Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Adware/Spyware...

  1. #1
    Junior Member
    Join Date
    Jun 2004
    Posts
    8

    Adware/Spyware...

    Got some stupid piece of Ad-ware/Spyware on my computer and I can't remove it

    I used Ad-aware 6
    CWShredder
    Hijackthis
    Spybot search and destroy
    and Registry mechanic

    They all found various things and remove them, but couple mins later some of the files are back...

    Everytime I open IExplore links me to
    res://lqftn.dll/index.html#96676
    as homepage

    I keep getting this website in background whenever I search on Google
    http://search-to-find.com/

    And I get various popups when im browsing the web...

    Usually using the programs above kills them but looks like I got a clever bastard again...
    I got a whole list of Registry files I can delete in Hijackthis but I would prefer not too mess with the ones I am unsure of as some of them are useful... If you think that will solve my problem I will link a list of all the files

    OR If anyone has any other programs/solutions (short of formatting my hard drive) Will a system restore have any effect?

    Nick

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    Adaware has an update option.

    Do you have the latest definitions ?

    Also try www.majorgeek.com for more adbusters.

  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I can not find anything specific to the problem you have posted but below is a link to an article that has infomation on dealing with generic hijacks. It is also a pretty good site that deals with spyware:

    http://www.spywareinfo.com/articles/hijacked/

    Just as an after thought i can not reach the page you link to with either IE or firefox.

    When you have fixed your problem you might want to go here: http://www.javacoolsoftware.com/

    Spyware blaster is a good add on for ie, as it stops this sort of thing becoming a problem, rather than fixin it after.

    Or change your browser. I can recomend Firefox: http://texturizer.net/firefox/download.html
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    Junior Member
    Join Date
    Jun 2004
    Posts
    8
    All the Adware removers I have are most updated versions, also her is that link again incase I copied it down wrong

    res://lqftn.dll/index.html#96676

    Will try some of those other solutions and post on progress here, still if ppl know of any other ideas feel free to add to discussion

  5. #5
    Junior Member
    Join Date
    Jun 2004
    Posts
    8
    Nothing I tired seems to work, I installed 2 new spyware removers which again find things but the problem persists...

    Hijackthis log is enclosed I deleted all the R0 and R1 entries but the just reapper

    Damnit I will probably have to format, I will not be beaten


    Logfile of HijackThis v1.97.7
    Scan saved at 13:46:47, on 17/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common files\WinTools\WToolsS.exe
    C:\WINDOWS\system32\netic.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
    C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common files\WinTools\WToolsA.exe
    C:\WINDOWS\sdkza32.exe
    C:\WINDOWS\System32\pndtls.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common files\WinTools\WSup.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\delsvr32.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\Nfw8fU8C.exe
    C:\WINDOWS\System32\IhvoDV.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Nick Saunders\Desktop\AD\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqftn.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lqftn.dll/sp.html#96676
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2CD010E8-0B89-0B57-0309-03493BE208A3} - C:\WINDOWS\system32\iekx.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [jaseNJRxf] C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
    O4 - HKLM\..\Run: [VaxG6] C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
    O4 - HKLM\..\Run: [3PJN6WW2L8AG6D] C:\WINDOWS\System32\CagA2.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [sdkza32.exe] C:\WINDOWS\sdkza32.exe
    O4 - HKLM\..\Run: [AutoLoaderos571OSjZIXX] "C:\WINDOWS\System32\pndtls.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\Run: [oFmh34P] pndtls.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Zo5nRQjpe] delsvr32.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKLM\..\RunOnce: [netzb.exe] C:\WINDOWS\system32\netzb.exe
    O4 - HKLM\..\RunOnce: [netic.exe] C:\WINDOWS\system32\netic.exe
    O4 - HKLM\..\RunOnce: [ievg32.exe] C:\WINDOWS\system32\ievg32.exe
    O4 - HKLM\..\RunOnce: [mfclt32.exe] C:\WINDOWS\system32\mfclt32.exe
    O4 - HKLM\..\RunOnce: [sysui.exe] C:\WINDOWS\system32\sysui.exe
    O4 - HKLM\..\RunOnce: [javayb32.exe] C:\WINDOWS\system32\javayb32.exe
    O4 - HKLM\..\RunOnce: [appjg32.exe] C:\WINDOWS\appjg32.exe
    O4 - HKLM\..\RunOnce: [msmz.exe] C:\WINDOWS\msmz.exe
    O4 - HKLM\..\RunOnce: [syswm32.exe] C:\WINDOWS\syswm32.exe
    O4 - HKLM\..\RunOnce: [d3ik32.exe] C:\WINDOWS\d3ik32.exe
    O4 - HKLM\..\RunOnce: [mspi.exe] C:\WINDOWS\system32\mspi.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_41.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs3b.instantservice.com/jars/...rxsigned40.cab
    O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta...soesysinfo.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    Wow, you have a mess. The wintools are easy to remove, and the peper trojan isn't too bad, but you have a nasty browser hijack, and this one sucks rocks to remove ...I'll walk you through the current method. Sometimes it works, sometimes it doesn't.

    ========================

    To remove Wintools,

    1. Boot into SAFE MODE by tapping the f8 key during boot up.
    2. Kill running entries by ctrl, alt and del for Wintools. (Kill all references to anything that has Wintools in it.
    3. Uninstall Wintools from Add/Remove. it will prompt for reboot. do that and reboot.

