My computer is dying, PLEASE HELP!!!

BigBill33 · 05-15-2005, 04:55 PM

I am having some major issues with my computer. I have recently installed Norton Internet Security 2005 onto my computer to take the place of the old firewall/virus scan i had from McAffee. I use my computer to play several games online. I used Ad Aware SE to scan my computer for virus', adware, and other stuff. It found over 710 files that were either infected or were in serious condition from a virus. I deleted/quartined them all. I ran it again this evening when i got home and it found 39 more, with another virus. I have also ran your hijack this program as well to create a log of files that are on my computer. My problem is I have a system optimizer that monitors my computer so i can keep track of how it is doing. It averages about 740 to about 710 at idle, but recently, it drops down to about 200 to 89, and causes major conflict with some or all of my programs. I have a Dell Desktop(i know not the best), with Windows XP Home Edition. It has 2 hard drives one 40 GB and the other 80 GB, at 1.8 GHz with a Pentium 4, and i have 2 512 MB DIMM sticks of memory, so i know I have more than enough to run my programs, but like I said, it seems like my computer is about to die. So any help with this would be greatly appreicated. Below is the log that your hijackthis program has created. I tried to run the Hi Jack this Analyzer, but for some reason it will not find the log that it needs. It is in the same file with the correct name, but it still can not find it, so this is the result only from the hijack this program.

Hope you can help me with this.

Logfile of HijackThis v1.99.1
Scan saved at 5:41:35 PM, on 5/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\program files\tvs\tvs_b.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Bill Stemple\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: SDWin32 Class - {85E41C48-1877-48F3-BF50-5F1534D4AEA4} - C:\WINDOWS\System32\xtsgq.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet...-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.6.20/...-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8....-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.2.2...-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.3...-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3.2...-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8...-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-5.9....-ob-assets.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/BE...Eliminator.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.webcamprofiles.net/online/steffy/webcam.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/...1/mcinsctl.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://egainlive.idatanet.com/wcsapp.../ie/SecMgr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20549df3cb07563...p/RdxIE601.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodat...datePortal.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemp...veSecurity.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - https://loandocs.swiftsend.com/Redir...tall_a_ics.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50275/QDow_AS2.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/ang...Downloader.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...ed/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/...19/mcgdmgr.cab
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol132.pogo.com/game/deluxe/z...ploader_v5.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4830CE16-A92D-47DC-B3C1-8B17D50EA734}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Detah** · 05-16-2005, 08:25 AM

Hello and welcome to TSF-

I am reviewing your log. I will have some instructions for you shortly.

**Detah** · 05-16-2005, 09:51 AM

Hello and welcome to TSF-

You have quite a few badguys on here. We will be using several anti-spyware, anti-adware and anti-hijack programs. I recommend that you keep these programs on your system permanently.
Only use Hijack This under the guidance of an expert! Accidentally deleting something can disable your operating system. Print out these instructions so you may reference them without any programs open. It is very important that no programs (especially internet browsers) are running when implementing these fixes. [You may leave your firewall and virusscanner running, of course.]
----------------------------------------------------------------
Show Hidden Files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
----------------------------------------------------------------
Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.
----------------------------------------------------------------
cidaemon
This is probably a big part of your slowdown problems. I recommend turning it off. If we finish and your system does not perform better, then we can rule this out and turn it back on.

C:\WINDOWS\system32\cidaemon.exe
cideamon is part of MS indexing service, designed to make searches of your harddisks faster. Can max out system resources in conjunction with explorer.exe. Unnecessary process. If it's causing problems, you should probably just turn it off. There are two places to do this, you might as well hit both.
* Control Panel | Add Remove Programs | Add Remove Windows Components | uncheck
'Indexing Services'
* Start Menu | Run | type 'services.msc' | rightclick Indexing Service | select Stop | Properties | select Disable in Startup Type dropdown menu | Apply | Ok | close Services//

cisvc.exe is a process that belongs to the Microsoft Windows Operating System. It is used to monitor the memory usage in CIDAEMON.exe and prevent low memory problems. This is an essential system process and should not be removed. This program is an essential system process and should not be removed.
cisvc should automatically disappear when you remove cidaemon from autoloading.
----------------------------------------------------------------
Reboot in Safe Mode instructions. During reboot, tap the F8 key. Select Safe Mode.
----------------------------------------------------------------
Open HiJackThis | Config | Misc Tools | Open process manager. Select the following and click <Kill process> for each one if they are still listed (they may not be, and that's ok):

C:\Program Files\Common Files\Dell\EUSW\Support.exe
Download manager for Dell support alerts. Totally unnecessary.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\RunDLL32.exe <---- there may be more than one running. You need to Kill them all.
C:\program files\tvs\tvs_b.exe

----------------------------------------------------------------
Uninstall the following (from Start | Settings | Control Panel | Add/Remove Programs) if they exist:

ViewPoint
Automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again

----------------------------------------------------------------
Open HiJackThis | Scan,
Put a check next to the following items.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
I think I know where all your badguys are coming from. --> Shareaza
O2 - BHO: SDWin32 Class - {85E41C48-1877-48F3-BF50-5F1534D4AEA4} - C:\WINDOWS\System32\xtsgq.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file)
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
If you choose to stop this process, then include this item in your HJT fixes
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
If you choose to remove this Program, then include this item in your HJT fixes
O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe"
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/apple...g-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.6.20...n-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8...g-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.2....r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2....u-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5...s-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3....s-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5....n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-5.9...g-ob-assets.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdcco...oad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/B...0Eliminator.cab
O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.webcamprofiles.net/online/steffy/webcam.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/e...oach_core_1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared...81/mcinsctl.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://egainlive.idatanet.com/wcsap...g/ie/SecMgr.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20549df3cb0756...ip/RdxIE601.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptoda...pdatePortal.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptem...iveSecurity.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - https://loandocs.swiftsend.com/Redi...stall_a_ics.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50275/QDow_AS2.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jar...erxsigned42.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Vis...t/TLIEFlash.CAB
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/an...eDownloader.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...eed/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared...,19/mcgdmgr.cab
O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol132.pogo.com/game/deluxe/...aploader_v5.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Confirm that you have only the ones above checked, then press <Fix checked>
Close HJT
----------------------------------------------------------------
Open Windows Explorer
Now delete the following files (or delete the whole folder if no specific file is given):

C:\Program Files\Viewpoint\
C:\program files\tvs\
c:\Program Files\Flen\
C:\WINDOWS\System32\xtsgq.dll
C:\Program Files\Common Files\Java\flencpy.exe

----------------------------------------------------------------
* Empty your c:/windows/temp/ folder. Note: only empty the contents of the folder, leave the folder there.
* Empty your C:/Documents and Settings/LocalService/Local Settings/Temp/
* Empty your C:/Documents and Settings/<All other usernames including Default User and Administrator>/Local Settings/Temp/
* Now empty your Recycle Bin.
* Reboot in Normal Mode.
----------------------------------------------------------------
You should run an online virus scan. Select one or more of the following. Online virus scans can be superior to PC scans because some malware can infect your PC virus scanner by disabling it or corrupting the definition files. Select Autoclean if you use TrendMicro's Housecall.
Panda at http://www.pandasoftware.com/actives..._principal.htm
Housecall at http://housecall.trendmicro.com/
RAV Antivirus at http://www.ravantivirus.com/scan
Reboot.
----------------------------------------------------------------
Never ever ever put any sites in your Trusted Zone. There should never ever be anything in here. Badguys hijack known good sites everyday. So don't give the badguys free access to your machine.
----------------------------------------------------------------
Here are two essential anti-spyware programs which you should run regularly. Updates for these programs come out weekly. Please install, configure and run them both now.

Spybot Search & Destroy instructions (~3.5MB)

Download Spybot (written by Patrick Kolla). Click <download> from
http://www.safer-networking.org/
Save spybotsd13.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/spybot/
Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory.
Open Spybot from Start | Programs | Spybot | Spybot S&D
Select <Search for Updates>. Let it install all updates. This is very important!
Select <Immunize>
Select <Check for Problems>
Check all entries that are in RED. Only RED, NOTHING ELSE. For your records, write/print out each item that you have fixed. Date it.
Select <Fix Selected Problems>
Close Spybot//

Ad-Aware instructions (2563 kB)

Download Ad-Aware SE build 1.05 (written by Lavasoft) from
http://www.lavasoft.de/
If you have a previous version of AdAware installed, you will be prompted to uninstall or keep the older version during installation. Be sure to choose Uninstall The Previous Version. Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/
Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory.
Open AdAware from Start | Programs | Lavasoft | AdAware.
Select <Check for updates now>, <Proceed>
Setting adjustments. [[Green = checked]] Click the Gear Icon in the top right corner. New settings:
- By default you begin in the <General> section. The following should be checked:
  - Automatically save logfile
  - Automatically quarantine objects prior to removal
  - Safe Mode (always request confirmation)
  - Prompt to update outdated confirmation - change to "7 days"
- Click <Scanning>
  - Check Scan within Archives
  - Select "Select drives & folders to scan", check all of your harddrives. Usually its just c:/, <Proceed>
  - Under Memory & Registry, select all options
- Click <Advanced>
  - Under Shell Integration, select "Move deleted files to Recycle Bin"
  - Under Logfile detail, select all options
- Click <Defaults>
  - Type in the full URL of what you want as your default homepage and search page eg. http://www.google.com
- Click <Tweak>
  - Expand Scanning Engine and make sure the following are selected:
    - Unload recognized processes during scanning
    - Obtain command line of scanned processes
    - Scan registry for all users instead of current user only
  - Expand Cleaning Engine and make sure the following are selected:
    - Always try to unload modules before deletion
    - During removal, unload explorer and IE if necessary
    - Let Windows remove files in use at next reboot
    - Delete quarantined objects after restoring
  - Expand Safety Settings and make sure the following are selected:
    - Write-protect system files after repair (Hosts file, etc)
Click <Proceed> | <Start> | select Use custom scanning options | <Next>
When the scan is finished, rightclick on any entry and choose <Select All Objects>.
Select <Clean>
Close AdAware//

When you are done, post a new HJT log.

BigBill33 · 05-16-2005, 08:48 PM

Ok, I have read your reply like 6 times today, and i follow every word to the letter and did not skip any steps AT ALL. Now, as i was going through this, there were several things that popped up that could not be taken care of for whatever reason, and i will list them below. In th section at the beginning of your reply you asked me to open the HiJackThis and configure it through the Misc Tool and open the Process Manager and <Kill Process> certain files. Those files were not present at all, but you said that was OK.

Second, you asked me to open HiJackThis and scan my system again after i did a few steps, well i did and then i was instructed to delete certain files per your suggestions, I did except one in particular, due to the fact that it was not present, and i don't know why. Below is the file that was not present

O4 - HKLM\..\Run: [ViewMgr] C:\ProgramFiles\Viewpoint\Viewpoint Manager\ViewMgr.exe

All others were deleted.

Next, you had told me to open up Windows Explorer and locate certain files and either delete certain files or the folders themselves. All were done, except one file, the name is below

C:\WINDOWS\System32\xtsgq.dll

Was not present to delete.

Next, you asked me to empty certain folders and i did, except this is where i could not delete somethings. Below is what had happened.

In the file - "c:/windows/temp/folder" I was asked to empty the contents of the folder, and leave the folder there. Well i deleted the files, but some folders had a problem.

mcu1B.tmp
mcu1F9.tmp
mcu3D.tmp
mcu29A.tmp
mcu247.tmp

All of the above folders could not be deleted and this the is error that it gave me when i tried "ERROR Deleting File or Folder
Cannot delete"file name": Access is denied
Make sure the disk is not full or write protected and that the file is not currently in use
That is the error it gave me, so those files are still in place.

Also, i ran the online virus scan through TrendMicro's Housecall, and it found a trojan in a file, so i deleted it, so that is good to go.

So those are the problems that i ran into, but other than that everything went smooth for this being my first time doing something this indepth, and i learned alot. Below is the new HJT log, please let me know if there is anything else that i need to do, and i will make sure that it gets done.

Logfile of HijackThis v1.99.1
Scan saved at 10:18:41 PM, on 5/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bill Stemple\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Again, thanks for the quick reply and a VERY detailed step by step instructions on how to hopefully fix and keep my computer up and running. So far, my computer seems to be running alot smoother now.

Oh yea, i would like to make a donation, just please let me know how i can pay and who & where i send it to, you guys are the greatest, and i will recommend this to all my friends and relatives as well as to really imphize on making a donation, no matter what the amount to help you guys out, we need more ppl like you to help us newbies out in this world of technology.

**Detah** · 05-17-2005, 10:03 AM

That is a clean log.

Just a couple notes.

Everything you did was correct. The reason we boot you into Safe Mode for these fixes is so that the badguys cant be 'running' when we remove them. As with any program, Windows will not allow you to delete it, if it is actively running. We boot you into Safe Mode then give you instructions to end (Kill) those processes just as an extra security step to make doubly sure that it is not running when we delete it. We want these things dead. Often with these bugs, if one file remains it can reinstall itself. It would sure be a waste of my time and yours if we found 9 of the 10 badguys and then that 10th file reinstalled all the other badguys as soon as you rebooted!
-----
Your HiJackThis program is on the Desktop. It is important that this program reside in a permanent folder. I recommend c:/program files/HJT/. You should save each log with a name that you can recognize, like HJT 3-20-05a.log. The 'a' is in case we make multiple logs in one day. HiJackThis is a single-file, standalone program. So you may freely cut/paste it to whereever you want and it will not affect HiJackThis's functionality. Never delete anything in HJT if you don’t know what you are doing. Deleting the wrong thing in there can completely corrupt your Operating System. So post it in a security forum, like www.techsupportforum.com, and let an expert analyze it for you.
-----
It looks like you successfully installed Spybot and AdAware. Those are 2 great programs to keep your computer spyware-free. Don’t forget to update them regularly. Regularly means at least weekly.
-----
It looks like you took my advice and uninstalled Shareaza. If so, there is one little remnant still on your system, that you should remove.

Open HiJackThis | Scan,
Put a check next to the following items.

O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000

Confirm that you have only the ones above checked, then press <Fix checked>
Close HJT
----------------------------------------------------------------
As far as I can tell you do not have a Firewall on your machine. A firewall is perhaps your greatest defense against these badguys. I strongly recommend that you get one. No one tool can do everything....at least not yet. So you need a variety of utilities on your machine to prevent all the malware, adware, spyware and virii out there. The bare essentials are: a good Firewall, a good virusscanner with autoprotect enabled, Spybot with Immunize enabled, AdAware, SpywareBlaster and SpywareGuard. For maximum effectiveness, these programs need to be updated regularly. Regularly means at least once a week. Preferably twice per week.
----------------------------------------------------------------
Spybot and AdAware are great programs and they provide excellent protection versus spyware and adware. But there are other programs which you also should keep on your system to protect yourself.

Preventing future infections:
As a first line of defense I strongly recommend a good firewall, like Norton Firewall 2004, ZoneAlarm Pro or Kerio; all three are very highly rated. If you are short on $ there are several free options available to you. Consider ZoneAlarm or Outpost.
Running Spybot S&D and AdAware regularly are a good second line of defense.

Additional protections
SpywareGuard is live protection from spyware. SpywareBlaster and IE-SpyAd are run-once prevention programs which are also free. You only need to update them periodically.

SpywareGuard (1.96 MB) functions like an antivirus program, scanning files before they are opened and downloaded, but for spyware. It also protects your internet browser from hijacks.

SpywareBlaster (2.1 MB) is not a system cleaner like Spybot; rather it blocks/prevents bad ActiveX and malevolent cookies from entering your system in the first place.

IE-SpyAd (227 kB) places over 5000 sites into your Restricted Zone so you do not accidentally visit known evil sites.

See also So how did I get infected in the first place? for more information about spyware prevention.
----------------------------------------------------------------
Internet Explorer security settings

* IE | Tools | Internet Options | General tab | under Temporary Internet Files, click Delete Files, Wait
* same location, under History, click Clear History, OK
* IE | Tools | Internet Options | Security tab
Highlight Trusted Sites. Click Sites.
Make sure this is empty. There should never ever be anything in here. Badguys hijack known good sites everyday. So don't give them free access to your machine.

Now highlight Internet | Custom Level
Under Download signed ActiveX controls
set to Prompt
Under Download unsigned ActiveX controls
set to Disable
Initialize and script ActiveX not marked as safe
set to Disable
Java permissions
set to High Safety

Now unsigned ActiveX programs will not be allowed at all. When a Signed ActiveX programs attempts to download/install, you will be prompted. NOTE: if you click on a page (even a page you consider safe) but didn't actively download something, and are prompted to download an ActiveX file, ALWAYS DENY. Reputable sites are hijacked by malicious code all the time. So play it defensively. Only accept when you have actively clicked on something that you know requires an ActiveX program. If you are unsure, DENY access.
----------------------------------------------------------------
Donations
You can send money orders or checks to
Jason Connors (he owns and maintains this server so we can all post here)
4410 Grandwood Lane
New Port Richey, FL 34653
see
http://www.techsupportforum.com/donate.php
for details
-----
You are very welcome. Come back anytime.

BigBill33 · 05-17-2005, 07:56 PM

Ok, i just got your reply, and i ran HJT again, and deleted the following file

08-Extra Content Menu Item: Download with and Shareaza-RES://C:\Program Files/ETOMI/Plugins/Raza Web Hook.dll/3000

I also have download the outpost firewall and put it on my computer. I have the Norton Internet Security 2005, which has a personal firewall on it, but i went ahead anyway and downloaded the Outpost firewall anyway and put it into place. After that i restarted my computer to start everything up and set up the options the way i need them. If you have any suggestions on what else i should set as far as options on the Outpost or the Norton Internet Security 2005, that would be great, cause I want to make sure that everything that comes in and out i know about it. So if it's not good, and they catch it, i want it to destory whatever is a threat to my computer.

Also, if you don't mind, i have another question.....

I also downloaded the Firefox Internet browser. That was HIGHLY recommended by a good friend of mine to do so. He also stated that I should delete anything and everything that deals with AOL(which is my current ISP and they suck bad) and wipe it clean off my computer. Also, he said that it would be a good idea to do the same for the Internet Explorer that came with the computer, but if i am correct(and i might not be) there are some things on the computer that needs the IE to run or operate correctly. So any suggestions that you might have would be GREAT. If i can do without either one, that would be fine with me.

But anyway, below is my new HJT log that i just ran after deleting the above file that you suggested. Please let me know if there is anything else that i might have over looked and needs to be removed. Oh yeah, i am running Spybot and Ad Aware SE on a daily basis, until i can get this spyware and other problems down to a minimum, then i will do it on a weekly basis.

Logfile of HijackThis v1.99.1
Scan saved at 9:39:00 PM, on 5/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bill Stemple\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

So here is the new HJT log that has just been ran, please let me know if there is anything else. Also, thanks for the info on where to send the donations, and you guys should see the $30 check in the mail shortly, sorry it could not be more, but i promise, anytime you guys help with a problem i WILL send in a donation. I have told several friends about the site and talk about how good you guys are and how much you have helped me with my problem and i will continue to do so.

Again, THANKS ALOT!!!!!!

**Detah** · 05-18-2005, 07:02 AM

Your log is clean.
Just some notes.

* You should not run 2 firewalls on your computer at the same time. It is superfluous and can cause sharing violations. Not only that but you are wasting system resources with no benefit. Both Norton Firewall and Outpost are fantastic Firewalls. Choose one and go with it. If you want configuration / settings recommendations let me know.

Run each one for a week each and see how you like it. Note things like abundance of virus alerts, how it affect system resources (are your programs running slower with Norton Firewall?) and irgonomics or controls. Then choose one Firewall and go with it.

* Firefox is an excellent browser. And because it has such a low market share, very few (in fact, none that I know of) viruses/spyware are written for it.

* There is nothing wrong with AOL. That is, it does not contain any viruses or known spyware. However, many consider it to be bloatware. I mean, look how many apps are running with it. But otherwise it is fine as an IP.
If you wish to uninstall it and remove it, let me know and I will give you instructions.

* IE is pretty much integrated into Windows. I would not recommend an attempt to remove it. There are programs out there which can remove it for you, but you are not really gaining anything. If you wish to use Firefox, then use Firefox and do not open IE.

* I am glad you have Spybot and AdAware installed and running. Those are great programs. I hope you also added SpywareGuard and SpywareBlaster. Those 2 can really help you prevent badguys from getting on your machine in the first place. With SpywareGuard, you will get notices whenever anybody tries to install ActiveX files or tries to make changes to your registry. If you did not specifically ask for these changes, always deny the change. You will become comfortable with its protection after a few instances. They are wonderful tools.

Thank you for the donation. We appreciate it.

BigBill33 · 05-18-2005, 12:58 PM

*Thanks for the quick reply. As far as the Firefox browser, I will be running that instead of AOL or IE. I have yet to have any pop ups with the Firefox. As far as AOL is concerned, YES, i would like to uninstall it. So if, you have any steps on how to uninstall it quick and easy, and wipe it clean off my system, that would be great!

*As far as IE, i thought that it was intergrated into the system, but was not sure. So i will not even open it or use it for any reason and leave it where it is.

*Also, for SpywareGuard and SpywareBlaster, no i do not have them on my system, so if you have any links where i could get them for free, that would be great and i will install them onto my computer and get them up and running. As for the Outpost, i will just uninstall it, since i have Norton Internet Security 2005 already installed and running, and i feel more comfortable with that. But i will keep the Outpost site in mind just in case something happens to Norton and i need another one. But for Norton, if you could help me out with the setting and what to set so that I may get the most out of it, that would be GREAT!! So any suggestions on configurations and settings for Norton Internet Security 2005 would be great.

*Thanks Again for all of your help

**Detah** · 05-18-2005, 01:10 PM

To remove AOL What IP are you using? If you are using AOL as your IP, then you will need to contact them on how to connect to the Internet without their installation/setup/browser software.

The following instructions are to remove all parts of AOL (browser and all other related files)
Start | Settings | Control Panel | Add/Remove Programs, Remove all items with AOL in it. If there are more than 1, you'll need to uninstall them each separately.

When that is done, open Windows Explorer and delete the core AOL directories, which should be something like
C:\Program Files\Common Files\AOL\
and
C:\Program Files\America Online 9.0\

Once you've done that, post another HJT log and I'll identify the remaining AOL Registry entries for you.
-----
Additional protections
SpywareGuard is live protection from spyware. SpywareBlaster and IE-SpyAd are run-once prevention programs which are also free. You only need to update them periodically.

SpywareGuard (1.96 MB) functions like an antivirus program, scanning files before they are opened and downloaded, but for spyware. It also protects your internet browser from hijacks.

SpywareBlaster (2.1 MB) is not a system cleaner like Spybot; rather it blocks/prevents bad ActiveX and malevolent cookies from entering your system in the first place.

IE-SpyAd (227 kB) places over 5000 sites into your Restricted Zone so you do not accidentally visit known evil sites.

BigBill33 · 05-20-2005, 09:26 AM

Ok, I finished removing all the AOL files from my system that I could find, and ran a new HJT log, here it is below. Let me know what else I need to remove to complete the process.

Logfile of HijackThis v1.99.1
Scan saved at 11:23:02 AM, on 5/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bill Stemple\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"
O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstall.exe"
O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstallRes.dll"
O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\shfolder.dll"
O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Let me know when you get the time. Thanks

**Detah** · 05-20-2005, 11:33 AM

* Your HiJackThis program is in a temporary folder or on the Desktop. It is important that this program reside in a permanent folder. I recommend c:/program files/HJT/. You should save each log with a name that you can recognize, like HJT 3-20-05a.log. The 'a' is in case we make multiple logs in one day. HiJackThis is a single file program. So you may freely cut/paste it to whereever you want and it will not affect HiJackThis's functionality.
-----
Show Hidden Files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
----------------------------------------------------------------
Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.
----------------------------------------------------------------
Reboot in Safe Mode instructions. During reboot, tap the F8 key. Select Safe Mode.
----------------------------------------------------------------
Open HiJackThis | Scan,
Put a check next to the following items.

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"
O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstall.ex e"
O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstallRes .dll"
O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\shfolder.dll"
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

Confirm that you have only the ones above checked, then press <Fix checked>
Close HJT
----------------------------------------------------------------
Open Windows Explorer
Now delete the following files (or delete the whole folder if no specific file is given):

C:\Program Files\AOL Toolbar
C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstall.exe
C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstallRes.dll
C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\shfolder.dll
C:\PROGRA~1\COMMON~1\AOL\

----------------------------------------------------------------
* Empty your c:/windows/temp/ folder. Note: only empty the contents of the folder, leave the folder there.
* Empty your C:/Documents and Settings/LocalService/Local Settings/Temp/
* Empty your C:/Documents and Settings/<All other usernames including Default User and Administrator>/Local Settings/Temp/
* Now empty your Recycle Bin.
* Reboot in Normal Mode.
----------------------------------------------------------------
Run another HJT log and post it.

BigBill33 · 05-21-2005, 12:38 AM

Ok, I did everything to the word/letter. One problem, there is a certain file that will not, no matter how many times I run the HJT program, delete. Below is the file:

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

I ran HJT several times and it is still there. Other than that, here is my New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:29:37 AM, on 5/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Any suggestions on how to get rid of that files, just let me know.

Thanks

**Detah** · 05-21-2005, 11:49 AM

Just a small clarification. This

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)

is a HJT entry. It is not a file. Let me explain. Your Registry, which keeps track of just about every file, Service, program and setting on your computer, has a listing for this service, AOL Spyware Protection, which uses the program aolserv.exe. The program file, aolserv.exe as well as the entire directory c:/program files/common files/AOL/ is now deleted. So there is no 'file' here. But your Registry still thinks there is, so HJT reports it. I think the best thing to do here is just stop the Service from being called. I am pretty sure that will stop HJT from seeing it in the Registry as active.

Start | Run | type 'services.msc', search for the Service called AOL Spyware Protection.
highlight it, rightclick it, select Properties,
click Stop, then under Startup Type change to Disabled. OK
close Services. Please post a new HJT log. The O23 service for that item should be gone.

