Dear Andy and Navigator I have followed your instructions so far as I could with the following exceptions
Program files\DriveCleaner 2006 message 'Access denied' but I deleted it directly by accessing the 'C' drive.
C\ \penis enlargement. There are other curious files there. Should I delete these as well?
C\\ipreg32 and webdlg32 not on the system even using 'search' facility
C\\Antivirus Test online.url. I could only find the shortcut this I deleted
C\\WEB-Search Only the shortcut found, this I deleted.
C\\Yazzle not on the system even using 'search' facility.
C\\Web control not on the system(as above)
3. The 'techsupportforum' file recognises the 'bleepingcomputer' file as being the same. I did not over-ride bleepingcomputer file.
Here are the logs
Owner - 06-11-22 10:59:22.00 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Owner\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Inetget2
C:\Program Files\Ipwins
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{34B2DDA8-0AE9-1033-0823-04040512002c}
((((((((((((((((((((((((((((((( Files Created from 2006-10-22 to 2006-11-22 ))))))))))))))))))))))))))))))))))
2006-11-21 14:51 93,696 --a------ C:\WINDOWS\system32\Vtf.dll
2006-11-21 14:51 81,408 --a------ C:\WINDOWS\system32\Photocd.dll
2006-11-21 14:51 76,288 --a------ C:\WINDOWS\system32\Lwf.dll
2006-11-21 14:51 75,776 --a------ C:\WINDOWS\system32\Crw.dll
2006-11-21 14:51 72,704 --a------ C:\WINDOWS\system32\Jpg_transform.dll
2006-11-21 14:51 68,096 --a------ C:\WINDOWS\system32\FFactory.dll
2006-11-21 14:51 62,976 --a------ C:\WINDOWS\system32\Ics.dll
2006-11-21 14:51 619,008 --a------ C:\WINDOWS\system32\MrSID.dll
2006-11-21 14:51 61,440 --a------ C:\WINDOWS\system32\Exif.dll
2006-11-21 14:51 48,640 --a------ C:\WINDOWS\system32\Mrc.dll
2006-11-21 14:51 468,992 --a------ C:\WINDOWS\system32\DjVu.dll
2006-11-21 14:51 467,968 --a------ C:\WINDOWS\system32\JPM.dll
2006-11-21 14:51 46,592 --a------ C:\WINDOWS\system32\8BF_FILTERS.dll
2006-11-21 14:51 45,056 --a------ C:\WINDOWS\system32\Ra_player.dll
2006-11-21 14:51 442,368 --a------ C:\WINDOWS\system32\Fpx.dll
2006-11-21 14:51 424,960 --a------ C:\WINDOWS\system32\Flash4.dll
2006-11-21 14:51 41,984 --a------ C:\WINDOWS\system32\Quicktime.dll
2006-11-21 14:51 40,448 --a------ C:\WINDOWS\system32\Ecw.dll
2006-11-21 14:51 39,936 --a------ C:\WINDOWS\system32\Iptc.dll
2006-11-21 14:51 39,424 --a------ C:\WINDOWS\system32\SoundPlayer.dll
2006-11-21 14:51 39,424 --a------ C:\WINDOWS\system32\LogoManager.dll
2006-11-21 14:51 34,304 --a------ C:\WINDOWS\system32\Sff.dll
2006-11-21 14:51 34,304 --a------ C:\WINDOWS\system32\B3d.dll
2006-11-21 14:51 30,720 --a------ C:\WINDOWS\system32\Ftp.dll
2006-11-21 14:51 29,184 --a------ C:\WINDOWS\system32\EaFsh.dll
2006-11-21 14:51 26,624 --a------ C:\WINDOWS\system32\Pngout.dll
2006-11-21 14:51 238,592 --a------ C:\WINDOWS\system32\Ldf.dll
2006-11-21 14:51 225,280 --a------ C:\WINDOWS\system32\Dicom.dll
2006-11-21 14:51 220,160 --a------ C:\WINDOWS\system32\Mp3.dll
2006-11-21 14:51 201,216 --a------ C:\WINDOWS\system32\Postscript.dll
2006-11-21 14:51 178,688 --a------ C:\WINDOWS\system32\Awd.dll
2006-11-21 14:51 172,032 --a------ C:\WINDOWS\system32\Formats.dll
2006-11-21 14:51 166,400 --a------ C:\WINDOWS\system32\KDC120.dll
2006-11-21 14:51 151,552 --a------ C:\WINDOWS\system32\Med.dll
2006-11-21 14:51 151,552 --a------ C:\WINDOWS\system32\IV_Player.exe
2006-11-21 14:51 140,288 --a------ C:\WINDOWS\system32\Mng.dll
2006-11-21 14:51 138,240 --a------ C:\WINDOWS\system32\Flash.dll
2006-11-21 14:51 121,344 --a------ C:\WINDOWS\system32\Email.dll
2006-11-21 14:51 114,688 --a------ C:\WINDOWS\system32\JPEG2000.dll
2006-11-21 14:51 111,616 --a------ C:\WINDOWS\system32\FUNLTDIV.dll
2006-11-21 14:51 108,544 --a------ C:\WINDOWS\system32\ImPDF.dll
2006-11-21 14:51 106,496 --a------ C:\WINDOWS\system32\Nero.dll
2006-11-21 14:51 1,153,008 --a------ C:\WINDOWS\system32\CADImage.dll
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Fmod
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Filter Factory 8BF
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Ecw
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Crw
2006-11-21 14:51 <DIR> d-a------ C:\WINDOWS\system32\Adobe 8BF
2006-11-21 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-21 11:59 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-20 11:24 <DIR> d-------- C:\Program Files\Java
2006-11-20 11:24 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-15 10:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-14 17:02 <DIR> d-------- C:\Program Files\AdSubtract
2006-11-13 10:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-13 10:14 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-13 10:14 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-13 10:14 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 16:13 5,794 --a------ C:\Program Files\crack.exe