    ========================

    Control-alt-delete end task on these tasks:
    netic.exe
    sdkza32.exe
    delsvr32.exe

    Put a checkmark next to the following in HijackThis. Make sure all other windows and browsers are closed before clicking on “Fix Checked”

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lqftn.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lqftn.dll/sp.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lqftn.dll/index.html#96676
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lqftn.dll/sp.html#96676
    O2 - BHO: (no name) - {2CD010E8-0B89-0B57-0309-03493BE208A3} - C:\WINDOWS\system32\iekx.dll
    C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [sdkza32.exe] C:\WINDOWS\sdkza32.exe
    O4 - HKLM\..\Run: [AutoLoaderos571OSjZIXX] "C:\WINDOWS\System32\pndtls.exe" /PC="AM.WILD" /HideUninstall
    O4 - HKLM\..\RunOnce: [netzb.exe] C:\WINDOWS\system32\netzb.exe
    O4 - HKLM\..\RunOnce: [netic.exe] C:\WINDOWS\system32\netic.exe
    O4 - HKLM\..\RunOnce: [ievg32.exe] C:\WINDOWS\system32\ievg32.exe
    O4 - HKLM\..\RunOnce: [mfclt32.exe] C:\WINDOWS\system32\mfclt32.exe
    O4 - HKLM\..\RunOnce: [sysui.exe] C:\WINDOWS\system32\sysui.exe
    O4 - HKLM\..\RunOnce: [javayb32.exe] C:\WINDOWS\system32\javayb32.exe
    O4 - HKLM\..\RunOnce: [appjg32.exe] C:\WINDOWS\appjg32.exe
    O4 - HKLM\..\RunOnce: [msmz.exe] C:\WINDOWS\msmz.exe
    O4 - HKLM\..\RunOnce: [syswm32.exe] C:\WINDOWS\syswm32.exe
    O4 - HKLM\..\RunOnce: [d3ik32.exe] C:\WINDOWS\d3ik32.exe
    O4 - HKLM\..\RunOnce: [mspi.exe] C:\WINDOWS\system32\mspi.exe


    =================

    Boot into SAFE MODE by tapping the f8 key during boot up.
    Makue sure your computer is set to show hidden files:
    How to see Hidden files


    Delete the following files:
    C:\WINDOWS\system32\netzb.exe
    C:\WINDOWS\system32\netic.exe
    C:\WINDOWS\system32\ievg32.exe
    C:\WINDOWS\system32\mfclt32.exe
    C:\WINDOWS\system32\sysui.exe
    C:\WINDOWS\system32\javayb32.exe
    C:\WINDOWS\appjg32.exe
    C:\WINDOWS\msmz.exe
    C:\WINDOWS\syswm32.exe
    C:\WINDOWS\d3ik32.exe
    C:\WINDOWS\system32\mspi.exe

    =======================

    Reboot in normal mode

    Please download TheKillbox from here: http://www.downloads.subratam.org/KillBox.zip

    Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\system32\netic.exe

    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The filenameand path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

    Reboot in normal mode and post a fresh log. There is going to be a bunch mre to remove. You may want to post your next log as a hidden post so people don't gripe about "having to scroll past a HJT log"

  7. #7
    Junior Member
    Join Date
    Jun 2004
    Posts
    8
    We are making progress
    I now have control back of my homepage I will post the new log below with Hijackthis result in Hidden.
    Will it be Safe now to run Adaware, registry mechanic etc or leave it till we have finished messing with Hijackthis?

    Thank you for help

  8. #8
    Junior Member
    Join Date
    Jun 2004
    Posts
    8
    Logfile of HijackThis v1.97.7
    Scan saved at 16:48:51, on 17/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\System32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
    C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\delsvr32.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\MvuCw.exe
    C:\WINDOWS\System32\MvuCw.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Nick Saunders\Desktop\AD\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [jaseNJRxf] C:\documents and settings\nick saunders\local settings\temp\jaseNJRxf.exe
    O4 - HKLM\..\Run: [VaxG6] C:\documents and settings\nick saunders\local settings\temp\VaxG6.exe
    O4 - HKLM\..\Run: [3PJN6WW2L8AG6D] C:\WINDOWS\System32\Oval63H.exe
    O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Zo5nRQjpe] delsvr32.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_41.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
    O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs3b.instantservice.com/jars/...rxsigned40.cab
    O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta...soesysinfo.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9B829E1C-40C0-48EB-A815-ED9ED78D8688}: NameServer = 195.92.195.94 195.92.195.95

  9. #9
    Junior Member
    Join Date
    Jun 2004
    Posts
    8
    Also and I am not sure what has caused this.....
    Everytime I open up a Microsoft program it asks me to reinstall Microsoft Office Professional edition 2003 and it rants about configuration then justs opens the program....

    /Shrug

  10. #10
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    just a word to the wise its usually a good idea to clean out the prefetch folder too. Sometimes virii or spyware can attach to different programs in there and relaunch when you open random programs.

    For those who dont know the prefetch folder is a folder that windows XP utilizes to make programs open faster, it loads prefrences and small bits of data so when you open a program it will do so a half a second faster. By clearing the folder the program will open up slightly slower the next time you open it but will be normal after that intial open.

    To clear that folder go to Start>run> type in prefetch hit enter. Hit ctrl-a then the delete button and you are all set, no need to restart or anything
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •