I am trying to play a game on yahoo and it is saying that I need to download Java Virutal Machine. So I go to the link and try to download it, and it says that I already have Java JRE. and that I need to uninstall in before I can re-install in. So I go to Add/Remove programs and click on the Java runtime and click add/remove and it tries to install it! I want to remove it but it doesnt give me that option.



On a seccond problem I have this icon in my tray that I think is the "Bullseye" bargin spy problem, I ran a HJT and deleted it, but it still shows in the my tray, however it is removed from my HJT scan. If anyone can help me with any of these problems I would greatly appriciate it.

I have ME - Ped 3 HP 900MHZ - any other info that you need from me let me know. And I have purchased Registry Mechanic an run that everyday, it still doesnt get rid of the bullseye thing.

Hi and welcome to the PC Guide Discussion forums. Please post a fresh HijackThis log. We would be happy to take a look and see if we can help.

Logfile of HijackThis v1.99.0
Scan saved at 12:20:34 PM, on 8/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by9fd.bay9.hotmail.msn.com/resources/MsnPUpld.cab


Thank You to anyone that replys

Hello. You are using an outdated version of HijackThis. Before proceeding, please download HijackThis version 1.99.1 from here:
http://www.downloads.subratam.org/hijackthis.zip
and make sure to unzip it to a permanent folder.

Then in regards to Bullseye, please do all of the following:

Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE from here:
http://www.majorgeeks.com/download506.html
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.


Spybot Full Scan
Next, please download Spybot-S&D from here:
http://www.majorgeeks.com/download.php?det=2471
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

Your log, however, looks ok at this point. You may optionally check the following entries to fix by running HiJackThis,selecting "Do a system scan only", then placing checks next to them:

Backweb is a program used by various vendors to check for updates, deals and other information. If you do not need this functionality, I recommend that you fix these items:

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe


Then reboot, run HJT, save the log and post it back here for us to take a look at. Please let us know if you have any questions. Thanks.

We will address the Java problem in the next round...:)

ok thank you for the reply, I will get on that right now and let you know how I made out.

okkkkkkkk?!??!

Well I clicked on the link you gave me to get the new HJT and Mcafee said that the file had a virus in it. It said it had the " W32/Generic.worm!p2p " and to try to clean in then delete it. Was that a test to see if I had a good virus scan or something?

NOT MY DAY!!!!

Well then I tried to download Ad-Aware, I have had it before but then it stopped working oneday. It just said..."Explorer has an error and this program will close" Now today when I went to where you said to DL it from it downloaded fine but then when I went to run it it said....

" ANWENDUNGSFEHLER "

"Exception EREADError in Modul AD-AWARE.EXE bei 00021FE7 Fehler bein lesen von menof.lines.strings - fehler bei Einfagen von RichEdit-Zeile"

I think I speak for everyone when I say....WHAT!?!? I guess my computer is more messed up then I thought. What should I do?

Well, you're right that does not sound too good...:(

Luckily, I happen to speak German! This "Fehler beim Lesen" means you are having a read failure. Please do this (in this order):
(This will take a whole lot of time and may even seem redundant, but please stay persisitent...)

Uninstall all old versions of Adaware SE and Spybot from Add/Remove Programs that happen to still be on your machine.

Please run the Housecall online virus scan located at:
http://housecall.trendmicro.com/housecall/start_corp.asp
Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.
When the scan is finished, please restart your computer.

Then please run the Panda scan here:
http://www.pandasoftware.com/products/acti...n_principal.htm
Choose to "Disinfect automatically," and follow the prompts. Delete any viruses found, and restart your computer.

Finally, please run the WindowSecurity trojan scan here:
http://www.windowsecurity.com/trojanscan/
Remove any trojans found.

Download: CCleaner (freeware)
http://www.majorgeeks.com/download4191.html
Once installed, run CCleaner click the Windows [tab]
Select the following:
http://mvps.org/winhelp2002/cleaner.gif
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

...and then restart your computer.