2006-11-11 15:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PCTV4Me
2006-11-11 15:05 <DIR> d-------- C:\VundoFix Backups
2006-11-11 15:03 1,744 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-09 11:36 5,789 --a------ C:\crack.exe
2006-11-09 11:04 <DIR> d-------- C:\Jasc Paint Shop Pro 9.0 Trial - Bidjan
2006-11-09 11:03 <DIR> d-------- C:\Jasc PaintShop Pro 9.01- Bidjan
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 00:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SearchToolbarCorp
2006-11-02 19:05 110,612 --a------ C:\WINDOWS\system32\enenqnjk.exe
2006-11-02 18:14 <DIR> d-------- C:\Program Files\Ultimate Cleaner
2006-10-31 12:28 <DIR> d-------- C:\Program Files\efonica softphone
2006-10-28 08:03 <DIR> d-------- C:\Program Files\DriveCleaner 2006
2006-10-27 17:06 <DIR> d-------- C:\Program Files\Skype
2006-10-27 17:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2006-10-27 15:24 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-27 15:24 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-27 15:24 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-27 15:24 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-10-27 13:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\MipKukSoft
2006-10-27 13:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Kybtec Software
2006-10-27 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MipKukSoft
2006-10-27 10:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Pixmantec
2006-10-27 09:52 <DIR> d-------- C:\Program Files\Pixmantec
2006-10-25 15:53 34,308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-24 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2006-10-24 17:00 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-22 10:59 -------- d-------- C:\Program Files\Common Files
2006-11-21 18:43 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-20 12:03 -------- d-------- C:\Program Files\Windows Media Player
2006-11-20 12:01 -------- d-------- C:\Program Files\Outlook Express
2006-11-20 12:00 -------- d-------- C:\Program Files\Messenger
2006-11-20 11:57 -------- d-------- C:\Program Files\Internet Explorer
2006-11-20 11:57 -------- d-------- C:\Program Files\Google
2006-11-20 11:54 -------- d-------- C:\Program Files\Common Files\System
2006-11-15 17:21 -------- d-------- C:\Program Files\Common Files\Nikon
2006-11-15 10:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\eBookPro6
2006-11-13 12:23 -------- d-------- C:\Program Files\Nikon
2006-11-09 12:25 -------- d-------- C:\Program Files\PANTONE COLORVISION
2006-11-02 17:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 11:14 -------- d-------- C:\Program Files\Avery Wizard 2.5
2006-10-27 18:27 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-27 18:03 -------- d-------- C:\Program Files\Horses
2006-10-27 09:01 -------- d-------- C:\Program Files\Adobe
2006-10-24 20:36 -------- d-------- C:\Program Files\PrintFIX ColorCharts
2006-10-24 17:23 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-18 10:10 -------- d-------- C:\Program Files\Free RAW Viewer
2006-10-17 15:28 -------- d-------- C:\Program Files\vtplus
2006-10-17 15:28 -------- d-------- C:\Program Files\SSC Service Utility
2006-10-17 15:28 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-10-17 15:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\DriveCleaner 2006
2006-10-17 12:20 -------- d-------- C:\Program Files\Canon
2006-10-15 16:10 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 09:58 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-07 19:32 14304158 --a------ C:\PrintFIX_1.2_Setup.exe
2006-10-03 22:57 1055 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-10-03 19:09 -------- d-------- C:\Program Files\QuickTime
2006-10-03 09:02 -------- d-------- C:\Program Files\Picasa2
2006-10-03 09:02 -------- d-------- C:\Program Files\Common Files\muvee Technologies
2006-09-29 09:36 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 11:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\VMware
2006-09-28 09:35 13714856 --a------ C:\zlsSetup_65_737_000_en.exe
2006-09-27 06:26 -------- d-------- C:\Program Files\Registry Helper
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 21:56 78122753 --a------ C:\ColorPlus_1.1_Setup.exe
2006-09-10 12:10 6048544 --a------ C:\dap81.exe
2006-09-06 03:34 950272 --a------ C:\Facade.dll
2006-09-03 08:53 268 -r-h----- C:\Documents and Settings\Owner\Application Data\People
2006-09-03 08:39 10895532 --a------ C:\cnx101_en.exe
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Registry Helper"="\"C:\\Program Files\\Registry Helper\\RegistryHelper.Exe\" /boot"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Documents and Settings\\Owner\\Desktop\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~3\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AdSubtract.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AdSubtract.lnk"