BigBill33 · 05-21-2005, 06:57 PM

Ok, I think that did it. Here is my new HJT log, let me know if there is anything else that might need to go.

Logfile of HijackThis v1.99.1
Scan saved at 7:58:15 PM, on 5/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\advanced system optimizer\memtuneup.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Just let me know if there is anything else.

Thanks

**Detah** · 05-23-2005, 07:05 AM

That is a clean log!

I strongly recommend that you download and install SpywareGuard, SpywareBlaster and IESpyAd. Instructions are in my post above.

Regarding Spybot's Resident Registry protection:
Whenever anything (from any source) tries to edit your Registry, you will receive a notice from Spybot. The notice will include information about the source of the change (ie website http) the old value of the item being changed, and the new value of the item being changed. You will be given the opportunity to Accept this change or Deny this change. I recommend that you always choose Deny unless you explicitly downloaded/installed something from a known safe site.
* remember reputable sites get hijacked all the time, so be extra cautious.
* if in doubt, DENY
* banner ads can be embedded with hostile code, so that simply visiting a site, can trigger a download/install. Always DENY these attempts to install ActiveX/Scripts on your machine. If they were reputable, they would notify you first.

**jgvernonco** · 05-23-2005, 07:10 AM

Your log is clean. Good work!

Disable, then re-enable system restore; with a reboot in-between. Then immediately create a new system point manually.

===============

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools/programs provided.

Let us know if your system is functioning normally, now.

BigBill33 · 05-23-2005, 05:25 PM

Ok, Installed the IESpayware, but the Spyware Gurad, for some reason, was asking for the Mircosoft Professional SR-1 Disc to be inserted into my CD drive. I do not have Professional, I have Home Edition....wierd. But anyway, i have downloaded everything else and installed them. Everything is working great, thanks for all the help with my computer.

Hopefully I will not have to go through this again, but if I do, at least I know i have a good place to help me out.

Thanks guys your the best.

Later

**Detah** · 05-24-2005, 07:18 AM

SpywareGuard is really quite important.
Moreover, I am concerned that you have some other problem (not malware related) involving your Microsoft Office suite. Lets check.

Open HiJackThis | Open the Misc Tools section | Misc Tools | Open Uninstall Manager | Save List. Save it somewhere in your HJT folder. Paste the contents of that file here.

BigBill33 · 05-24-2005, 07:16 PM

Ok, here is the list from the Uninstall Manager from HJT. Now you have me worried, when you said that I have something wrong with my Microsoft Windows program/software. I hope it is nothing serious. I have a few questions, first, how do I get rid of that ARMY MEN & DESCENT II programs, I have tried everything. They were some old games that are no longer on my system? Second, what are all those Window HotFixs, and do I have to keep them on the system? But anyways, here is the list that you asked for.

2daEdit
2daEdit (C:\Program Files\2daEdit\)
3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Advanced System Optimizer 2.01
Army Men - Sarge's Heroes
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
BCM V.92 56K Modem
Broadcom Advanced Control Suite
BroadJump Client Foundation
CC_ccProxyExt
ccCommon
ccPxyCore
Classic PhoneTools
Community Expansion Pack version 1.50
Dell Digital Jukebox Driver
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Dell Support
DESCENT II
DesertCombat 0.7
Digital Line Detect
Easy CD Creator 5 Basic
GameSpy Arcade
Google Toolbar for Internet Explorer
Guild Wars
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
InCD (Ahead Software)
Intel(R) Extreme Graphics Driver
iPod for Windows 2005-02-07
iTunes
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kazaa Media Desktop 2.1.1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Maya 6.0 Personal Learning Edition
Medal of Honor Allied Assault
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office 2000 SR-1 Professional
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Modem Helper
Mozilla Firefox (1.0.4)
MP3 Player
MSN Messenger 7.0
MSN Music Assistant
MSN Toolbar
MSRedist
Musicmatch® Jukebox
Neverwinter Nights Gold Edition
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
Outlook Express Q823353
PunkBuster for Battlefield 1942
QuickTime
RealPlayer
Registry Cleaner 1.0
Roger Wilco
SPBBC
Spybot - Search & Destroy 1.3
SpywareBlaster v3.4
Support.com Web Controls
SwiftView Viewer
Symantec Script Blocking Installer
SymNet
TeamSpeak 2 RC2
Viewpoint Media Player
WinAce Archiver
Windows Media Format Runtime
Windows Media Player Hotfix [See KB837272 for more information]
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB883357
Windows XP Hotfix - KB885523
Windows XP Hotfix - KB889293
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
Windows XP Hotfix (SP2) Q819696
WinMX

Now some programs might look wierd, like the "2da edit" that is a scripting program for me, so i am able to create games for online play. As you can see I have tried to download the SP2 for Windows, but it would always fail right in the middle of download. I hope there is nothing serious with my software, I would hate to have to reinstall it or something. Let me know what is wrong and how I can fix it.

Thanks

**Detah** · 05-25-2005, 07:12 AM

* Dont be alarmed. Hotfixes are the goodguys. Those are the security patches and critical updates which are installed when you go to Windows Update Center. On the contrary, it is very good that you have them all installed. They protect you from hackers.

* My original concern was not with Windows. My concern is with you Office suite. You stated earlier that you were getting a Windows error about
Microsoft Office 2000 SR-1 Professional
I knew that was Office, but you indicated it was Operating System related. I just wanted to confirm that you had Office SR-1 first before proceeding. There should not be any conflict between SpywareGuard and Office SR-1 Pro. I will look into this some more and get back to you.

* I am also concerned about the following items. Just so you know:
BroadJump Client Foundation
BroadJump - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have Support.com installed. The same situation applies here also. Contact your ISP to learn how to remove it correctly.
Don't uninstall it yourself!

Kazaa Media Desktop 2.1.1
I am not here to pass judgment upon the File-Sharing community. I just think you should know that KMD is responsible for the downloading of many malware and spyware.

Viewpoint Media Player
This is an ad downloader and totally non-essential viewer, despite what their website says.

Their own website:
"Viewpoint Media Player is a web browser plug-in that enables users to view 3D content and other rich media, such as Flash® content and video, on the Internet. Viewpoint Media Player is the graphics engine for AOL® Instant Greetings™, AIM Themes and other popular web applications. Viewpoint Media Player is distributed with AOL, AIM, versions of Netscape™, certain Adobe® products, and some retail computers sold today.

Required with installation of AOL, AIM, current versions of the Netscape web browser, certain Adobe products, and some retail computers sold today
From opt-in prompts on websites that require Viewpoint Media Player to view site content "

Q: Which website requires an extra viewer to display its contents??
A: None, except those who wish to send you bonus ads!

* To remove ARMY MEN & DESCENT II, go to Start | Settings | Control Panel | Add/Remove Programs and remove them from there. If you already tried that and the uninstallation failed, then check if there are still folders for those programs on your system, like c:/program files/army men/ or c:/program files/descent II/.

05-15-2005, 04:55 PM	#1 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! I am having some major issues with my computer. I have recently installed Norton Internet Security 2005 onto my computer to take the place of the old firewall/virus scan i had from McAffee. I use my computer to play several games online. I used Ad Aware SE to scan my computer for virus', adware, and other stuff. It found over 710 files that were either infected or were in serious condition from a virus. I deleted/quartined them all. I ran it again this evening when i got home and it found 39 more, with another virus. I have also ran your hijack this program as well to create a log of files that are on my computer. My problem is I have a system optimizer that monitors my computer so i can keep track of how it is doing. It averages about 740 to about 710 at idle, but recently, it drops down to about 200 to 89, and causes major conflict with some or all of my programs. I have a Dell Desktop(i know not the best), with Windows XP Home Edition. It has 2 hard drives one 40 GB and the other 80 GB, at 1.8 GHz with a Pentium 4, and i have 2 512 MB DIMM sticks of memory, so i know I have more than enough to run my programs, but like I said, it seems like my computer is about to die. So any help with this would be greatly appreicated. Below is the log that your hijackthis program has created. I tried to run the Hi Jack this Analyzer, but for some reason it will not find the log that it needs. It is in the same file with the correct name, but it still can not find it, so this is the result only from the hijack this program. Hope you can help me with this. Logfile of HijackThis v1.99.1 Scan saved at 5:41:35 PM, on 5/15/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINDOWS\System32\RunDLL32.exe C:\program files\tvs\tvs_b.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\America Online 9.0b\waol.exe C:\Program Files\America Online 9.0b\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\Documents and Settings\Bill Stemple\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file) O2 - BHO: SDWin32 Class - {85E41C48-1877-48F3-BF50-5F1534D4AEA4} - C:\WINDOWS\System32\xtsgq.dll O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet...-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.6.20/...-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8....-ob-assets.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5....-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.2.2...-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.3...-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5....-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.3...-ob-assets.cab O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3.2...-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8...-ob-assets.cab O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-5.9....-ob-assets.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/BE...Eliminator.cab O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.webcamprofiles.net/online/steffy/webcam.exe O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/...1/mcinsctl.cab O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://egainlive.idatanet.com/wcsapp.../ie/SecMgr.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20549df3cb07563...p/RdxIE601.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptodat...datePortal.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemp...veSecurity.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - https://loandocs.swiftsend.com/Redir...tall_a_ics.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50275/QDow_AS2.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/ang...Downloader.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...ed/install.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/...19/mcgdmgr.cab O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol132.pogo.com/game/deluxe/z...ploader_v5.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323 O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4830CE16-A92D-47DC-B3C1-8B17D50EA734}: NameServer = 205.188.146.145 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