Now that you have done this (and re-downloaded Spybot, HJT 1.99.1, and Adaware SE from the links I have provided), please proceed as follows:


Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE from here:
http://www.majorgeeks.com/download506.html
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.

Spybot Full Scan
Next, please download Spybot-S&D from here:
http://www.majorgeeks.com/download.php?det=2471
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

and finally:

please run HJT from its own permanent folder and proceed as instructed in the last post:

Backweb is a program used by various vendors to check for updates, deals and other information. If you do not need this functionality, I recommend that you fix these items:

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

Then reboot, run HJT, save the log and post it back here for us to take a look at. Please let us know if you have any questions. Thanks.

Ok well I have been scanning all night.

So far the housecall found 14 viruses. Mostly

Troj Loader.c
Troj Loader.D
Troj Loader.MG ( 7 of those )

and some similar others I cant remember right now. Well it was not able to clean any but it deleted 9 of the 14. Then I ran the Panda Software which seemed to catch mostly the spyware but it said 24 infected items. All were deleted. Then I re-started my computer and it seemed to run worse. I dont know why but when I would click on Internet explorer it would start to open then freeze. But then I restarted it again and I think it is fine for now, although I am not on my computer now I had to go to work. But anyway when I get home I am going to do the next step you said to do, and just keep on going. I just wanted to give you an update on how it is going so far. Thanks a lot for your help.

Sounds about right. The more we can get rid of with the scans, the easier our job will be with HijackThis. I just find it strange that none of these things were showing in your original HJT log. Anyway, please follow the directions exactly and remember to do a reboot after each step. This will help in a lot of different ways. I admire your persistence, and let us know if you have any more questions along the way...

It sounds like you still have a few more scans to go. Hopefully by the time you get to the last one, there won't be anything left to clean up...:D

OK update time - I have made it to the point where you say to download Ad-Aware and spy-bot. Remember last time I tried doing that it gave me that weird German Error, so I am eager to see how that goes. One question I had is that The CCleaner deleted everything except for 1 file which is said is "marked for deletion" but it doesnt delete it. It is "C:\Windows\Temp Internet files\Content.IEJ\index.dat " when I went to that location threw My Computer I was going to delete in manually but when I went to delete it, it said " If you delete this Windows and other operations may not work properly, are you sure you want to delete this" So I said NO, I thought I better ask you first before I did anything.

Yes, as a general rule, anything in a Temporary folder is open game as far as deleting it.

Go ahead and kill it... if it lets you...:)

Also this morning my computer was freezing, then when I would hit Ctrl-Alt-Delete it would show that Macafee was "Not Responding" So I unistalled in all together. It was an old free version anyway. Plus I am in the "start fresh mode" but I will need something as far as a program that is on at all times to prevent viruses from getting on my computer ( Not that the Macafee that I had helped , remember I still had 14 viruses on my computer ) but anyway what do you recommend for that? Even if I have to shell out 50 bucks or so.

Ok more updates.... Even after doing everything that you said, when I tried to re-install ad-aware it looked like it downloaded fine but then that same German error message came up and it wouldnt let me run it. The thing that I am confused about is, when I went to download it, it said a version was already found on my computer and would I like to replace it. I said yes. But I had removed it 2 days before. So I am really confused now. Any advice as to what I do now? Thank You

By the way here is my new HJT with the new version...

Logfile of HijackThis v1.99.1
Scan saved at 10:08:17 PM, on 8/18/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by9fd.bay9.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

Hi LinkTheWorld. For a good AV program, try out AVG or Avast from my signature block. You definitely do not want to be surfing around too long without AV protection for too long.

In the mean time, your log appears to be clean. But judging by this error, you still have remnants of an old Adaware installation somewhere on your machine. A few posts back, I asked you to remove all old versions. Did you do so?

