Heres a log of my notebook. I had caught a trojan a while back that had unzipped all kinds if junk on my comp. Thanks to Spybot S&D, and Adware, I had got rid of mostly everything except this Ads234 that comes up uploading as I browse the web...

Logfile of HijackThis v1.98.2
Scan saved at 2:26:23 AM, on 8/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RFA\rfagent.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
C:\WINDOWS\System32\avifile8.exe
C:\WINDOWS\system32\soloci.exe
C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\aqbmI.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [544ca089c00f] C:\WINDOWS\System32\avifile8.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\ksuser637q.dll

You'll need to download and run LSP-FIX from our security downloads section (http://www.short-media.com/download.php?dc=69). Do that, run that first, and then get rid of the following:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\aqbmI.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [544ca089c00f] C:\WINDOWS\System32\avifile8.exe

O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O20 - AppInit_DLLs: C:\WINDOWS\System32\ksuser637q.dll

Then, most important, you'll need to delete this file manually:

C:\WINDOWS\System32\ksuser637q.dll

If you can't see the file, it's because it is hidden. Use this info (http://www.short-media.com/forum/showpost.php?p=172588&postcount=3) to explain how to show hidden and system files.

I cant download anything from this site... Whats up with that?

I tried using my Adware today, and when it starts scanning it gets pretty far into it, and freezes up on a file called x.cab

I noticed it stopped working when I installed the new windows update service pk2.

Can someone please help me... And sort of explain what I doing/downloading to fix the problem. Id appreciate it.

Thanks Prime, but i cant download.

What happens when you try to download? Do you get our little security message asking you to punch in some random letters and numbers? If so, do you then get taken to the page with a Download button on it? Tell us *exactly* what you do, and what sort of messages come up, or anything else.

Dexter...

I type in the code, and click on download...

The download file pops up, and then another popup comes up saying...

Internet Explorer cannot download getdownload.php?=259 from short-media.com.
Internet Explorer was unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.

Now what?

Send me your e-mil address via Private Message (I will PM you, then just reply to me.) I will then e-mail you the file.

Dexter...

Send me your e-mil address via Private Message (I will PM you, then just reply to me.) I will then e-mail you the file.

Dexter...

Now what do I do? I downloaded the fix.

Do the fixes Primesuspect mentioned above (in safe mode.)

Then, stay in safe mode, run LSP-FIX, and have it remove cdlsp.dll and lspak.dll.

Reboot normally, check things out, come back and let us know. Post a new HJT log for review.

Dexter...

You'll need to download and run LSP-FIX from our security downloads section (http://www.short-media.com/download.php?dc=69). Do that, run that first, and then get rid of the following:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\aqbmI.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [544ca089c00f] C:\WINDOWS\System32\avifile8.exe

O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll

O20 - AppInit_DLLs: C:\WINDOWS\System32\ksuser637q.dll

Then, most important, you'll need to delete this file manually:

C:\WINDOWS\System32\ksuser637q.dll

If you can't see the file, it's because it is hidden. Use this info (http://www.short-media.com/forum/showpost.php?p=172588&postcount=3) to explain how to show hidden and system files.

When you say get rid of the following, what and how exactly do you do that? Im sorry for asking but how do you get in safe mode? Thanks for the help... I havent proceeded with fixing this problem because I dont fully understand how to do it. My Internet Explorer is even starting to act up. (Shuts down with error.) I already downloaded the fix. Also, do I system restore before attempting any of these fixes/deleting files?

When you use HijackThis, you can "check" the boxes next to the entries. Check the ones I listed and then click the button at the bottom that says "fix checked".

Okay , I had deleted the ones you said in Safe Mode. I wasnt able to use the LspFix in safe mode, so I did it out of safe mode.

I had used that LSPFIX and got rid of those 2 protocols you named. Now what? Heres the log... I also did a search on that file you said to do manually and I deleted that sucker as well. I still think theres a little cleaning up to do... Like I said, for some reason, my adware and spybot freeze up on me. It ends up not responding.


Logfile of HijackThis v1.98.2
Scan saved at 3:26:40 AM, on 9/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\NavNT\vptray.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
C:\WINDOWS\system32\soloci.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hi-Jack-This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\hrZx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [gz6kl.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\glu32476q.dll

Safe Mode:

http://www.short-media.com/forum/showpost.php?p=175908&postcount=6

Dexter...

Okay, I merged your threads. Please don't create a second thread for the same problem. By keeping them all together into a single thread, we can then have an easier time telling when this problem is resolved.

Continuing on, get rid of the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm

O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\hrZx.dll

O4 - HKLM\..\Run: [gz6kl.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D.exe] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe
O4 - HKLM\..\Run: [gz6kl] C:\documents and settings\carlos and elizabeth\local settings\temp\gz6kl.exe
O4 - HKLM\..\Run: [r8D] C:\documents and settings\carlos and elizabeth\local settings\temp\r8D.exe

O4 - HKCU\..\Run: [mtxclu(2)(2)(2)204w.exe] "C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe"
O4 - HKCU\..\Run: [Mo33RWaEX] soloci.exe

O9 - Extra button: (no name) - {4BEEC43B-1FA3-475E-95E0-C52469093501} - (no file) (HKCU)

O20 - AppInit_DLLs: C:\WINDOWS\system32\glu32476q.dll

Now, set your computer to show hidden files and folders (http://www.short-media.com/forum/showpost.php?p=172588&postcount=3). You must do this before you reboot the computer: Delete the following files:

C:\WINDOWS\SYSTEM32\glu32476q.dll
soloci.exe
C:\WINDOWS\System32\mtxclu(2)(2)(2)204w.exe
C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\ - DELETE EVERYTHING IN THE TEMP FOLDER

After you delete everything, reboot, and then post a new HJT log.

Okay, I deleted those files through hijackthis.

When you said delete everything in this folder--->C:\Documents and Settings\Carlos and Elizabeth\Local Settings\Temp\
Do I just select all and delete or do I go through every folder and delete its contents?

Logfile of HijackThis v1.98.2
Scan saved at 1:53:16 AM, on 9/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hi-Jack-This\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: BCMSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/nextel/iUpdateAutoLaunch.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab

[B]Thank you sir's, I really appreciate your help.

Go into the temp folder, and click edit--> select all and then push the delete key. Or even easier, type CTRL-A to select all, and hit the delete key.

Your log looks clean. Everything seem okay now?

Go into the temp folder, and click edit--> select all and then push the delete key. Or even easier, type CTRL-A to select all, and hit the delete key.

Your log looks clean. Everything seem okay now?

So far, everything seems okay. Im going to give it a week to see if anything comes up fishy.

Thanks for the help.

You're welcome!