05-16-2005, 08:25 AM	#2 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	Hello and welcome to TSF- I am reviewing your log. I will have some instructions for you shortly. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-16-2005, 09:51 AM	#3 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	Hello and welcome to TSF- You have quite a few badguys on here. We will be using several anti-spyware, anti-adware and anti-hijack programs. I recommend that you keep these programs on your system permanently. Only use Hijack This under the guidance of an expert! Accidentally deleting something can disable your operating system. Print out these instructions so you may reference them without any programs open. It is very important that no programs (especially internet browsers) are running when implementing these fixes. [You may leave your firewall and virusscanner running, of course.] ---------------------------------------------------------------- Show Hidden Files instructions (WinXP) Doubleclick My Computer \| Tools \| Folder Options \| View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders \| Yes \| Apply \| OK ---------------------------------------------------------------- Turn off System Restore instructions (WinXP) Rightclick My Computer \| Properties \| System Restore \| check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. ---------------------------------------------------------------- cidaemon This is probably a big part of your slowdown problems. I recommend turning it off. If we finish and your system does not perform better, then we can rule this out and turn it back on. C:\WINDOWS\system32\cidaemon.exe cideamon is part of MS indexing service, designed to make searches of your harddisks faster. Can max out system resources in conjunction with explorer.exe. Unnecessary process. If it's causing problems, you should probably just turn it off. There are two places to do this, you might as well hit both. * Control Panel \| Add Remove Programs \| Add Remove Windows Components \| uncheck 'Indexing Services' * Start Menu \| Run \| type 'services.msc' \| rightclick Indexing Service \| select Stop \| Properties \| select Disable in Startup Type dropdown menu \| Apply \| Ok \| close Services// cisvc.exe is a process that belongs to the Microsoft Windows Operating System. It is used to monitor the memory usage in CIDAEMON.exe and prevent low memory problems. This is an essential system process and should not be removed. This program is an essential system process and should not be removed. cisvc should automatically disappear when you remove cidaemon from autoloading. ---------------------------------------------------------------- Reboot in Safe Mode instructions. During reboot, tap the F8 key. Select Safe Mode. ---------------------------------------------------------------- Open HiJackThis \| Config \| Misc Tools \| Open process manager. Select the following and click <Kill process> for each one if they are still listed (they may not be, and that's ok): C:\Program Files\Common Files\Dell\EUSW\Support.exe Download manager for Dell support alerts. Totally unnecessary. C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\RunDLL32.exe <---- there may be more than one running. You need to Kill them all. C:\program files\tvs\tvs_b.exe ---------------------------------------------------------------- Uninstall the following (from Start \| Settings \| Control Panel \| Add/Remove Programs) if they exist: ViewPoint Automatic updates for ViewPoint products such as ViewPoint Media Player (as bundled with AOL, AOL Instant Messenger, Compuserve, etc). Can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again ---------------------------------------------------------------- Open HiJackThis \| Scan, Put a check next to the following items. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file) O2 - BHO: (no name) - SOFTWARE - (no file) O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file) I think I know where all your badguys are coming from. --> Shareaza O2 - BHO: SDWin32 Class - {85E41C48-1877-48F3-BF50-5F1534D4AEA4} - C:\WINDOWS\System32\xtsgq.dll O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file) O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe If you choose to stop this process, then include this item in your HJT fixes O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe If you choose to remove this Program, then include this item in your HJT fixes O4 - HKLM\..\Run: [FlenCPY] "C:\Program Files\Common Files\Java\flencpy.exe" O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe O15 - Trusted Zone: .musicmatch.com (HKLM) O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/apple...g-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.6.20...n-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8...g-ob-assets.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5...l-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.2....r-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2....u-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5...s-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.8.3....s-ob-assets.cab O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5....n-ob-assets.cab O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-5.9...g-ob-assets.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdcco...oad/tgctlcm.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.cab O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab O16 - DPF: {1FC215B7-F71D-4137-8D67-455A2D5CA8C5} - http://www.fileeliminator.com/get/B...0Eliminator.cab O16 - DPF: {2C38A62E-D257-40E8-8BB7-5624E38FEB0A} - http://www.webcamprofiles.net/online/steffy/webcam.exe O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/e...oach_core_1.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared...81/mcinsctl.cab O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://egainlive.idatanet.com/wcsap...g/ie/SecMgr.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/20549df3cb0756...ip/RdxIE601.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.nai.com/amiuptoda...pdatePortal.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/sof...nch/alaunch.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptem...iveSecurity.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview Control) - https://loandocs.swiftsend.com/Redi...stall_a_ics.cab O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50275/QDow_AS2.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jar...erxsigned42.cab O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Vis...t/TLIEFlash.CAB O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/an...eDownloader.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/...eed/install.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared...,19/mcgdmgr.cab O16 - DPF: {BD419ACD-B41C-49D9-8ADF-CCA159052515} - http://ads.adultcash.com/toolbar/bmeb.cab O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol132.pogo.com/game/deluxe/...aploader_v5.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323 O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab Confirm* that you have only the ones above checked, then press <Fix checked> Close HJT ---------------------------------------------------------------- Open Windows Explorer Now delete the following files (or delete the whole folder if no specific file is given): C:\Program Files\Viewpoint\ C:\program files\tvs\ c:\Program Files\Flen\ C:\WINDOWS\System32\xtsgq.dll C:\Program Files\Common Files\Java\flencpy.exe ---------------------------------------------------------------- * Empty your c:/windows/temp/ folder. Note: only empty the contents of the folder, leave the folder there. * Empty your C:/Documents and Settings/LocalService/Local Settings/Temp/ * Empty your C:/Documents and Settings/<All other usernames including Default User and Administrator>/Local Settings/Temp/ * Now empty your Recycle Bin. * Reboot in Normal Mode. ---------------------------------------------------------------- You should run an online virus scan. Select one or more of the following. Online virus scans can be superior to PC scans because some malware can infect your PC virus scanner by disabling it or corrupting the definition files. Select Autoclean if you use TrendMicro's Housecall. Panda at http://www.pandasoftware.com/actives..._principal.htm Housecall at http://housecall.trendmicro.com/ RAV Antivirus at http://www.ravantivirus.com/scan Reboot. ---------------------------------------------------------------- Never ever ever put any sites in your Trusted Zone. There should never ever be anything in here. Badguys hijack known good sites everyday. So don't give the badguys free access to your machine. ---------------------------------------------------------------- Here are two essential anti-spyware programs which you should run regularly. Updates for these programs come out weekly. Please install, configure and run them both now. Spybot Search & Destroy instructions (~3.5MB) Download Spybot (written by Patrick Kolla). Click <download> from http://www.safer-networking.org/ Save spybotsd13.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/spybot/ Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory. Open Spybot from Start \| Programs \| Spybot \| Spybot S&D Select <Search for Updates>. Let it install all updates. This is very important! Select <Immunize> Select <Check for Problems> Check all entries that are in RED. Only RED, NOTHING ELSE. For your records, write/print out each item that you have fixed. Date it. Select <Fix Selected Problems> Close Spybot// Ad-Aware instructions (2563 kB) Download Ad-Aware SE build 1.05 (written by Lavasoft) from http://www.lavasoft.de/ If you have a previous version of AdAware installed, you will be prompted to uninstall or keep the older version during installation. Be sure to choose Uninstall The Previous Version. Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/ Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory. Open AdAware from Start \| Programs \| Lavasoft \| AdAware. Select <Check for updates now>, <Proceed> Setting adjustments. [[Green = checked]] Click the Gear Icon in the top right corner. New settings: By default you begin in the <General> section. The following should be checked: Automatically save logfile Automatically quarantine objects prior to removal Safe Mode (always request confirmation) Prompt to update outdated confirmation - change to "7 days" Click <Scanning> Check Scan within Archives Select "Select drives & folders to scan", check all of your harddrives. Usually its just c:/, <Proceed> Under Memory & Registry, select all options Click <Advanced> Under Shell Integration, select "Move deleted files to Recycle Bin" Under Logfile detail, select all options Click <Defaults> Type in the full URL of what you want as your default homepage and search page eg. http://www.google.com Click <Tweak> Expand Scanning Engine and make sure the following are selected: Unload recognized processes during scanning Obtain command line of scanned processes Scan registry for all users instead of current user only Expand Cleaning Engine and make sure the following are selected: Always try to unload modules before deletion During removal, unload explorer and IE if necessary Let Windows remove files in use at next reboot Delete quarantined objects after restoring Expand Safety Settings and make sure the following are selected: Write-protect system files after repair (Hosts file, etc) Click <Proceed> \| <Start> \| select Use custom scanning options \| <Next> When the scan is finished, rightclick on any entry and choose <Select All Objects>. Select <Clean> Close AdAware// When you are done, post a new HJT log. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-16-2005, 08:48 PM	#4 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Ok, I have read your reply like 6 times today, and i follow every word to the letter and did not skip any steps AT ALL. Now, as i was going through this, there were several things that popped up that could not be taken care of for whatever reason, and i will list them below. In th section at the beginning of your reply you asked me to open the HiJackThis and configure it through the Misc Tool and open the Process Manager and <Kill Process> certain files. Those files were not present at all, but you said that was OK. Second, you asked me to open HiJackThis and scan my system again after i did a few steps, well i did and then i was instructed to delete certain files per your suggestions, I did except one in particular, due to the fact that it was not present, and i don't know why. Below is the file that was not present O4 - HKLM\..\Run: [ViewMgr] C:\ProgramFiles\Viewpoint\Viewpoint Manager\ViewMgr.exe All others were deleted. Next, you had told me to open up Windows Explorer and locate certain files and either delete certain files or the folders themselves. All were done, except one file, the name is below C:\WINDOWS\System32\xtsgq.dll Was not present to delete. Next, you asked me to empty certain folders and i did, except this is where i could not delete somethings. Below is what had happened. In the file - "c:/windows/temp/folder" I was asked to empty the contents of the folder, and leave the folder there. Well i deleted the files, but some folders had a problem. mcu1B.tmp mcu1F9.tmp mcu3D.tmp mcu29A.tmp mcu247.tmp All of the above folders could not be deleted and this the is error that it gave me when i tried "ERROR Deleting File or Folder Cannot delete"file name": Access is denied Make sure the disk is not full or write protected and that the file is not currently in use That is the error it gave me, so those files are still in place. Also, i ran the online virus scan through TrendMicro's Housecall, and it found a trojan in a file, so i deleted it, so that is good to go. So those are the problems that i ran into, but other than that everything went smooth for this being my first time doing something this indepth, and i learned alot. Below is the new HJT log, please let me know if there is anything else that i need to do, and i will make sure that it gets done. Logfile of HijackThis v1.99.1 Scan saved at 10:18:41 PM, on 5/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Bill Stemple\Desktop\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Again, thanks for the quick reply and a VERY detailed step by step instructions on how to hopefully fix and keep my computer up and running. So far, my computer seems to be running alot smoother now. Oh yea, i would like to make a donation, just please let me know how i can pay and who & where i send it to, you guys are the greatest, and i will recommend this to all my friends and relatives as well as to really imphize on making a donation, no matter what the amount to help you guys out, we need more ppl like you to help us newbies out in this world of technology.

05-17-2005, 10:03 AM	#5 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	That is a clean log. Just a couple notes. Everything you did was correct. The reason we boot you into Safe Mode for these fixes is so that the badguys cant be 'running' when we remove them. As with any program, Windows will not allow you to delete it, if it is actively running. We boot you into Safe Mode then give you instructions to end (Kill) those processes just as an extra security step to make doubly sure that it is not running when we delete it. We want these things dead. Often with these bugs, if one file remains it can reinstall itself. It would sure be a waste of my time and yours if we found 9 of the 10 badguys and then that 10th file reinstalled all the other badguys as soon as you rebooted! ----- Your HiJackThis program is on the Desktop. It is important that this program reside in a permanent folder. I recommend c:/program files/HJT/. You should save each log with a name that you can recognize, like HJT 3-20-05a.log. The 'a' is in case we make multiple logs in one day. HiJackThis is a single-file, standalone program. So you may freely cut/paste it to whereever you want and it will not affect HiJackThis's functionality. Never delete anything in HJT if you don’t know what you are doing. Deleting the wrong thing in there can completely corrupt your Operating System. So post it in a security forum, like www.techsupportforum.com, and let an expert analyze it for you. ----- It looks like you successfully installed Spybot and AdAware. Those are 2 great programs to keep your computer spyware-free. Don’t forget to update them regularly. Regularly means at least weekly. ----- It looks like you took my advice and uninstalled Shareaza. If so, there is one little remnant still on your system, that you should remove. Open HiJackThis \| Scan, Put a check next to the following items. O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 Confirm that you have only the ones above checked, then press <Fix checked> Close HJT ---------------------------------------------------------------- As far as I can tell you do not have a Firewall on your machine. A firewall is perhaps your greatest defense against these badguys. I strongly recommend that you get one. No one tool can do everything....at least not yet. So you need a variety of utilities on your machine to prevent all the malware, adware, spyware and virii out there. The bare essentials are: a good Firewall, a good virusscanner with autoprotect enabled, Spybot with Immunize enabled, AdAware, SpywareBlaster and SpywareGuard. For maximum effectiveness, these programs need to be updated regularly. Regularly means at least once a week. Preferably twice per week. ---------------------------------------------------------------- Spybot and AdAware are great programs and they provide excellent protection versus spyware and adware. But there are other programs which you also should keep on your system to protect yourself. Preventing future infections: As a first line of defense I strongly recommend a good firewall, like Norton Firewall 2004, ZoneAlarm Pro or Kerio; all three are very highly rated. If you are short on $ there are several free options available to you. Consider ZoneAlarm or Outpost. Running Spybot S&D and AdAware regularly are a good second line of defense. Additional protections SpywareGuard is live protection from spyware. SpywareBlaster and IE-SpyAd are run-once prevention programs which are also free. You only need to update them periodically. SpywareGuard (1.96 MB) functions like an antivirus program, scanning files before they are opened and downloaded, but for spyware. It also protects your internet browser from hijacks. SpywareBlaster (2.1 MB) is not a system cleaner like Spybot; rather it blocks/prevents bad ActiveX and malevolent cookies from entering your system in the first place. IE-SpyAd (227 kB) places over 5000 sites into your Restricted Zone so you do not accidentally visit known evil sites. See also So how did I get infected in the first place? for more information about spyware prevention. ---------------------------------------------------------------- Internet Explorer security settings * IE \| Tools \| Internet Options \| General tab \| under Temporary Internet Files, click Delete Files, Wait * same location, under History, click Clear History, OK * IE \| Tools \| Internet Options \| Security tab Highlight Trusted Sites. Click Sites. Make sure this is empty. There should never ever be anything in here. Badguys hijack known good sites everyday. So don't give them free access to your machine. Now highlight Internet \| Custom Level Under Download signed ActiveX controls set to Prompt Under Download unsigned ActiveX controls set to Disable Initialize and script ActiveX not marked as safe set to Disable Java permissions set to High Safety Now unsigned ActiveX programs will not be allowed at all. When a Signed ActiveX programs attempts to download/install, you will be prompted. NOTE: if you click on a page (even a page you consider safe) but didn't actively download something, and are prompted to download an ActiveX file, ALWAYS DENY. Reputable sites are hijacked by malicious code all the time. So play it defensively. Only accept when you have actively clicked on something that you know requires an ActiveX program. If you are unsure, DENY access. ---------------------------------------------------------------- Donations You can send money orders or checks to Jason Connors (he owns and maintains this server so we can all post here) 4410 Grandwood Lane New Port Richey, FL 34653 see http://www.techsupportforum.com/donate.php for details ----- You are very welcome. Come back anytime. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-17-2005, 07:56 PM	#6 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Ok, i just got your reply, and i ran HJT again, and deleted the following file 08-Extra Content Menu Item: Download with and Shareaza-RES://C:\Program Files/ETOMI/Plugins/Raza Web Hook.dll/3000 I also have download the outpost firewall and put it on my computer. I have the Norton Internet Security 2005, which has a personal firewall on it, but i went ahead anyway and downloaded the Outpost firewall anyway and put it into place. After that i restarted my computer to start everything up and set up the options the way i need them. If you have any suggestions on what else i should set as far as options on the Outpost or the Norton Internet Security 2005, that would be great, cause I want to make sure that everything that comes in and out i know about it. So if it's not good, and they catch it, i want it to destory whatever is a threat to my computer. Also, if you don't mind, i have another question..... I also downloaded the Firefox Internet browser. That was HIGHLY recommended by a good friend of mine to do so. He also stated that I should delete anything and everything that deals with AOL(which is my current ISP and they suck bad) and wipe it clean off my computer. Also, he said that it would be a good idea to do the same for the Internet Explorer that came with the computer, but if i am correct(and i might not be) there are some things on the computer that needs the IE to run or operate correctly. So any suggestions that you might have would be GREAT. If i can do without either one, that would be fine with me. But anyway, below is my new HJT log that i just ran after deleting the above file that you suggested. Please let me know if there is anything else that i might have over looked and needs to be removed. Oh yeah, i am running Spybot and Ad Aware SE on a daily basis, until i can get this spyware and other problems down to a minimum, then i will do it on a weekly basis. Logfile of HijackThis v1.99.1 Scan saved at 9:39:00 PM, on 5/17/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Bill Stemple\Desktop\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe So here is the new HJT log that has just been ran, please let me know if there is anything else. Also, thanks for the info on where to send the donations, and you guys should see the $30 check in the mail shortly, sorry it could not be more, but i promise, anytime you guys help with a problem i WILL send in a donation. I have told several friends about the site and talk about how good you guys are and how much you have helped me with my problem and i will continue to do so. Again, THANKS ALOT!!!!!!

