Tech Support Forum - View Single Post

billlk · 01-11-2006, 04:24 PM

Hi Tetonbob,

Thank you for reviewing my log. I did the first 2 things, then ran hjt, but the 2 items you wanted me to check and fix were not there any longer, so I just saved the log. I took a look at my add/remove programs and the myway search assistant was still there, I attempted to remove it from there but it claimed that it could not find a file to remove it?

Here are the requested logs:

[01/11/2006, 17:41:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\bill\Desktop\VirtumundoBeGone.exe" )
[01/11/2006, 17:41:13] - Detected System Information:
[01/11/2006, 17:41:13] - Windows Version: 5.1.2600, Service Pack 2
[01/11/2006, 17:41:13] - Current Username: bill (Admin)
[01/11/2006, 17:41:13] - Windows is in NORMAL mode.
[01/11/2006, 17:41:13] - Searching for Browser Helper Objects:
[01/11/2006, 17:41:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/11/2006, 17:41:13] - BHO 2: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object)
[01/11/2006, 17:41:13] - ALERT: Found ATLDistrib Object!
[01/11/2006, 17:41:13] - BHO 3: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/11/2006, 17:41:13] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/11/2006, 17:41:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/11/2006, 17:41:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/11/2006, 17:41:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/11/2006, 17:41:13] - BHO 5: {56071E0D-C61B-11D3-B41C-00E02927A304} (ZKBho Class)
[01/11/2006, 17:41:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/11/2006, 17:41:13] - Finished Searching Browser Helper Objects
[01/11/2006, 17:41:13] - *** Detected ATLDistrib Object
[01/11/2006, 17:41:13] - Trying to remove ATLDistrib Object...
[01/11/2006, 17:41:14] - Terminating Process: IEXPLORE.EXE
[01/11/2006, 17:41:15] - Terminating Process: RUNDLL32.EXE
[01/11/2006, 17:41:15] - Disabling Automatic Shell Restart
[01/11/2006, 17:41:15] - Terminating Process: EXPLORER.EXE
[01/11/2006, 17:41:15] - Suspending the NT Session Manager System Service
[01/11/2006, 17:41:15] - Terminating Windows NT Logon/Logoff Manager
[01/11/2006, 17:41:15] - Re-enabling Automatic Shell Restart
[01/11/2006, 17:41:15] - File to disable: C:\WINDOWS\system32\pmkhh.dll
[01/11/2006, 17:41:15] - Renaming C:\WINDOWS\system32\pmkhh.dll -> C:\WINDOWS\system32\pmkhh.dll.vir
[01/11/2006, 17:41:15] - File successfully renamed!
[01/11/2006, 17:41:15] - Removing HKLM\...\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/11/2006, 17:41:15] - Removing HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/11/2006, 17:41:15] - Adding Kill Bit for ActiveX for GUID: {2353FCBC-012D-487B-8BF3-865C0929FBEB}
[01/11/2006, 17:41:15] - Deleting ATLEvents/MSEvents Registry entries
[01/11/2006, 17:41:15] - Removing HKLM\...\Winlogon\Notify\pmkhh
[01/11/2006, 17:41:15] - Searching for Browser Helper Objects:
[01/11/2006, 17:41:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/11/2006, 17:41:15] - BHO 2: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class)
[01/11/2006, 17:41:15] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/11/2006, 17:41:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/11/2006, 17:41:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/11/2006, 17:41:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/11/2006, 17:41:15] - BHO 4: {56071E0D-C61B-11D3-B41C-00E02927A304} (ZKBho Class)
[01/11/2006, 17:41:15] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/11/2006, 17:41:15] - Finished Searching Browser Helper Objects
[01/11/2006, 17:41:15] - Finishing up...
[01/11/2006, 17:41:15] - A restart is needed.
[01/11/2006, 17:41:15] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/11/2006, 17:41:23] - Attempting to Restart via STOP error (Blue Screen!)

Logfile of HijackThis v1.99.1
Scan saved at 6:21:32 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\ESPN360\bin\espn360.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ESPN360] C:\Program Files\ESPN360\bin\espn360.exe -nogui
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Incident Status Location

Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\MYWAYSEARCHASSISTANTDE.AUXILIARY
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bill\Cookies\bill@ads.pointroll[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\bill\Cookies\bill@ask[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\bill\Cookies\bill@go[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bill\Cookies\bill@ads.pointroll[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\bill\Cookies\bill@ask[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\bill\Cookies\bill@go[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\jkhhg.dll
Thank you again!
Bill

01-11-2006, 04:24 PM	#3 (permalink)
billlk Registered User Join Date: Nov 2005 Posts: 13 OS: xp	Hi Tetonbob, Thank you for reviewing my log. I did the first 2 things, then ran hjt, but the 2 items you wanted me to check and fix were not there any longer, so I just saved the log. I took a look at my add/remove programs and the myway search assistant was still there, I attempted to remove it from there but it claimed that it could not find a file to remove it? Here are the requested logs: [01/11/2006, 17:41:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\bill\Desktop\VirtumundoBeGone.exe" ) [01/11/2006, 17:41:13] - Detected System Information: [01/11/2006, 17:41:13] - Windows Version: 5.1.2600, Service Pack 2 [01/11/2006, 17:41:13] - Current Username: bill (Admin) [01/11/2006, 17:41:13] - Windows is in NORMAL mode. [01/11/2006, 17:41:13] - Searching for Browser Helper Objects: [01/11/2006, 17:41:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [01/11/2006, 17:41:13] - BHO 2: {2353FCBC-012D-487B-8BF3-865C0929FBEB} (ATLDistrib Object) [01/11/2006, 17:41:13] - ALERT: Found ATLDistrib Object! [01/11/2006, 17:41:13] - BHO 3: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class) [01/11/2006, 17:41:13] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} () [01/11/2006, 17:41:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/11/2006, 17:41:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/11/2006, 17:41:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/11/2006, 17:41:13] - BHO 5: {56071E0D-C61B-11D3-B41C-00E02927A304} (ZKBho Class) [01/11/2006, 17:41:13] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [01/11/2006, 17:41:13] - Finished Searching Browser Helper Objects [01/11/2006, 17:41:13] - *** Detected ATLDistrib Object [01/11/2006, 17:41:13] - Trying to remove ATLDistrib Object... [01/11/2006, 17:41:14] - Terminating Process: IEXPLORE.EXE [01/11/2006, 17:41:15] - Terminating Process: RUNDLL32.EXE [01/11/2006, 17:41:15] - Disabling Automatic Shell Restart [01/11/2006, 17:41:15] - Terminating Process: EXPLORER.EXE [01/11/2006, 17:41:15] - Suspending the NT Session Manager System Service [01/11/2006, 17:41:15] - Terminating Windows NT Logon/Logoff Manager [01/11/2006, 17:41:15] - Re-enabling Automatic Shell Restart [01/11/2006, 17:41:15] - File to disable: C:\WINDOWS\system32\pmkhh.dll [01/11/2006, 17:41:15] - Renaming C:\WINDOWS\system32\pmkhh.dll -> C:\WINDOWS\system32\pmkhh.dll.vir [01/11/2006, 17:41:15] - File successfully renamed! [01/11/2006, 17:41:15] - Removing HKLM\...\Browser Helper Objects\{2353FCBC-012D-487B-8BF3-865C0929FBEB} [01/11/2006, 17:41:15] - Removing HKCR\CLSID\{2353FCBC-012D-487B-8BF3-865C0929FBEB} [01/11/2006, 17:41:15] - Adding Kill Bit for ActiveX for GUID: {2353FCBC-012D-487B-8BF3-865C0929FBEB} [01/11/2006, 17:41:15] - Deleting ATLEvents/MSEvents Registry entries [01/11/2006, 17:41:15] - Removing HKLM\...\Winlogon\Notify\pmkhh [01/11/2006, 17:41:15] - Searching for Browser Helper Objects: [01/11/2006, 17:41:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [01/11/2006, 17:41:15] - BHO 2: {3C060EA2-E6A9-4E49-A530-D4657B8C449A} (PopKill Class) [01/11/2006, 17:41:15] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} () [01/11/2006, 17:41:15] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/11/2006, 17:41:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/11/2006, 17:41:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/11/2006, 17:41:15] - BHO 4: {56071E0D-C61B-11D3-B41C-00E02927A304} (ZKBho Class) [01/11/2006, 17:41:15] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [01/11/2006, 17:41:15] - Finished Searching Browser Helper Objects [01/11/2006, 17:41:15] - Finishing up... [01/11/2006, 17:41:15] - A restart is needed. [01/11/2006, 17:41:15] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [01/11/2006, 17:41:23] - Attempting to Restart via STOP error (Blue Screen!) Logfile of HijackThis v1.99.1 Scan saved at 6:21:32 PM, on 1/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zero Knowledge\Freedom\Freedom.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\ESPN360\bin\espn360.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ESPN360] C:\Program Files\ESPN360\bin\espn360.exe -nogui O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe O4 - Global Startup: Event Reminder.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Incident Status Location Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\MYWAYSEARCHASSISTANTDE.AUXILIARY Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bill\Cookies\bill@ads.pointroll[2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\bill\Cookies\bill@ask[1].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\bill\Cookies\bill@go[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\bill\Cookies\bill@ads.pointroll[2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\bill\Cookies\bill@ask[1].txt Spyware:Cookie/go Not disinfected C:\Documents and Settings\bill\Cookies\bill@go[1].txt Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\jkhhg.dll Thank you again! Bill