If not, please uninstall all old versions including the one you have just downloaded. Try downloading it again, just in case your copy has somehow become corrupted. Then reboot to Safe Mode (tap F8 at startup) and install the new version of Adaware.

Boot back into Normal Mode, update all of Adaware's signatures, and follow all of the Adaware and Spybot setup instructions I already gave. Also please say if any of your original problems have been remedied...
Thanks.

Yes I did remove all versions of Ad-Aware. Restarted my computer. I wanted to make sure I was protected so I Downloaded avg and ran a scan, which it came back clean. Not even 1 problem. I restarted then DL the newest verion of ad-aware, then restarted in safe mode. It installs fine, but then the same problem happened when I try to run it, it gave the same German error message. But now that I have CCleaner and Spybot works, also I have paid for Registry Mechanic 5.0 I should be ok with spyware even without ad-aware. I would still like to have it but I dont know how to get around that German error.

My original problem was with java and no it is not fixed. When I try to run a program with java it says I need the virtual machine. Then when I try to Download virtual machine it says I already have it. Then with Windowns ME when you go into the add/remove programs and I click on the java program I see you only have 1 buttom to choice from which says " add/remove " so when I click that it tries to ADD it! Instead of removing it. Then of course it says "this program already exists" I dont know how to get around this.

OK, now that it would appear that your system is Spyware free, please do the following:

Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window. This one digs a little deeper than the others, so it may find some leftover files that could be still causing you some problems.

Now let's address this Java problem of yours. It seems that what you are not the only one to have a hard time uninstalling a program from Windows ME. Windows ME seems to protect the users a little too well and puts certain safeguards in place to prevent you from deleting things that you shouldn't normally delete - such as the Java Runtime Environment or JVM - from Add/Remove programs. I see a couple options, but none are guaranteed to work, unfortunately. First, try uninstalling it from Add/Remove programs while in Safe Mode.

Windows ME uses the System File Protection program, and there is unfortunately no option in WinME to use the System File Checker utility, which would have normally been my next suggestion. The log file, Sfplog.txt, is in the Windows\System\SFP folder in Windows ME. If there are any entries in the log file (other than the log entry that is added when Windows first starts), then SFP had to protect some files. Please post for me the contents of this logfile, so we can see if the OS has been trying to 'protect' you from yourself....)

Make sure you are set to show hidden files and folders:
Show Hidden Files and Folders (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Then look in your Program Files\Java folder for an uninstall tool. If that doesn't work, do a search (include hidden files and folders) on your machine for files named uni*.lnk and see if one of the uninstall tools will help you remove Java. If that doesn't work, you can try going to the Sun Microsystems site site and seeing if anyone has had this problem before (chances are they have).

As much as I'd like to recommend the final way, which would be to just delete the Java Program folder, you could get into trouble that way because you would create a bunch of Registry problems in the process, requiring you to manually remove all entries dealing with JRE. I don't recommend this last method, by the way.

Java problem, well....Fixed!...sort of. After all of this cleaning I have been doing I guess one of the things I did removed the java completly because when I went to download it instead of saying " You already have this" it said "error 1723 - There is a problem with this windowns installer package. A DLL required for this install to complete could not be run. Contact your support personnell or package vendor"

Then when I searched in the FAQ for this someone else had the same problem and they said that the only thing that worked is when they downloaded an earlier version of java, and they gave the link. So I DL version 1.3 instead of the new 1.5 and well to my surprise...it worked! So now I can play games. yeah I dont have the "newest" version but oh well my goal is still being accomplished. I have to go to work now but when I get home I will DL the MWAY anti virus and post the results. The AVG scan came back clean but I guess you can never be too sure!

Finally some progress! Glad to hear. I am looking forward to your next post...:D

ok here are the results of the mwav scan...

Fri Aug 19 22:51:09 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Fri Aug 19 22:51:09 2005 => Loading Spyware Signatures from new External Database (Size: 134742).

Fri Aug 19 22:51:10 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Fri Aug 19 22:51:10 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.

Fri Aug 19 22:51:26 2005 => Offending value found in HKLM\Software\magnet\handlers\limewire !!!
Fri Aug 19 22:51:26 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\exp lorer\menuorder\start menu\programs\limewire !!!
Fri Aug 19 22:51:26 2005 => Offending Folder found: C:\PROGRA~1\limewire
Fri Aug 19 22:51:26 2005 => Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Fri Aug 19 22:51:45 2005 => Offending Folder found: C:\WINDOWS\APPLIC~1\weatherbug
Fri Aug 19 22:51:45 2005 => Object "WeatherBug Spyware/Adware" found in File System! Action Taken: No Action Taken.

Fri Aug 19 22:53:39 2005 => Offending file found: C:\WINDOWS\exclean.exe
Fri Aug 19 22:53:39 2005 => System found infected with bargainbuddy Spyware/Adware (exclean.exe)! Action taken: No Action Taken.

Fri Aug 19 23:01:02 2005 => Offending file found: C:\WINDOWS\TEMP
Fri Aug 19 23:01:02 2005 => System found infected with FastFind Spyware/Adware (setup.dll)! Action taken: No Action Taken.

Fri Aug 19 23:05:38 2005 => Offending file found: C:\WINDOWS\TEMP
Fri Aug 19 23:05:38 2005 => System found infected with Midnight Oil Spyware/Adware (file_id.diz)! Action taken: No Action Taken.

Fri Aug 19 23:07:33 2005 => Offending file found: C:\WINDOWS\TEMP\insthelp.dll
Fri Aug 19 23:07:33 2005 => System found infected with RedV Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.

Fri Aug 19 23:11:58 2005 => Offending file found: C:\WINDOWS\iun6002.exe
Fri Aug 19 23:11:58 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.

Fri Aug 19 23:24:53 2005 => Offending file found: C:\WINDOWS\TEMP
Fri Aug 19 23:24:53 2005 => System found infected with Unknown Pest Spyware/Adware (readme.rtf)! Action taken: No Action Taken.

Fri Aug 19 23:25:39 2005 => Offending file found: C:\WINDOWS\TEMP
Fri Aug 19 23:25:39 2005 => System found infected with Claria.Dashbar Spyware/Adware (dbbuttons.dat)! Action taken: No Action Taken.

Please review the instructions for posting the MWavScan again... The part that you posted does not tell us anything helpful about what is in your system... We need the bottom part with the bad items listed...

ok I think this is what you need to see....

Fri Aug 19 23:29:27 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\osmim.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\osconfig.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\okshook.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\ossproxy.ex_". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yacsui.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yacscom.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\xscan60.ocx". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\GWFSPidGen.DLL". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\LegitCheckControl.DLL". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_MARKETING61.exe". Action Taken: No Action Taken.

Fri Aug 19 23:29:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axscan.ocx". Action Taken: No Action Taken.

Fri Aug 19 23:29:31 2005 => Entry "HKCR\CLSID\{0A629F2B-1F78-4812-95A0-47DC721E59A1}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:31 2005 => Entry "HKCR\CLSID\{CF732F8A-686E-480E-8371-779755EE7047}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:31 2005 => Entry "HKCR\CLSID\{79D37817-A8A8-4B34-95DA-398DD9ACE2C6}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{C472B28C-5012-41e3-B716-249E6680C749}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{7C863C24-EC80-4F2C-A200-2AE419010F5E}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{74AE12B4-5499-4b90-B4A5-0084F1202539}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{9F687A48-9B3B-40A7-AAB8-DC02B7D9A83D}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{6B86A59F-77FE-4D5C-B0B2-043DA72F203E}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{ACA896DC-E11A-4E31-B5E5-65A33F9D72DC}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{6A7AF87E-7289-11D3-957D-00105CAB2A96}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{459219DE-0EB1-47D9-B51C-9082E281B2E6}" refers to invalid object "blank". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:32 2005 => Entry "HKCR\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamiui.dll". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.PluginsCacheEx" refers to invalid object "{30C2C3FF-F97D-4506-83B4-2136082EFF05}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.PluginSearch" refers to invalid object "{14D0015F-FB15-11D3-BAFD-00104B61F499}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.WizardsCache" refers to invalid object "{EF0133CA-6CF3-11D3-BA2C-00104B61F499}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.PluginsCache" refers to invalid object "{EF0133C8-6CF3-11D3-BA2C-00104B61F499}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.Wizard" refers to invalid object "{BF7D6744-A2ED-11D2-B89D-00104B61F499}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.Wizards" refers to invalid object "{4097B4EA-A278-11D2-B89C-00104B61F499}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.PluginInstall" refers to invalid object "{DF698C21-C1B6-11D1-BD22-8779A770D479}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.Plugins" refers to invalid object "{D4BDA584-BCC6-11D1-BD22-9ACAB8113978}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.Plugin" refers to invalid object "{D4BDA582-BCC6-11D1-BD22-9ACAB8113978}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\XQXSetup.SimpleLogfile" refers to invalid object "{6441742B-5A1E-11D3-BA0C-00104B61F499}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\MSComDlg.CommonDialog" refers to invalid object "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}". Action Taken: No Action Taken.

Fri Aug 19 23:29:34 2005 => Entry "HKCR\MSComDlg.CommonDialog.1" refers to invalid object "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\DKIBand.DKIBandObj.1" refers to invalid object "{40D41A8B-D79B-43d7-99A7-9EE0F344C385}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\DKIBand.DKIBandObj" refers to invalid object "{40D41A8B-D79B-43d7-99A7-9EE0F344C385}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\XBTB01232.IEToolbar.1" refers to invalid object "{CC8C8F4F-F2E8-404B-A43D-5CC57876A008}". Action Taken: No Action Taken.

cont...

Fri Aug 19 23:29:35 2005 => Entry "HKCR\ToolBand.XBTB01232.1" refers to invalid object "{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\TabDlg.SSTab" refers to invalid object "{BDC217C5-ED16-11CD-956C-0000C04E4C0A}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\TabDlg.SSTab.1" refers to invalid object "{BDC217C5-ED16-11CD-956C-0000C04E4C0A}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\RICHTEXT.RichtextCtrl" refers to invalid object "{3B7C8860-D78F-101B-B9B5-04021C009402}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\RICHTEXT.RichtextCtrl.1" refers to invalid object "{3B7C8860-D78F-101B-B9B5-04021C009402}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\FilePlanet.DownLoadCtrl.1" refers to invalid object "{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\FilePlanet.DownLoadCtrl" refers to invalid object "{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\ChilkatXml.ChilkatXml.1" refers to invalid object "{CE2E4226-494A-4DB2-9B45-7C8586CC01A3}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\ChilkatXml.ChilkatXml" refers to invalid object "{CE2E4226-494A-4DB2-9B45-7C8586CC01A3}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\ChilkatXml.XmlFactory.1" refers to invalid object "{7FAB24D9-F81A-49A3-A0E9-A3198DEDF454}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\ChilkatXml.XmlFactory" refers to invalid object "{7FAB24D9-F81A-49A3-A0E9-A3198DEDF454}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\WSHController" refers to invalid object "{563DC062-B09A-11D2-A24D-00104BD35090}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\MSScriptControl.ScriptControl" refers to invalid object "{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\MSScriptControl.ScriptControl.1" refers to invalid object "{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\ScriptControl" refers to invalid object "{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\JavaPlugin" refers to invalid object "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\JavaWebStart.isInstalled.1.5.0.0" refers to invalid object "{5852F5ED-8BF4-11D4-A245-0080C6F74284}". Action Taken: No Action Taken.

Fri Aug 19 23:29:35 2005 => Entry "HKCR\JavaWebStart.isInstalled" refers to invalid object "{5852F5ED-8BF4-11D4-A245-0080C6F74284}". Action Taken: No Action Taken.

Fri Aug 19 23:29:36 2005 => Entry "HKCR\NLS.UrlCatcher" refers to invalid object "{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}". Action Taken: No Action Taken.

Fri Aug 19 23:29:36 2005 => Entry "HKCR\df_fixer.Fixer.1" refers to invalid object "{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}". Action Taken: No Action Taken.

Fri Aug 19 23:29:36 2005 => Entry "HKCR\df_fixer.Fixer" refers to invalid object "{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}". Action Taken: No Action Taken.

Fri Aug 19 23:29:36 2005 => Entry "HKCR\df_proxy.DriverManipulate.1" refers to invalid object "{84C43108-013C-4513-8578-F50080B9C9D0}". Action Taken: No Action Taken.

Fri Aug 19 23:29:36 2005 => Entry "HKCR\df_proxy.DriverManipulate" refers to invalid object "{84C43108-013C-4513-8578-F50080B9C9D0}". Action Taken: No Action Taken.

Nope... There are two windows in the main MWavScan window... The upper window contains the complete scan of your entire system and has lots of dates, like what you posted... The bottom window contains only the bad things found and it is usually much shorter and does not have all those dates and times... You need to use Ctrl-C to copy it, you cannot simply use a Right click Copy/Paste...

ahhh your right.... that was my first thought, but since it didnt let me just right click it, I made it harder than it was...thanks.

File C:\WINDOWS\Desktop\INSTALLED ITEMS\motionsetup.exe tagged as not-a-virus:Downloader.Win32.DigStream. No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WeatherBug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bargainbuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "FastFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Midnight Oil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "RedV Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Unknown Pest Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Claria.Dashbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\osmim.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\osconfig.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\okshook.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\ossproxy.ex_". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yacsui.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yacscom.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\xscan60.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\GWFSPidGen.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\SYSTEM\LegitCheckControl.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_MARKETING61.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mod uleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axscan.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A629F2B-1F78-4812-95A0-47DC721E59A1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CF732F8A-686E-480E-8371-779755EE7047}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79D37817-A8A8-4B34-95DA-398DD9ACE2C6}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C472B28C-5012-41e3-B716-249E6680C749}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C863C24-EC80-4F2C-A200-2AE419010F5E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{74AE12B4-5499-4b90-B4A5-0084F1202539}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9F687A48-9B3B-40A7-AAB8-DC02B7D9A83D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B86A59F-77FE-4D5C-B0B2-043DA72F203E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ACA896DC-E11A-4E31-B5E5-65A33F9D72DC}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6A7AF87E-7289-11D3-957D-00105CAB2A96}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{459219DE-0EB1-47D9-B51C-9082E281B2E6}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Thanks. This log looks more like what we needed to see. It does seem a little short, too, so please just double-check onc3e and make sure you got it all in there. In the mean time:

Unless you recognize this item, go into Windows Explorer and delete it (you may need to enable hidden files):

C:\WINDOWS\Desktop\INSTALLED ITEMS\motionsetup.exe

Then immediately after, run CCleaner once again as follows:

Download: CCleaner (freeware)
http://www.majorgeeks.com/download4191.html
Once installed, run CCleaner click the Windows [tab]
Select the following:
http://mvps.org/winhelp2002/cleaner.gif
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Reboot and post a fresh HJT log just for one last look. How is everything running?

Everything is going great now! I think I have one of the cleanest computers this side of...well...I dont know, but I have a pretty clean one....here is the latest HJT...


