she didn't know why. You are an angel.
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    My pleasure! :)

    Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

    I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/217088

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice