[indain12]

Hi everyone. I have some adware and spyware. I've ran spybot and now i ran Hijack. Below is the log from it. Can you all tell me what to delete in order to recover from all of this. When I try and launch IE my browser pops up all sorts of stuff then freezes. Thank you allll for the help.
Robert

Logfile of HijackThis v1.97.7
Scan saved at 1:30:46 PM, on 4/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
C:\WINDOWS\MSBB.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW UP-TO-DATE\NUDQDAY.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW CONTACT\QUICKCTW.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\WINDOWS\HMEVVIX9.EXE
C:\AMERICA ONLINE 5.0\WAOL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1211.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [kpqdon] C:\WINDOWS\kpqdon.exe
O4 - HKLM\..\Run: [IOLOGF] C:\WINDOWS\SYSTEM\IOLOGF.exe
O4 - HKLM\..\Run: [SearchEnhancement] "C:\PROGRAM FILES\SCBAR\V2\SCBAR.EXE" /U
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE
O4 - HKLM\..\Run: [HMEVVIX9.EXE] C:\WINDOWS\HMEVVIX9.EXE /dk
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKCU\..\Run: [HMEVVIX9.EXE] C:\WINDOWS\HMEVVIX9.EXE /dk
O4 - Startup: WW5N9NEX.lnk = C:\WINDOWS\ww5n9nex.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: GJZX7AEI.lnk = C:\WINDOWS\gjzx7aei.exe
O4 - Startup: QH36IRQD.lnk = C:\WINDOWS\qh36irqd.exe
O4 - Startup: MUWZX1M0.lnk = C:\WINDOWS\muwzx1m0.exe
O4 - Startup: ZX49A2JO.lnk = C:\WINDOWS\zx49a2jo.exe
O4 - Startup: LEN70G3E.lnk = C:\WINDOWS\len70g3e.exe
O4 - Startup: HMEVVIX9.lnk = C:\WINDOWS\hmevvix9.exe
O4 - Startup: H0DGLWNV.lnk = C:\WINDOWS\h0dglwnv.exe
O4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQday.exe
O4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: ID50BK4J.lnk = C:\WINDOWS\id50bk4j.exe
O4 - Global Startup: MCXX8Z1Z.lnk = C:\WINDOWS\mcxx8z1z.exe
O4 - Global Startup: 7XDBHDMI.lnk = C:\WINDOWS\7xdbhdmi.exe
O4 - Global Startup: 72GL0Y14.lnk = C:\WINDOWS\72gl0y14.exe
O4 - Global Startup: M7ZJ0O79.lnk = C:\WINDOWS\m7zj0o79.exe
O4 - Global Startup: 4GZA8BN7.lnk = C:\WINDOWS\4gza8bn7.exe
O4 - Global Startup: K15EV0O1.lnk = C:\WINDOWS\k15ev0o1.exe
O4 - Global Startup: N1EZRMG4.lnk = C:\WINDOWS\n1ezrmg4.exe
O4 - Global Startup: 00Z92O8W.lnk = C:\WINDOWS\00z92o8w.exe
O4 - Global Startup: JMMC0KC9.lnk = C:\WINDOWS\jmmc0kc9.exe
O4 - Global Startup: JXVE5QNG.lnk = C:\WINDOWS\jxve5qng.exe
O4 - Global Startup: WW5N9NEX.lnk = C:\WINDOWS\ww5n9nex.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: V05Y21Q9.lnk = C:\WINDOWS\v05y21q9.exe
O4 - Global Startup: QH36IRQD.lnk = C:\WINDOWS\qh36irqd.exe
O4 - Global Startup: H0DGLWNV.lnk = C:\WINDOWS\h0dglwnv.exe
O4 - Global Startup: GJZX7AEI.lnk = C:\WINDOWS\gjzx7aei.exe
O4 - Global Startup: MUWZX1M0.lnk = C:\WINDOWS\muwzx1m0.exe
O4 - Global Startup: ZX49A2JO.lnk = C:\WINDOWS\zx49a2jo.exe
O4 - Global Startup: LEN70G3E.lnk = C:\WINDOWS\len70g3e.exe
O4 - Global Startup: HMEVVIX9.lnk = C:\WINDOWS\hmevvix9.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm932
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

 

[putasolution]

Download and run cwshredder

Get it to fix everything then post back a fresh Hijack this

 

[indain12]

That's a great program. I did the one you mentioned and cleaner as well. Below is the hijack log i just did. thanks