Logfile of HijackThis v1.99.1
Scan saved at 2:07:27 AM, on 8/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by9fd.bay9.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab




The only problem is when I try to delete the.........." O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by9fd.bay9.hotmail.msn.com/resources/MsnPUpld.cab " my computer always freezes and it ends up that I need to restart it. It doesnt look that threatning but non the less I dont want it there.

Also when I hit CTR ALT DELETE I see....Explorer, AVG, and Lvcomsx. I also see lvcomsx on m HJT log, have any idea as to what that is?

Thanks again for all your help, my computer runs like new!

Oh one thing I was going to ask is if anyone knew the best p2p sharing program that doesnt install any 3rd party software. I know I found a link that had which ones install 3rd party software and which dont, but it doesnt say which of the ones that dont is the best. A P2P isnt that good if you search for something common, and it you cant download it - it doesnt matter how safe it is if it is worthless....you know.

To kill the O16, you should be able to do it from Safe Mode. To do so:

Tap F8 at Startup, choose Safe Mode, run HJT, place a check next to the O16 item you want to get rid of, close all windows and browsers, and click 'Fix Checked' (deep breath...:) )

Then boot back into regular mode and post the fresh HJT log (which hopefully will not have the O16 item on it).

As far as a legit P2P program, sure there are plenty out there. Check out this comprehensive list of bad ones and good ones hosted by SpywareInfo:

http://www.spywareinfo.com/articles/p2p/

Well the 016 item I am trying to get rid of is being quite stubborn! Even in safe mode when I try to delete it from HJT I get the " blue screen of death" ( that was my step-dad calls it ) which says Windows and encountered an error and press any key to continue. Then when I press any key it freezes. I mean technically I would want it gone, but since my computer is working great I think I am just being picky. Just so you know you almost lost me last night world. I was in a car accident in the rain going 50 MPH on the interstate, and crashed head first into the median, bounced back into the fast lane where another car going 50 hit me. The driver said at one point he was heading right towards my door, but then swerved which made him in the back seat door, which I can tell you if anyone was sitting there they wouldnt have made it. But as for me I am ok, shaken up alittle bit and banged up, but overall alive! ENJOY LIFE TO THE FULLEST! Because well....it rains a lot

Hello again. A colleague of mine at SWI was kind enough to suggest that you follow the instructions here for removing the stubborn O16. It seems that many people have experienced problems with this MSN Photo Upload tool, and most noticeably when it comes time to remove it!

http://groups.msn.com/WebDesign/msnhomepagehelp.msnw?action=get_message&mview=1&ID_Message=107475&all_topics=1

Also don't go too far, as we are eventually going to kill those Alexa-related O9's that are still showing in your log. There is some confusion as to which the best method of killing them is, though, so I will let you know as soon as I find out (which is almost always sooner rather than later)...

OK, after further discussing this with Budfred a little bit, I have decided we can take the following approach for now:

Open HJT, run a scan, and place a check next to the following two items:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


Then close all windows and browsers, including this one, and click Fix Checked.

Then remove the following file from your machine if it is still there:

C:\WINDOWS\web\related.htm

Then reboot and post a fresh HJT log. We will also see at that point if you were able to get rid of the stubborn O16 using the directions I gave you in the last post.

Sorry about the confusion regarding the O9s. The thing is that a Spybot scan normally finds and removes them, but they always seem to have a way of coming back if the user performs an search with IE - even though the entries are essentially harmless. Most of the time, fixing it with HJT kills them for good, according to some. Let's hope this is one of those times...:D

By the way, regarding your inquiry:
http://www.liutilities.com/products/wintaskspro/processlibrary/LVCOMSX/

LVCOMSX is harmless, and has something to do with a Logitech product that you have or have had in the past.

If that is the dummy placed by Spybot, deleting this will enable Alexa to reload:

C:\WINDOWS\web\related.htm

I think I see what you mean. So what would you suggest, Budfred...?

Just running Spybot and leaving the HJT entry (and corresponding C:\WINDOWS\ file) alone?

