[cynica401]

First of all i would just like to inform you i have read your instructions in other topics of members asking for help and even followed some procedure through. yet nothing seems to work. so i guess i have to post my log and ask for specific help. I have my logs. these pop ups are seriously very annoying please can someone i have also downloaded and and tried using the Elite Tool Bar remover program g2i2r4 suggested. That did not work i have tried to go into my registry and remove the specific directories and files themselves but they keep coming back. i barely even browse the net anymore so i dont know how im getting this stuff. Thanks for any help in advance

HiJackThis LOG:[COLOR=red]
Logfile of HijackThis v1.99.0
Scan saved at 10:55:53 AM, on 04/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Master\My Documents\download\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekjw32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [bDx6Rgeng] prifil32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.bangthumbs.com
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Ad-Aware SE LOG:[COLOR=red]
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=IECache Entry : Cookie:[email protected]/
obj[1]=IECache Entry : Cookie:[email protected]/
obj[2]=IECache Entry : Cookie:[email protected]/
obj[3]=IECache Entry : Cookie:[email protected]/
obj[4]=IECache Entry : Cookie:[email protected]/
obj[5]=IECache Entry : Cookie:[email protected]/
obj[6]=IECache Entry : Cookie:[email protected]/
obj[7]=IECache Entry : Cookie:[email protected]/
obj[8]=IECache Entry : Cookie:[email protected]/
obj[9]=IECache Entry : Cookie:[email protected]/
obj[10]=IECache Entry : Cookie:[email protected]/
obj[11]=IECache Entry : Cookie:[email protected]/
obj[12]=IECache Entry : Cookie:[email protected]/
obj[13]=IECache Entry : Cookie:[email protected]/
obj[14]=IECache Entry : Cookie:[email protected]/
obj[15]=IECache Entry : Cookie:[email protected]/
obj[16]=IECache Entry : Cookie:[email protected]/

MAINPEAN DIALER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[17]=Regkey : S-1-5-21-573932041-814398359-559015469-1006\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\- clevercrackers -

EZULA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[18]=Regkey : software\microsoft\downloadmanager
obj[62]=File : C:\WINDOWS\system32\xcite2.exe

ELITUM.ELITEBARBHO
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[19]=Regkey : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}
obj[20]=RegValue : clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} ""
obj[21]=Regkey : clsid\{0a1d22c3-37be-470c-9c29-e3074ee0574b}
obj[22]=RegValue : S-1-5-21-573932041-814398359-559015469-1006\software\microsoft\internet explorer\toolbar\webbrowser "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
obj[23]=Regkey : software\lq
obj[24]=RegValue : software\lq "U"
obj[25]=RegValue : software\lq "ohb_ie_plugin"
obj[26]=RegValue : software\lq "AD"
obj[27]=RegValue : software\lq "AC"
obj[28]=RegValue : software\lq "TM"
obj[29]=RegValue : software\lq "I"
obj[30]=RegValue : software\lq "AT"
obj[31]=RegValue : software\lq "AM"
obj[32]=RegValue : software\lq "TR"
obj[33]=RegValue : software\lq "country"
obj[34]=RegValue : software\lq "city"
obj[35]=RegValue : software\lq "state"
obj[36]=RegValue : software\lq "RX"
obj[37]=RegValue : software\lq "RX2.8"
obj[38]=RegValue : software\lq "RX2.9"
obj[39]=RegValue : software\lq "RX3.0"
obj[40]=RegValue : software\lq "RX3.1"
obj[41]=RegValue : software\lq "RX3.2"
obj[42]=RegValue : software\lq "RX3.3"
obj[43]=RegValue : software\lq "FU3.4"
obj[44]=RegValue : software\lq "FU3.5"

EBATES MONEYMAKER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[45]=RegValue : S-1-5-21-573932041-814398359-559015469-1006\software\lq "AC"

SAHAGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[46]=File : C:\WINDOWS\system32\shagentnew.dll
obj[47]=File : C:\WINDOWS\system32\sahagent1006.exe
obj[48]=File : C:\WINDOWS\system32\sahagent1021.exe

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[49]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Online Casinos.url
obj[50]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Sport Betting.url
obj[51]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Sportsbooks.url
obj[52]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Online Betting.url
obj[53]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Blackjack.url
obj[54]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Baccarat.url
obj[55]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Online Gaming.url
obj[56]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Poker.url
obj[57]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Bingo.url
obj[58]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Horse Racing.url
obj[59]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Slot Machines.url
obj[60]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Betting.url
obj[61]=File : C:\Documents and Settings\Master\Favorites\Casino & Carrers\Roulette.url

[Advertisements]

I recommend you print this advice. In safe mode you will not have this page available.