Logfile of HijackThis v1.97.7
Scan saved at 2:15:22 PM, on 4/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
C:\WINDOWS\KPQDON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW UP-TO-DATE\NUDQDAY.EXE
C:\WINDOWS\T08OTH4O.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.searchenhancement.com/nph-enhanced.cgi?affid=sesm&sstring=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\PROGRAM FILES\SCBAR\V2\SCBAR.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1211.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [kpqdon] C:\WINDOWS\kpqdon.exe
O4 - HKLM\..\Run: [IOLOGF] C:\WINDOWS\SYSTEM\IOLOGF.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\MSBB.EXE
O4 - HKLM\..\Run: [T08OTH4O.EXE] C:\WINDOWS\T08OTH4O.EXE /dk
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKCU\..\Run: [T08OTH4O.EXE] C:\WINDOWS\T08OTH4O.EXE /dk
O4 - Startup: WW5N9NEX.lnk = C:\WINDOWS\ww5n9nex.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: GJZX7AEI.lnk = C:\WINDOWS\gjzx7aei.exe
O4 - Startup: QH36IRQD.lnk = C:\WINDOWS\qh36irqd.exe
O4 - Startup: MUWZX1M0.lnk = C:\WINDOWS\muwzx1m0.exe
O4 - Startup: ZX49A2JO.lnk = C:\WINDOWS\zx49a2jo.exe
O4 - Startup: LEN70G3E.lnk = C:\WINDOWS\len70g3e.exe
O4 - Startup: HMEVVIX9.lnk = C:\WINDOWS\hmevvix9.exe
O4 - Startup: 72GL0Y14.lnk = C:\WINDOWS\72gl0y14.exe
O4 - Startup: LCHMJCTN.lnk = C:\WINDOWS\lchmjctn.exe
O4 - Startup: 4CVJUIOE.lnk = C:\WINDOWS\4cvjuioe.exe
O4 - Startup: T08OTH4O.lnk = C:\WINDOWS\t08oth4o.exe
O4 - Startup: H0DGLWNV.lnk = C:\WINDOWS\h0dglwnv.exe
O4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQday.exe
O4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exe
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Global Startup: ID50BK4J.lnk = C:\WINDOWS\id50bk4j.exe
O4 - Global Startup: MCXX8Z1Z.lnk = C:\WINDOWS\mcxx8z1z.exe
O4 - Global Startup: 7XDBHDMI.lnk = C:\WINDOWS\7xdbhdmi.exe
O4 - Global Startup: 72GL0Y14.lnk = C:\WINDOWS\72gl0y14.exe
O4 - Global Startup: M7ZJ0O79.lnk = C:\WINDOWS\m7zj0o79.exe
O4 - Global Startup: 4GZA8BN7.lnk = C:\WINDOWS\4gza8bn7.exe
O4 - Global Startup: K15EV0O1.lnk = C:\WINDOWS\k15ev0o1.exe
O4 - Global Startup: N1EZRMG4.lnk = C:\WINDOWS\n1ezrmg4.exe
O4 - Global Startup: 00Z92O8W.lnk = C:\WINDOWS\00z92o8w.exe
O4 - Global Startup: JMMC0KC9.lnk = C:\WINDOWS\jmmc0kc9.exe
O4 - Global Startup: JXVE5QNG.lnk = C:\WINDOWS\jxve5qng.exe
O4 - Global Startup: WW5N9NEX.lnk = C:\WINDOWS\ww5n9nex.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: V05Y21Q9.lnk = C:\WINDOWS\v05y21q9.exe
O4 - Global Startup: QH36IRQD.lnk = C:\WINDOWS\qh36irqd.exe
O4 - Global Startup: H0DGLWNV.lnk = C:\WINDOWS\h0dglwnv.exe
O4 - Global Startup: GJZX7AEI.lnk = C:\WINDOWS\gjzx7aei.exe
O4 - Global Startup: MUWZX1M0.lnk = C:\WINDOWS\muwzx1m0.exe
O4 - Global Startup: ZX49A2JO.lnk = C:\WINDOWS\zx49a2jo.exe
O4 - Global Startup: LEN70G3E.lnk = C:\WINDOWS\len70g3e.exe
O4 - Global Startup: HMEVVIX9.lnk = C:\WINDOWS\hmevvix9.exe
O4 - Global Startup: LCHMJCTN.lnk = C:\WINDOWS\lchmjctn.exe
O4 - Global Startup: 4CVJUIOE.lnk = C:\WINDOWS\4cvjuioe.exe
O4 - Global Startup: T08OTH4O.lnk = C:\WINDOWS\t08oth4o.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

 

[cybertech]

When you ran shredder you clicked on fix and not scan only, correct?
If not run it again...

Then:

Download Spybot http://www.sherrylynn.us/privacypolicy.htm

Make sure to follow the instructions for updates prior to running the scan.

Click on "Search For updates" After the search has completed, the available Updates will be listed. Choose which Updates you would like to Download. Click "Download updates." The Updates will self install. The screen will change and the program will come back and be ready to use.

Sometimes the default Download Location will produce an Error. If that happens, look in the right panel. There you will find a small arrow next to the name of the current Download site. Click on it for a list of alternate sites. One of those should be able to retrieve the files you have selected.

Scan and reboot.

Next:

Download AdAware http://www.lavasoftusa.com/software/adaware/

Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect.

Click on Start, Use custom scanning options, Customize.

Make sure the following settings are made and on -------"ON=GREEN"

"Scan within archives"
"Scan active processes"
"Scan registry"
"Deep scan registry"
"Scan my IE Favorites for banned URL"
"Scan my host-file"

Click on Tweak,
Select scanning engine and click on "Unload recognized processes during scanning"
Select cleaning engine and click on "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

Then click "proceed" to save your settings.