How could/would we know if we are looking at a dummy placed by Spybot or the actual Alexa-related O9?

For being a 'supposedly' harmless O9, this thing is sure causing a lot of uncertainty in my gut at the moment...:D

Maybe it's best to just leave it alone altogether, and just be sure to scan with Spybot once in a while?

New HJT Log...

Logfile of HijackThis v1.99.1
Scan saved at 9:55:00 AM, on 8/23/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by9fd.bay9.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab

Now that I think about it some more, the MSN upload tool is for when I send emails I can send pictures out of my hotmail account. So it might be ok , my system is pretty clean, lately I have been doing scans with Registry cleaner and Registry Mechanic 5.0 and it has been coming back with Zero problems. Or if I am just coming off the internet it will have the few cookies that I picked up. Do I still need that 016 housecall Control?

Log looks clean...:)

If you plan on running the Housecall online scan once in a while (which you should!), it's a good idea to keep it - it's not hurting anything, in other words. On the other hand, if you wanted to delete it, it is safe to do so with HJT. The next time you tried to do an online scan at Trend Micro, then you would just need to reload the ActiveX control. Your choice.

Now that you are clean, here is a standard prevention speech for you....

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. Your current versions are outdated. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE (http://www.lavasoftusa.com/software/adaware)
A tutorial on using Ad-Aware to remove spyware from your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial48.html).

Spybot-Search & Destroy (http://www.safer-networking.org/en/download)
A tutorial on using Spybot to remove spyware from your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial43.html). Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial49.html).

SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html)
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here (http://www.bleepingcomputer.com/forums/tutorial50.html).

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za), Kerio (http://www.kerio.com/us/kpf_download.html), or Sygate (http://soho.sygate.com/default.htm).
A tutorial on understanding and using firewalls may be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).

Please also read Tony Klein's excellent article: How I got Infected in the First Place (http://forums.net-integration.net/index.php?showtopic=3051)

Hopefully this should take care of your problems! Good luck. :D

For the O9... If you can find the file, you can look at Properties to see if it is MS based or if it relates to Google... Spybot is supposed to switch it to Google... Apparently setting IE to use a different search engine will also change it...

Hey guys, well now that my home computer is in top shape, now my work computer is running slow, no MAJOR problems that I can see, and I ran housecall and it found absolutly nothing, but just to make sure I figured I would see if you guys see anything that catches your eye....here is the HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 11:19:55 AM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TeleVantage\Client\TVClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\esanchez\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://corporate/intranet1/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094841687869[/url]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url]
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - [url]http://directv.direcway.com/dwayready/dpcsysinfo.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v7.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4463/mcfscan.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cutcable.tv
O17 - HKLM\Software\..\Telephony: DomainName = cutcable.tv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cutcable.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cutcable.tv
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TeleVantage Workstation Service (TvWksSvc) - Artisoft Inc. - C:\Program Files\Common Files\Artisoft\TeleVantage\TvWksSvc.exe


The IT guy here prides himself on keeping everything clean, does it look like this system is pretty well protected?

The IT guy here prides himself on keeping everything clean, does it look like this system is pretty well protected?

Well assuming you recognize the cutcable.tv domain, then the log looks okay to me. Although I see you've been uploading photos to Hotmail from work (the famous Uploader tool is in this log too).
That's a no-no...:)

Just kidding...:D

lol...Your right! You caught me! I do lots of things I shouldnt do on that computer. Yes I know what the cutcable.tv is, I wont say where I work at, but that should narrow it down to one of two companies. I guess the IT guy does know what he is doing afterall. Now I am in a catch 22, because if I need to talk to you guys again then that means something is most likely wrong with my computer, and well I dont want that. Yet I dont want just just never comeback either. My next step is to upgrade my computer because I still have a Pent 3 and I want a Pent 4 chip with HT and all that good stuff. ok well that is for another time, ttyl