kam

Members
  • Content Count

    8
  • Joined

  • Last visited

About kam

  • Rank
    Member
  1. Ohhhh I am so tempted to buy a new computer...if only I had the money... I tried the Registrar Lite-- or rather installed it, opened it, and made sure those boxes were checked, but it didn't affect Services.msc. Also tried to run all the other steps--phew! Here are my notes starting with step 3 (step 1 being moot and 2 running smooth) Neither of these appeared, and hence did not get deleted. Ok, hmm... Things in blue I didn't find at all. The red ptsif.dll I didn't find exactly-- I found the same entries but with rpvvm.dll instead. I went ahead and checked them to be fixed--those entries were all the same as what you told me to fix aside from the .dll, and apparently I haven't broken anything by doing that. Any entry not colored red or blue I found and checked to be fixed. Found and deleted crvg.exe -- did not find and did not delete crmd32.exe. Steps 6 and 7 went fine...About:Buster log will be posted at the end with a new HijackThis log. AdAware found 7 tracking cookies and killed 'em. Step 8...hmm. My computer has nevereverever wanted to perform Disk Cleanup. Maybe it's too full. So I emptied temp files, temp internet files and the recycle bin through Microsoft Anti-Spyware advanced settings "Tracks Eraser". I'll keep trying to run disk cleanup just for tidiness' sake, but it basically never stops "calculating how much space..." etc. Steps 9, 10, 11 ran smooth. CWShredder found nothing. I downloaded this three times but could not get it to open. Got a message from WinZip saying Cannot open file: it does not appear to be a valid archive and suggesting I try to download it again. So I didn't restore original hosts. When I try to download and install this, it tries to install itself into my Netscape folder--which is nonexistent, as I've never used Netscape. It then refuses to go any further, and now when I try to go to the link you posted for it, it pretty much freezes and shuts down Firefox. Sigh. So my computer is hell-bent on foiling your lovely list of helpful instructions. I'm really really stumped here. If, in all honesty, you think I should ditch this piece of junk computer, tell me now Here's my logs, just for kicks and giggles: About:Buster Reference List : 26 No ADS found on system Removed! : C:\WINNT\system32\qyecy.dat Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Attempted Clean Of Temp folder. Pages Reset... Done! New HijackThis log Logfile of HijackThis v1.99.1 Scan saved at 10:00:12 PM, on 5/31/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\MsgSys.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\downloads\quicktime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\WINNT\TBPanel.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Skype\Skype.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Wacom\TabUserW.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\WINNT\system32\ntgo32.exe C:\WINNT\system32\apida32.exe C:\Program Files\AIM\aim.exe C:\WINNT\system32\ntvdm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\system32\cleanmgr.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\rpvvm.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\rpvvm.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\rpvvm.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\rpvvm.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\rpvvm.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\rpvvm.dll/sp.html#12047 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\rpvvm.dll/sp.html#12047 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\downloads\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {E07AE911-ABFC-1C43-AC8A-4A5E37895284} - C:\WINNT\appbm.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\downloads\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [realplay.exe] C:\Program Files\Real\RealOne Player\realplay.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [apida32.exe] C:\WINNT\system32\apida32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [skype] "D:\Skype\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\ntgo32.exe" /s (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe Holy piss... all that rpvvm.dll crap is still there...or there again! Gahh!! Oh my oh my oh my.... Thanks for all your patience and help, again :-)
  2. Well, rats. I got all set up to follow this list but have already encountered an obstacle. When I find and click on "Network Security Services (NSS)" in Services.msc, I get a nasty sounding message reading as follows: Configuration Manager: A required entry in the registry is missing or an attempt to write to the registry failed. When I click OK, I get another little window reading simply: The system cannot find the file specified. Now I know your instructions say to go ahead even if I don't find the service listed, but I wasn't too sure, since I DID find it but it appears there's something wrong with it...? If you give me the thumbs up, I'll do all the other steps and just ignore that one...