"backup"="C:\\WINDOWS\\pss\\AdSubtract.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ADSUBT~1\\adsub.exe "
"item"="AdSubtract"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AutoStart IR.lnk"
"backup"="C:\\WINDOWS\\pss\\AutoStart IR.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinTV\\Ir.exe /QUIET"
"item"="AutoStart IR"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON SMART PANEL for Scanner.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON SMART PANEL for Scanner.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\EPSON\\EPSONS~2\\espmain.exe /h"
"item"="EPSON SMART PANEL for Scanner"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak software updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak software updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKS~1\\7288971\\Program\\KODAKS~1.EXE "
"item"="Kodak software updater"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkvMon.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkvMon.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\NkView6\\NkvMon.exe "
"item"="NkvMon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoCAL Startup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PhotoCAL Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\PhotoCAL Startup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PANTON~1\\PhotoCAL\\PhotoCAL.exe /auto"
"item"="PhotoCAL Startup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SpySubtract.lnk"
"backup"="C:\\WINDOWS\\pss\\SpySubtract.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\interMute\\SpySubtract\\SpySub.exe -autostart"
"item"="SpySubtract"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Admilli Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdmilliServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Admilli Service\\AdmilliServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6cw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DC6cw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006\\DC6cw.exe\" -c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DeskAdServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\DeskAd Service\\DeskAdServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DC2006"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DriveCleaner 2006\\DC2006.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCLETray"
"hkey"="HKCU"
"command"="C:\\Program Files\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iwctrl"
"hkey"="HKCU"
"command"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /dropdisc"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loader32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys01824"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\Owner\\Application Data\\SysDown\\sys01824.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NetWaiting"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetWaiting\\NetWaiting.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PicasaMediaDetector"
"hkey"="HKLM"
"command"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSDrvCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PSDrvCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RxMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rszhlli.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rszhlli"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\rszhlli.dll,mcqthgc"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UIUCU"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\UIUCU.EXE -CLEAN_UP -S"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinStat"
"hkey"="HKLM"
"command"="C:\\Program Files\\Windows AdStatus\\WinStat.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-22 11:00:19.43
C:\ComboFix.txt ... 06-11-22 11:00
(end)
Logfile of HijackThis v1.99.1
Scan saved at 11:28:48, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Hijackthis\HJT.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Sonic RecordNow!] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} -
http://us.dl1.yimg.com/download.yahoo.c ... egucfg.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 8936829924
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://davidrobinson5.bulldoghome.com/p ... Upload.ocx
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
https://register.btinternet.com/templat ... rol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9C9A73D-42DE-4DEA-A2C4-39FE60A4B6BB}: NameServer = 83.146.21.6 212.158.248.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
The error message previously reported of 'System exe' not loading has not reappeared.
However the spurious toolbar in 'Internet Explorer' is still there. When I open 'IE' the toolbar has pushed Google to one side and contains the words 'about:blank' This I feel should be got rid of.
David