05-18-2005, 07:02 AM	#7 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	Your log is clean. Just some notes. * You should not run 2 firewalls on your computer at the same time. It is superfluous and can cause sharing violations. Not only that but you are wasting system resources with no benefit. Both Norton Firewall and Outpost are fantastic Firewalls. Choose one and go with it. If you want configuration / settings recommendations let me know. Run each one for a week each and see how you like it. Note things like abundance of virus alerts, how it affect system resources (are your programs running slower with Norton Firewall?) and irgonomics or controls. Then choose one Firewall and go with it. * Firefox is an excellent browser. And because it has such a low market share, very few (in fact, none that I know of) viruses/spyware are written for it. * There is nothing wrong with AOL. That is, it does not contain any viruses or known spyware. However, many consider it to be bloatware. I mean, look how many apps are running with it. But otherwise it is fine as an IP. If you wish to uninstall it and remove it, let me know and I will give you instructions. * IE is pretty much integrated into Windows. I would not recommend an attempt to remove it. There are programs out there which can remove it for you, but you are not really gaining anything. If you wish to use Firefox, then use Firefox and do not open IE. * I am glad you have Spybot and AdAware installed and running. Those are great programs. I hope you also added SpywareGuard and SpywareBlaster. Those 2 can really help you prevent badguys from getting on your machine in the first place. With SpywareGuard, you will get notices whenever anybody tries to install ActiveX files or tries to make changes to your registry. If you did not specifically ask for these changes, always deny the change. You will become comfortable with its protection after a few instances. They are wonderful tools. Thank you for the donation. We appreciate it. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-18-2005, 12:58 PM	#8 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Thanks for the quick reply. As far as the Firefox browser, I will be running that instead of AOL or IE. I have yet to have any pop ups with the Firefox. As far as AOL is concerned, YES, i would like to uninstall it. So if, you have any steps on how to uninstall it quick and easy, and wipe it clean off my system, that would be great! As far as IE, i thought that it was intergrated into the system, but was not sure. So i will not even open it or use it for any reason and leave it where it is. Also, for SpywareGuard and SpywareBlaster, no i do not have them on my system, so if you have any links where i could get them for free, that would be great and i will install them onto my computer and get them up and running. As for the Outpost, i will just uninstall it, since i have Norton Internet Security 2005 already installed and running, and i feel more comfortable with that. But i will keep the Outpost site in mind just in case something happens to Norton and i need another one. But for Norton, if you could help me out with the setting and what to set so that I may get the most out of it, that would be GREAT!! So any suggestions on configurations and settings for Norton Internet Security 2005 would be great. Thanks Again for all of your help

05-18-2005, 01:10 PM	#9 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	To remove AOL What IP are you using? If you are using AOL as your IP, then you will need to contact them on how to connect to the Internet without their installation/setup/browser software. The following instructions are to remove all parts of AOL (browser and all other related files) Start \| Settings \| Control Panel \| Add/Remove Programs, Remove all items with AOL in it. If there are more than 1, you'll need to uninstall them each separately. When that is done, open Windows Explorer and delete the core AOL directories, which should be something like C:\Program Files\Common Files\AOL\ and C:\Program Files\America Online 9.0\ Once you've done that, post another HJT log and I'll identify the remaining AOL Registry entries for you. ----- Additional protections SpywareGuard is live protection from spyware. SpywareBlaster and IE-SpyAd are run-once prevention programs which are also free. You only need to update them periodically. SpywareGuard (1.96 MB) functions like an antivirus program, scanning files before they are opened and downloaded, but for spyware. It also protects your internet browser from hijacks. SpywareBlaster (2.1 MB) is not a system cleaner like Spybot; rather it blocks/prevents bad ActiveX and malevolent cookies from entering your system in the first place. IE-SpyAd (227 kB) places over 5000 sites into your Restricted Zone so you do not accidentally visit known evil sites. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you. Last edited by Detah; 05-18-2005 at 01:24 PM.

05-20-2005, 09:26 AM	#10 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Ok, I finished removing all the AOL files from my system that I could find, and ran a new HJT log, here it is below. Let me know what else I need to remove to complete the process. Logfile of HijackThis v1.99.1 Scan saved at 11:23:02 AM, on 5/20/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Bill Stemple\Desktop\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar" O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstall.exe" O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstallRes.dll" O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\shfolder.dll" O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Let me know when you get the time. Thanks

05-20-2005, 11:33 AM	#11 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	* Your HiJackThis program is in a temporary folder or on the Desktop. It is important that this program reside in a permanent folder. I recommend c:/program files/HJT/. You should save each log with a name that you can recognize, like HJT 3-20-05a.log. The 'a' is in case we make multiple logs in one day. HiJackThis is a single file program. So you may freely cut/paste it to whereever you want and it will not affect HiJackThis's functionality. ----- Show Hidden Files instructions (WinXP) Doubleclick My Computer \| Tools \| Folder Options \| View tab Select Show Hidden Files and Folders Uncheck Hide extensions for known file types Uncheck Hide protected operating system files (Recommended) Select Apply to All Folders \| Yes \| Apply \| OK ---------------------------------------------------------------- Turn off System Restore instructions (WinXP) Rightclick My Computer \| Properties \| System Restore \| check “Turn off System Restore”, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point. ---------------------------------------------------------------- Reboot in Safe Mode instructions. During reboot, tap the F8 key. Select Safe Mode. ---------------------------------------------------------------- Open HiJackThis \| Scan, Put a check next to the following items. O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar" O4 - HKLM\..\RunOnce: [1] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstall.ex e" O4 - HKLM\..\RunOnce: [2] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstallRes .dll" O4 - HKLM\..\RunOnce: [3] C:\WINDOWS\system32\cmd.exe /c erase "C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\shfolder.dll" O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...DC_1_0_0_44.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) Confirm that you have only the ones above checked, then press <Fix checked> Close HJT ---------------------------------------------------------------- Open Windows Explorer Now delete the following files (or delete the whole folder if no specific file is given): C:\Program Files\AOL Toolbar C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstall.exe C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\AcsUninstallRes.dll C:\DOCUME~1\BILLST~1\LOCALS~1\Temp\shfolder.dll C:\PROGRA~1\COMMON~1\AOL\ ---------------------------------------------------------------- * Empty your c:/windows/temp/ folder. Note: only empty the contents of the folder, leave the folder there. * Empty your C:/Documents and Settings/LocalService/Local Settings/Temp/ * Empty your C:/Documents and Settings/<All other usernames including Default User and Administrator>/Local Settings/Temp/ * Now empty your Recycle Bin. * Reboot in Normal Mode. ---------------------------------------------------------------- Run another HJT log and post it. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-21-2005, 12:38 AM	#12 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Ok, I did everything to the word/letter. One problem, there is a certain file that will not, no matter how many times I run the HJT program, delete. Below is the file: O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) I ran HJT several times and it is still there. Other than that, here is my New HJT log: Logfile of HijackThis v1.99.1 Scan saved at 2:29:37 AM, on 5/21/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Any suggestions on how to get rid of that files, just let me know. Thanks

05-21-2005, 11:49 AM	#13 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	Just a small clarification. This O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) is a HJT entry. It is not a file. Let me explain. Your Registry, which keeps track of just about every file, Service, program and setting on your computer, has a listing for this service, AOL Spyware Protection, which uses the program aolserv.exe. The program file, aolserv.exe as well as the entire directory c:/program files/common files/AOL/ is now deleted. So there is no 'file' here. But your Registry still thinks there is, so HJT reports it. I think the best thing to do here is just stop the Service from being called. I am pretty sure that will stop HJT from seeing it in the Registry as active. Start \| Run \| type 'services.msc', search for the Service called AOL Spyware Protection. highlight it, rightclick it, select Properties, click Stop, then under Startup Type change to Disabled. OK close Services. Please post a new HJT log. The O23 service for that item should be gone. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-21-2005, 06:57 PM	#14 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Ok, I think that did it. Here is my new HJT log, let me know if there is anything else that might need to go. Logfile of HijackThis v1.99.1 Scan saved at 7:58:15 PM, on 5/21/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MemoryOptimizer] c:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Just let me know if there is anything else. Thanks

