wondering if u could look at this onee please
desktop with win 2000 on it.

Logfile of HijackThis v1.99.1
Scan saved at 4:51:47 PM, on 8/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\WINZIP\winzip32.exe
C:\Documents and Settings\michael hansen.HOME-BQSACCGEC9\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5Cgoogle.src"); (C:\Documents and Settings\michael hansen\Application Data\Mozilla\Profiles\default\m3ii3830.slt\prefs.j s)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [agentsvr] C:\WINNT\system32\agentsvr.exe
O4 - HKCU\..\Run: [CTFMON] C:\WINNT\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WINNT\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - [url]http://bar.mywebsearch.com/menusearch.html?p=ZN[/url]
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://spaces.msn.com//PhotoUpload/MsnPUpld.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - [url]http://install.wildtangent.com/bgn/partners/ea/freekstyle/install.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url]
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://C:\Documents and Settings\michael hansen.HOME-BQSACCGEC9\Local Settings\Temp\SFXE.tmp\msxml3.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab[/url]
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe

this is my kids desktop and wondering if all looks ok?

thanks
Michael

I don't have time to give you a fix this AM, please post back so that I remember to come back this evening to give you the list... You have several malware items there... You also have MyWebSearch which is considered optional, but opens the door for malware, so I suggest uninstally that now... If a toolbar is needed, Google has a good one that is safe and provides a popup blocker...

thanks. Been working graveyards so a little slow keeping up.
will delete the file u mention in the morning. again thanks
Michael

Sorry for the long wait... Please open and HJT scan and put checks by:

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKCU\..\Run: [agentsvr] C:\WINNT\system32\agentsvr.exe
O4 - HKCU\..\Run: [CTFMON] C:\WINNT\ctfmon.exe
O16 - DPF: {F5078F32-C551-11D3-89B9-0000F81FE221} (XML DOM Document 3.0) - file://C:\Documents and Settings\michael hansen.HOME-BQSACCGEC9\Local Settings\Temp\SFXE.tmp\msxml3.cab

Close all open windows except HJT and click Fix checked...

Find and delete:

C:\WINNT\system32\agentsvr.exe
C:\WINNT\ctfmon.exe

Reboot and post a fresh log...

after your instructions

seems to be alot of crap on the harddrive tho.

thanks fred

Logfile of HijackThis v1.99.1
Scan saved at 5:17:43 PM, on 8/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\qttask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\WINZIP\winzip32.exe
C:\Documents and Settings\michael hansen.HOME-BQSACCGEC9\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Cs earchplugins%5Cgoogle.src"); (C:\Documents and Settings\michael hansen\Application Data\Mozilla\Profiles\default\m3ii3830.slt\prefs.j s)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\system32\qttask.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\WINNT\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - [url]http://bar.mywebsearch.com/menusearch.html?p=ZN[/url]
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://spaces.msn.com//PhotoUpload/MsnPUpld.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - [url]http://install.wildtangent.com/bgn/partners/ea/freekstyle/install.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url]
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab[/url]
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINNT\system32\RioMSC.exe

Your log looks okay... You might want to fix this with HJT:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN

I am not sure what you mean about "crap" on the drive... If you mean that there still seem to be problems, we can run some other scans... Please clarify...

Your log looks okay... You might want to fix this with HJT:

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN

I am not sure what you mean about "crap" on the drive... If you mean that there still seem to be problems, we can run some other scans... Please clarify...

will do. it seems to run a little slower than used to.
also, not sure but seems to maybe have 2 windows operating systems installed on the one hard drive.
Michael

You should be able to tell if you have two copies of Windows installed by checking in Windows Explorer for Windows folders... 2 of them would not be good...

There are some unneeded programs that could be stopped, but we can check to see if there are any other issues first... Try running an MWavScan... It will produce a log in the lower window that has the bad list and you will need to use Ctrl-C to copy it and then paste it here for review.... If the list is extremely long, you can just paste the lines that begin with the word "File" since those are the ones we need to be most concerned about...

http://www.mwti.net/antivirus/free_utilities.asp

It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...