Click on Next

Run the scan and fix everything.

Post another HJT log, there will be things to remove.

Thank you for your kind comments

 

[indain12]

Thanks. All is done here is the new HJ log.
hopefully i'm getting closer to fixing this.

Logfile of HijackThis v1.97.7
Scan saved at 5:07:51 PM, on 4/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\COMMON FILES\UPDMGR\UPDMGR.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW UP-TO-DATE\NUDQDAY.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\AMERICA ONLINE 5.0\WAOL.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\WINDOWS\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [IOLOGF] C:\WINDOWS\SYSTEM\IOLOGF.exe
O4 - HKLM\..\Run: [33DU8BAE.EXE] C:\WINDOWS\33DU8BAE.EXE /dk
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: VJ5CIMUQ.lnk = C:\WINDOWS\vj5cimuq.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: V078H8X4.lnk = C:\WINDOWS\v078h8x4.exe
O4 - Startup: 33DU8BAE.lnk = C:\WINDOWS\33du8bae.exe
O4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQday.exe
O4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exe
O4 - Global Startup: V078H8X4.lnk = C:\WINDOWS\v078h8x4.exe
O4 - Global Startup: 33DU8BAE.lnk = C:\WINDOWS\33du8bae.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: VJ5CIMUQ.lnk = C:\WINDOWS\vj5cimuq.exe
O4 - Global Startup: LCHMJCTN.lnk = C:\WINDOWS\lchmjctn.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38084.6791087963

 

[cybertech]

Hi indain12,
Yes closer but still not there. You need to kill off morze1 so follow the instructions here exactly then post another log.

 

[indain12]

thanks. I forgot to mention I tried to delete what Hijack had given me but those files don't delete. It gives me a list of what files it couldn't delete. I'll go step by step again using the link you gave me to get ride of morze1. Might this also be the cause of "debugger trap" error I get as well?

 

[cybertech]

No they just morph into something else Try the AdAware, it's supposed to be able to clean it now, if not there are other tools.

 

[indain12]

Actually looking at my notes and that was the the last log was after i ran adaware. I'm off to the place where this computer is at again. I'll post up in about an hour again. I'll get this virus if it drives me nutes GRRRRRRR

 

[cybertech]

Check the configuration, maybe my instructions were not up to speed. ??

 

[indain12]

Here's the log after running adware and following the steps. After I tried deleting it told me it couldn't remove some. All of those files were in the c:\_restore\temp

Here's the new log

Logfile of HijackThis v1.97.7
Scan saved at 11:11:18 AM, on 4/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW UP-TO-DATE\NUDQDAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\ROBERT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [IOLOGF] C:\WINDOWS\SYSTEM\IOLOGF.exe
O4 - HKLM\..\Run: [33DU8BAE.EXE] C:\WINDOWS\33DU8BAE.EXE /dk
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: VJ5CIMUQ.lnk = C:\WINDOWS\vj5cimuq.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: V078H8X4.lnk = C:\WINDOWS\v078h8x4.exe
O4 - Startup: 33DU8BAE.lnk = C:\WINDOWS\33du8bae.exe
O4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exe
O4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38084.6791087963

 

[cybertech]

Turn off system restore.

 

[indain12]

Ok cool. Here's the new log. I turned off system restore and deleted what it couldn't before.

Logfile of HijackThis v1.97.7
Scan saved at 11:53:10 AM, on 4/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW UP-TO-DATE\NUDQDAY.EXE
C:\WINDOWS\DESKTOP\ROBERT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [IOLOGF] C:\WINDOWS\SYSTEM\IOLOGF.exe
O4 - HKLM\..\Run: [33DU8BAE.EXE] C:\WINDOWS\33DU8BAE.EXE /dk
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exe
O4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38084.6791087963

 

[cybertech]

Run HJT again and check:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [IOLOGF] C:\WINDOWS\SYSTEM\IOLOGF.exe
O4 - HKLM\..\Run: [33DU8BAE.EXE] C:\WINDOWS\33DU8BAE.EXE /dk
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

Close all applications and browser windows before you click "fix checked".

What's this machine use for virus protection??

 

[indain12]

This is my friends system and she never has cleaned it now even updated things. Finally she couldnt' do anything and I found all sorts of stuff and thanks to you the system is getting back to normal. Here's my new log.

Logfile of HijackThis v1.97.7
Scan saved at 12:20:44 PM, on 4/8/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NOW SOFTWARE\NOW UP-TO-DATE\NUDQDAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\ROBERT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts.../deskredir2.dll?s=consumericon&c=2C01&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: QuickDay.lnk = C:\Program Files\Now Software\Now Up-to-Date\NUDQDay.exe
O4 - Global Startup: QuickContact.lnk = C:\Program Files\Now Software\Now Contact\QuickCTW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38084.6791087963

 

[cybertech]

Hard to tell that's the same machine

I hope she's taking you to dinner for all your hard work!

 

[indain12]

wooho cool. thanks so much. I just printed what you said and going to post it up on her wall thanks so much for your patience