Download CleanUp!.
Don't run the program, we'll do that later.

***

Download Pocket Killbox.
Unzip the files to a folder like c:\killbox\
Don't run the program, we'll do that later.

***

Download the latest version HijackThis 1.99.1. Unzip it to a folder of it's own. We'll use this version now.

***

Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
Spy Hunter
Spy Spotter
Spyware Begone
Press ‘delete this item’.
Close HijackThis.

***

Reboot your machine in Safe Mode (just click onto F8 key the same moment the pc is starting, before the MS Windows flag screen) and run the EliteToolbar Remover again, then click the "Kill Elite Toolbar" button and wait until it will finish its work.

***

Open HijackThis (whilst still in safe mode).
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekjw32.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [bDx6Rgeng] prifil32.exe

O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan

I expect most of the items to be gone, due to the steps above

***

Using Windows Explorer, locate the following folders, and delete them:

C:\Program Files\Enigma Software Group\

C:\PROGRA~1\SPYSPOTTER\

C:\freescan\

Exit Explorer.

***

Find and doubleclick the file cleanup312.exe.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, decline to log off .

***

Run Killbox (doubleclick Killbox.exe).

Run it, and click the radio button that says Delete a file on reboot.
For this file:
c:\windows\system32\elitekjw32.exe
paste it into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say 'Yes'.

Let the system reboot.

***

Please do an online scan, 2 would be better,

Trend Micro Housecall
Panda online scan

Make sure that you choose "fix" or "clean".

***

Run AdAware Se (incl. the latest updates). Let it fix what it finds.

***

Reboot once more.
Then post back in this topic using the reply button.

Post a fresh log using HijackThis.

[g2i2r4]

I recommend you print this advice. In safe mode you will not have this page available.

Download CleanUp!.
Don't run the program, we'll do that later.

***

Download Pocket Killbox.
Unzip the files to a folder like c:\killbox\
Don't run the program, we'll do that later.

***

Download the latest version HijackThis 1.99.1. Unzip it to a folder of it's own. We'll use this version now.

***

Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
Spy Hunter
Spy Spotter
Spyware Begone
Press ‘delete this item’.
Close HijackThis.

***

Reboot your machine in Safe Mode (just click onto F8 key the same moment the pc is starting, before the MS Windows flag screen) and run the EliteToolbar Remover again, then click the "Kill Elite Toolbar" button and wait until it will finish its work.

***

Open HijackThis (whilst still in safe mode).
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitekjw32.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [bDx6Rgeng] prifil32.exe

O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan

I expect most of the items to be gone, due to the steps above

***

Using Windows Explorer, locate the following folders, and delete them:

C:\Program Files\Enigma Software Group\

C:\PROGRA~1\SPYSPOTTER\

C:\freescan\

Exit Explorer.

***

Find and doubleclick the file cleanup312.exe.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, decline to log off .

***

Run Killbox (doubleclick Killbox.exe).

Run it, and click the radio button that says Delete a file on reboot.
For this file:
c:\windows\system32\elitekjw32.exe
paste it into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say 'Yes'.

Let the system reboot.

***

Please do an online scan, 2 would be better,

Trend Micro Housecall
Panda online scan

Make sure that you choose "fix" or "clean".

***

Run AdAware Se (incl. the latest updates). Let it fix what it finds.

***

Reboot once more.
Then post back in this topic using the reply button.

Post a fresh log using HijackThis.

[cynica401]

i will do this as soon as i make one thing certain...the files and directories you told me to remove ^ (SpyHnter, SpySpotter, etc.) are all programs i use to DETECT spyware and adware...so should i really delete what you told me to anyway?

[g2i2r4]

Read all about the tests and the results, and make your own decision:
http://www.spywarewa...nti-spyware.htm

[cynica401]

lol you guys are genius. alright i shall follow print and follow these steps and post a new log. Thanks a million.

[g2i2r4]

My pleasure. Hope to hear from you soon.

[cynica401]

100% SUCCESS
I cannot thank you enough my friend
You should bookmark your instructions on the main page somewhere to save yourself some hassle. it seems SearchMiracle was an epidemic for computer users everywhere this past month. :mad:

Here is the new HiJack Log you requested:
Logfile of HijackThis v1.99.1
Scan saved at 1:46:05 PM, on 04/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Master\My Documents\download\HJT199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.bangthumbs.com
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Again Thanks a Lot!

[g2i2r4]

Looks clean to me. How are things over there?

[cynica401]

my computer is running smoother than a baby's bottom again =) and i have yet to see a single pop-up. It seems to have done the trick!

[g2i2r4]

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
  
  A tutorial on installing & using this product can be found here:
  
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  
  A tutorial on installing & using this product can be found here:
  
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.