this is what came up
File C:\PROGRA~1\MSNMES~1\RICHED20.dll tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WhenU.UControl Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WhenU/SaveNow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WhenU/Search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WeatherBug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBAPMNT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBALCNT.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBALCNP.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBALSNT.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBACFG.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBACU.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBACUR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBAGF.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBAUTIL.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBAIH.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBAJSWR.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBA.LOC". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBADRV.HLP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBALPA.HLP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBADRV.CNT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBALPA.CNT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\LXBAMA.CNT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\lxbacoin.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\lxbacoin.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\lxbacinf.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sha redDlls" refers to invalid object "C:\WINNT\system32\SPOOL\PRTPROCS\W32X86\LXBAPP5C.D LL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\Documents and Settings\michael hansen.HOME-BQSACCGEC9\Local Settings\Temp\hijackthis.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".ISO". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".mov". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts" refers to invalid object ".pps". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.4)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SaveNow". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UControl Scan and Remove". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000603}". Action Taken: No Action Taken.
No Action Taken.Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0DB22BD7-DE63-4E5D-A3A2-117810BBBBFE}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\MsiMultiplexer. ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17DE903B-027A-4615-BCCD-2D4671F49BF3}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\msiDVSplitter.a x". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{189504B8-50D1-4AA8-B4D6-95C8F58A6414}" refers to invalid object "C:\PROGRA~1\AIM\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{59EC0340-7506-11D2-B05F-00C04F7F89FE}" refers to invalid object "C:\PROGRA~1\AIM\AimApi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{69527985-A156-4C41-8E31-4573556BD9D7}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\msiac3dec.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6DCAC87D-6C67-412C-9626-1523D1B54DAF}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\msiaudmix3.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{712207F5-4423-4024-B45A-2E0D2B4D5B0F}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\msiac3enc.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C111BC0-0D02-11D6-9D2A-0080C6F9DEB5}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\msimpegsplitter .ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}" refers to invalid object "C:\WINNT\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINNT\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A98ABF1C-107C-44E7-9254-2C3FF435D0C2}" refers to invalid object "C:\PROGRA~1\AIM\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}" refers to invalid object "C:\WINNT\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE265956-6F5F-4790-9CAB-EDFAC64362EF}" refers to invalid object "C:\PROGRA~1\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINNT\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EF82F2F1-AFAD-4CB7-A774-25F2D0C80F29}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\MsiDvdMux3.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F2D8FCD7-2264-4486-886D-C878643BFCFD}" refers to invalid object "C:\Program Files\Mediostream\neoDVDstandard4\\msiCapBuf.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F2DD9BC5-3851-4766-9F67-A627B3C053DD}" refers to invalid object "C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\BACK WE~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}" refers to invalid object "C:\WINNT\wt\webdriver\4.1.1\webdriver.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}" refers to invalid object "C:\WINNT\system\gif89.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "C:\PROGRA~1\AIM\sb.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C5D478A-085F-4C8C-9B60-825BB9F463E2}" refers to invalid object "C:\Program Files\Real\RealArcade\iegcplug.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "C:\PROGRA~1\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1A8AF28-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E1211242-8E94-11D1-8808-00C04FC2C602}" refers to invalid object "C:\Program Files\Client\dx7vb.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}" refers to invalid object "C:\WINNT\wt\webdriver\4.1.1\webdriver.dll". Action Taken: No Action Taken.
Entry "HKCR\.csk" refers to invalid object "cskfile". Action Taken: No Action Taken.
Entry "HKCR\.pot" refers to invalid object "Powerpoint.Template". Action Taken: No Action Taken.
Entry "HKCR\.ppt" refers to invalid object "Powerpoint.Show.7". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA.12" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.NA.12" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\DX3DTransform.CatalogServer.1" refers to invalid object "{202FE114-CBC2-4191-3EB3-7A8C892BF3B0}". Action Taken: No Action Taken.
Entry "HKCR\Msxml2.DOMDocument.3.0" refers to invalid object "{f5078f32-c551-11d3-89b9-0000f81fe221}". Action Taken: No Action Taken.
Entry "HKCR\Viewer\shell\open\command" refers to invalid object ""C:\Program Files\Lexmark X6100 Series\FaxTools\viewer.exe" %1". Action Taken: No Action Taken.
Entry "HKCR\wbc_auto_file\shell\open\command" refers to invalid object "C:\PROGRA~1\Webshots\Launcher.exe %1". Action Taken: No Action Taken.
Entry "HKCR\wbp_auto_file\shell\open\command" refers to invalid object "C:\PROGRA~1\Webshots\Launcher.exe %1". Action Taken: No Action Taken.
Entry "HKCR\wbz_auto_file\shell\open\command" refers to invalid object "C:\PROGRA~1\Webshots\Launcher.exe %1". Action Taken: No Action Taken.
Entry "HKCR\Webshots.Collection\shell\open\command" refers to invalid object "C:\PROGRA~1\Webshots\Launcher.exe %1". Action Taken: No Action Taken.
Entry "HKCR\Webshots.Extension\shell\open\command" refers to invalid object "C:\PROGRA~1\Webshots\Launcher.exe %1". Action Taken: No Action Taken.
File C:\WINNT\nxstinst.exe tagged as "not-a-virus:AdWare.NavExcel.i". Action Taken: No Action Taken.
File C:\WINNT\remover.dll tagged as "not-a-virus:AdWare.NavExcel.i". Action Taken: No Action Taken.
File C:\WINNT\system32\f3PSSavr.scr tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken:

alot of invalid objects seen

under the windows explorer seems to be 2 seperate users altho they are both almost the same under "documents and settings"
there is
all users and
all users winnt

default users and
default users winnt

michael/ bunch of files like desktop. cookies, favorites etc then
michael~1~home with the same files as above.
can i just delete one "whole" person?

thanks fred
Michael

You need to kill some files there... Download KillBox...

http://www.downloads.subratam.org/KillBox.zip

Then copy/paste this list into a Notepad file so that you can access it in Safe Mode... Boot to Safe Mode (tap F8 just before Windows starts loading and select Safe Mode)... Choose the "Delete on reboot" and "End Explorer Shell while Killing file" options... Copy/paste the entire list into the line for the file... It should be able to accept the whole list, but if it doesn't you will need to enter them one at a time... Do not click through to close it out and reboot until they have all been entered... Once they are all entered, click through to kill them...

C:\PROGRA~1\MSNMES~1\RICHED20.dll
C:\WINNT\nxstinst.exe
C:\WINNT\remover.dll
C:\WINNT\system32\f3PSSavr.scr

Reboot and post a fresh HJT log and MWavScan... Just post any items from the MWavScan that begin with the word "File"...

What you are describing about Windows sounds like 2 different user accounts... You can probably eliminate one, but it might be good to wait until we are pretty sure your system is clean and then ask how to do that properly in the Windows forum... Simply removing one of them may mess up your programs and settings...