  3. Okey dokey, ran CWShredder again, it found nothing. Ran About:Buster--here's the log: -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Removed! : C:\WINNT\coacy.dat Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 No ADS found on system Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! So that's looking better. Rebooted (got the same MS Anti-Spyware message about Unclassified.Spyware.65 trying to install; "removed" it), and then ran HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 4:59:36 PM, on 5/26/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\MsgSys.EXE C:\WINNT\system32\crmd32.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\downloads\quicktime\qttask.exe C:\WINNT\TBPanel.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINNT\crvg.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AIM\aim.exe D:\Skype\Skype.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Wacom\TabUserW.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\downloads\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINNT\gds.dll O2 - BHO: Class - {A146D46A-42B6-1948-7D09-20744CC5FFB1} - C:\WINNT\javarm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {D8DFD538-D915-DA42-82AD-9910D5D6D43B} - C:\WINNT\system32\netyw32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\downloads\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [realplay.exe] C:\Program Files\Real\RealOne Player\realplay.exe O4 - HKLM\..\Run: [crvg.exe] C:\WINNT\crvg.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [skype] "D:\Skype\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\crmd32.exe" /s (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe Clueless = me. Thanks for the help!
  4. Hmm, some of these steps confuse me a little. Should I assume that since no service files are listed ("place service file here"), that I can skip this step? Also, with Step 4, no specific files have been listed for me to check and fix, so should I again assume this step is unnecessary? I just don't want to go deleting files left right and center based only on their extensions, since I have no clue what they might be for. Since I wasn't sure what to do or not to do in this list of steps, I've done none of them--and I've run HJT again just for kicks, here's the log if it'll shed some light on anything: Logfile of HijackThis v1.99.1 Scan saved at 3:35:26 PM, on 5/26/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\MsgSys.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\downloads\quicktime\qttask.exe C:\WINNT\TBPanel.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINNT\crvg.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Skype\Skype.exe C:\Program Files\Wacom\TabUserW.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\WINNT\system32\crmd32.exe C:\WINNT\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\explorer.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\downloads\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINNT\gds.dll O2 - BHO: Class - {A146D46A-42B6-1948-7D09-20744CC5FFB1} - C:\WINNT\javarm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {D8DFD538-D915-DA42-82AD-9910D5D6D43B} - C:\WINNT\system32\netyw32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\downloads\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [realplay.exe] C:\Program Files\Real\RealOne Player\realplay.exe O4 - HKLM\..\Run: [crvg.exe] C:\WINNT\crvg.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\RunOnce: [crmd32.exe] C:\WINNT\system32\crmd32.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [skype] "D:\Skype\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe Sorry to be such a pain; ignorance is, in this case, not very blissful :-P Also, the file crvg.exe has often caught my eye (if I look at "Running Processes" in MS Anti-Spyware, it sticks out like a sore thumb) but I'm not too sure if it's naughty or I'm simply paranoid. Or maybe 'cos MS A-S already removed a similar looking file called, if I remember correctly, crxq.exe.
  5. Wow, thanks for the quick reply! Okay, I did what you said: downloaded and ran CWShredder (the only thing it found and removed was CWS.Mupdate), downloaded and ran About:Buster-- this is the log from that: Scanned at: 10:16:23 PM on: 5/25/2005 -- Scan 1 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINNT\imsins.log:ztwfn Removed! : C:\WINNT\auzxr.dat Removed! : C:\WINNT\coacy.dat Removed! : C:\WINNT\_win32_system_data.dll Removed! : C:\WINNT\system32\mnyru.dat Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! -- Scan 2 --------------------------- About:Buster Version 4.0 Reference List : 26 Removed Data Streams: C:\WINNT\imsins.log:ztwfn Removed! : C:\WINNT\coacy.dat Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset... Done! ...Then I restarted my computer, at which point Microsoft Antispyware warned me that Unclassified.Spyware.65 was trying to install and would I like to remove it? (yes, obviously). I then ran HJT, and here's the results: Logfile of HijackThis v1.99.1 Scan saved at 10:35:04 PM, on 5/25/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\MsgSys.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\downloads\quicktime\qttask.exe C:\WINNT\TBPanel.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINNT\crvg.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\system32\appxa32.exe C:\Program Files\AIM\aim.exe D:\Skype\Skype.exe C:\Program Files\Wacom\TabUserW.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\WINNT\system32\NOTEPAD.EXE C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\ptisf.dll/sp.html#12047 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\downloads\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINNT\gds.dll O2 - BHO: Class - {A146D46A-42B6-1948-7D09-20744CC5FFB1} - C:\WINNT\javarm.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {D8DFD538-D915-DA42-82AD-9910D5D6D43B} - C:\WINNT\system32\netyw32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\downloads\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [realplay.exe] C:\Program Files\Real\RealOne Player\realplay.exe O4 - HKLM\..\Run: [crvg.exe] C:\WINNT\crvg.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [skype] "D:\Skype\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\appxa32.exe" /s (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe >Sigh.< I'll probably run MS Anti-Spyware and Ad-Aware a time or two before bed, but I think this spyware is way beyond them. Nice to see that CWShredder and About:Buster got rid of some junk, though :-) Is there anything else you can suggest, or need to see (more logs, etc)? Thanks so much for your help on this, I really appreciate it!
  6. Okay, that didn't happen yet, but something similar did. An "official"-looking Windows message window popped up. The message window has a red circle with an X in it to the left of the window, and the message reads: WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwrods. Do you want to learn how to protect your computer? Yes No When I click on Yes, it opens an IE window with the URL http://www.msnhelper.net/search.php?pin=12047. At the bottom of said page is a link saying "Download Recommended Software." I ain't clicking this link, so I right-clicked and checked the properties of it, and it says it would link to http://get.privacycash.com/?wm=paxan;sub=msg_box;soft=sguard. Now that just doesn't sound right. I'm severely confused. Bah. I'm also going to be out for the rest of the day, so if someone gets back to me on this I apologize in advance for the lack of a prompt reply. Thanks!
  7. Oh duh -- I'm running Windows 2000, by the way. And another symptom of this spyware is that every so often a "Microsoft Security Center" bubble will pop up telling me I have spyware and to click the bubble to fix it--but if I click the bubble it just takes me to some doofy webpage not unlike the anti-spyware ads. If this happens again I'll copy the message and the url and paste them here. And again, I'm computer-stupid, but does Windows 2000 even HAVE Microsoft Security Center?
  8. Howdy-- This spyware has been bugging the bejeezus out of me for the past couple of days: I've run Ad-Aware and Microsoft Anti-Spyware approximately 5 billion times to no avail-- it just keeps re-installing itself. It turns my IE homepage into a fake "search" page titled about:blank, lambasts me with pop-ups (despite my Google toolbar) trying to sell me anti-spyware software (haha), and has added some rude entries to my Favorites list. And I think it might be making AIM crash whenever I try to IM someone, as well as simply freezing IE every so often and slowing things down in general. I've switched to Firefox for browsing purposes. It was Microsoft Anti-Spyware that (after manymany scans) dubbed this problem "Unclassified.Spyware.65", so that's really all I have to go on. I'm really not very tech-savvy at all, but after browsing around a bit, HijackThis looked like a good program to diagnose my problem, as long as someone else can translate it for me. Hence I downloaded HJT, plopped it in a folder on my C drive, and scanned. Here are my results: Logfile of HijackThis v1.99.1 Scan saved at 11:31:43 AM, on 5/25/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\WINNT\System32\svchost.exe C:\Program Files\NavNT\rtvscan.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\Tablet.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\MsgSys.EXE C:\Program Files\NavNT\vptray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINNT\TBPanel.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINNT\crvg.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Skype\Skype.exe C:\Program Files\Wacom\TabUserW.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\WINNT\System32\svchost.exe D:\Ares\Ares.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINNT\explorer.exe C:\WINNT\system32\appxa32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\oixor.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oixor.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\oixor.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\oixor.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\oixor.dll/sp.html#12047 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\oixor.dll/sp.html#12047 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\oixor.dll/sp.html#12047 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\downloads\Adobe Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Class - {3EE8CA0B-907B-1241-3819-1BA2E3895410} - C:\WINNT\system32\iebj.dll O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINNT\gds.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {AED1E965-E1FF-4020-0E64-514DB57FA145} - C:\WINNT\system32\netpd32.dll O2 - BHO: Class - {E421C7FB-1BAA-F284-394F-9091F0CE6A5A} - C:\WINNT\sdkoe32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\downloads\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gainward] C:\WINNT\TBPanel.exe /A O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [realplay.exe] C:\Program Files\Real\RealOne Player\realplay.exe O4 - HKLM\..\Run: [crvg.exe] C:\WINNT\crvg.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe O4 - HKLM\..\RunOnce: [appxa32.exe] C:\WINNT\system32\appxa32.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [skype] "D:\Skype\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe ...It's all gobbledygook to me Any help would be much appreciated--just speak as if to a child, because all this is waaaay above my head! Thanks in advance, kam