05-23-2005, 07:05 AM	#15 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	That is a clean log! I strongly recommend that you download and install SpywareGuard, SpywareBlaster and IESpyAd. Instructions are in my post above. Regarding Spybot's Resident Registry protection: Whenever anything (from any source) tries to edit your Registry, you will receive a notice from Spybot. The notice will include information about the source of the change (ie website http) the old value of the item being changed, and the new value of the item being changed. You will be given the opportunity to Accept this change or Deny this change. I recommend that you always choose Deny unless you explicitly downloaded/installed something from a known safe site. * remember reputable sites get hijacked all the time, so be extra cautious. * if in doubt, DENY * banner ads can be embedded with hostile code, so that simply visiting a site, can trigger a download/install. Always DENY these attempts to install ActiveX/Scripts on your machine. If they were reputable, they would notify you first. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-23-2005, 07:10 AM	#16 (permalink)
jgvernonco Old Timer Join Date: Sep 2003 Location: Northern Arizona Posts: 7,958 OS: Vista Home Premium, SP 27	Your log is clean. Good work! Disable, then re-enable system restore; with a reboot in-between. Then immediately create a new system point manually. =============== To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools/programs provided. Let us know if your system is functioning normally, now. __________________ Donations keep TSF moving forward. Please help. http://www.myspace.com/speedbumpthecelt

05-23-2005, 05:25 PM	#17 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Ok, Installed the IESpayware, but the Spyware Gurad, for some reason, was asking for the Mircosoft Professional SR-1 Disc to be inserted into my CD drive. I do not have Professional, I have Home Edition....wierd. But anyway, i have downloaded everything else and installed them. Everything is working great, thanks for all the help with my computer. Hopefully I will not have to go through this again, but if I do, at least I know i have a good place to help me out. Thanks guys your the best. Later

05-24-2005, 07:18 AM	#18 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	SpywareGuard is really quite important. Moreover, I am concerned that you have some other problem (not malware related) involving your Microsoft Office suite. Lets check. Open HiJackThis \| Open the Misc Tools section \| Misc Tools \| Open Uninstall Manager \| Save List. Save it somewhere in your HJT folder. Paste the contents of that file here. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you.

05-24-2005, 07:16 PM	#19 (permalink)
BigBill33 Registered User Join Date: May 2005 Location: Gaithersburg, Maryland Posts: 36 OS: Windows CP Home Edition	My computer is dying, PLEASE HELP!!! Ok, here is the list from the Uninstall Manager from HJT. Now you have me worried, when you said that I have something wrong with my Microsoft Windows program/software. I hope it is nothing serious. I have a few questions, first, how do I get rid of that ARMY MEN & DESCENT II programs, I have tried everything. They were some old games that are no longer on my system? Second, what are all those Window HotFixs, and do I have to keep them on the system? But anyways, here is the list that you asked for. 2daEdit 2daEdit (C:\Program Files\2daEdit\) 3D Groove Playback Engine Ad-Aware SE Personal Adobe Acrobat 7.0.1 and Reader 7.0.1 Update Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 7.0 Advanced System Optimizer 2.01 Army Men - Sarge's Heroes Battlefield 1942 Battlefield 1942: Secret Weapons of WWII Battlefield 1942: The Road To Rome BCM V.92 56K Modem Broadcom Advanced Control Suite BroadJump Client Foundation CC_ccProxyExt ccCommon ccPxyCore Classic PhoneTools Community Expansion Pack version 1.50 Dell Digital Jukebox Driver Dell Modem-On-Hold Dell Picture Studio - Dell Image Expert Dell ResourceCD Dell Solution Center Dell Support DESCENT II DesertCombat 0.7 Digital Line Detect Easy CD Creator 5 Basic GameSpy Arcade Google Toolbar for Internet Explorer Guild Wars HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1200 series hp psc 1200 series InCD (Ahead Software) Intel(R) Extreme Graphics Driver iPod for Windows 2005-02-07 iTunes Java 2 Runtime Environment Standard Edition v1.3.1_04 Kazaa Media Desktop 2.1.1 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) Maya 6.0 Personal Learning Edition Medal of Honor Allied Assault Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.1 Microsoft Data Access Components KB870669 Microsoft Interactive Training Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft Office 2000 SR-1 Professional Microsoft Office XP Media Content Microsoft Office XP Small Business Modem Helper Mozilla Firefox (1.0.4) MP3 Player MSN Messenger 7.0 MSN Music Assistant MSN Toolbar MSRedist Musicmatch® Jukebox Neverwinter Nights Gold Edition Norton AntiSpam Norton AntiSpam Norton AntiVirus 2005 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2005 (Symantec Corporation) Norton WMI Update Norton WMI Update NVIDIA Drivers Outlook Express Q823353 PunkBuster for Battlefield 1942 QuickTime RealPlayer Registry Cleaner 1.0 Roger Wilco SPBBC Spybot - Search & Destroy 1.3 SpywareBlaster v3.4 Support.com Web Controls SwiftView Viewer Symantec Script Blocking Installer SymNet TeamSpeak 2 RC2 Viewpoint Media Player WinAce Archiver Windows Media Format Runtime Windows Media Player Hotfix [See KB837272 for more information] Windows Media Player Hotfix [See wm828026 for more information] Windows XP Hotfix - KB810217 Windows XP Hotfix - KB820291 Windows XP Hotfix - KB821253 Windows XP Hotfix - KB821557 Windows XP Hotfix - KB823182 Windows XP Hotfix - KB823559 Windows XP Hotfix - KB823980 Windows XP Hotfix - KB824105 Windows XP Hotfix - KB824141 Windows XP Hotfix - KB824146 Windows XP Hotfix - KB825119 Windows XP Hotfix - KB828028 Windows XP Hotfix - KB828035 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB837001 Windows XP Hotfix - KB839645 Windows XP Hotfix - KB840315 Windows XP Hotfix - KB840374 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB841873 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB883357 Windows XP Hotfix - KB885523 Windows XP Hotfix - KB889293 Windows XP Hotfix (SP2) [See Q329048 for more information] Windows XP Hotfix (SP2) [See Q329115 for more information] Windows XP Hotfix (SP2) [See Q329390 for more information] Windows XP Hotfix (SP2) [See Q329834 for more information] Windows XP Hotfix (SP2) Q327979 Windows XP Hotfix (SP2) Q328310 Windows XP Hotfix (SP2) Q329170 Windows XP Hotfix (SP2) Q329441 Windows XP Hotfix (SP2) Q331953 Windows XP Hotfix (SP2) Q810565 Windows XP Hotfix (SP2) Q810577 Windows XP Hotfix (SP2) Q810833 Windows XP Hotfix (SP2) Q811493 Windows XP Hotfix (SP2) Q814033 Windows XP Hotfix (SP2) Q814995 Windows XP Hotfix (SP2) Q815021 Windows XP Hotfix (SP2) Q817606 Windows XP Hotfix (SP2) Q819696 WinMX Now some programs might look wierd, like the "2da edit" that is a scripting program for me, so i am able to create games for online play. As you can see I have tried to download the SP2 for Windows, but it would always fail right in the middle of download. I hope there is nothing serious with my software, I would hate to have to reinstall it or something. Let me know what is wrong and how I can fix it. Thanks

05-25-2005, 07:12 AM	#20 (permalink)
Detah TSF Enthusiast Join Date: Jun 2004 Location: from IL; now in KY Posts: 647 OS: Win98SE/XP My System	* Dont be alarmed. Hotfixes are the goodguys. Those are the security patches and critical updates which are installed when you go to Windows Update Center. On the contrary, it is very good that you have them all installed. They protect you from hackers. * My original concern was not with Windows. My concern is with you Office suite. You stated earlier that you were getting a Windows error about Microsoft Office 2000 SR-1 Professional I knew that was Office, but you indicated it was Operating System related. I just wanted to confirm that you had Office SR-1 first before proceeding. There should not be any conflict between SpywareGuard and Office SR-1 Pro. I will look into this some more and get back to you. * I am also concerned about the following items. Just so you know: BroadJump Client Foundation BroadJump - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have Support.com installed. The same situation applies here also. Contact your ISP to learn how to remove it correctly. Don't uninstall it yourself! Kazaa Media Desktop 2.1.1 I am not here to pass judgment upon the File-Sharing community. I just think you should know that KMD is responsible for the downloading of many malware and spyware. Viewpoint Media Player This is an ad downloader and totally non-essential viewer, despite what their website says. Their own website: "Viewpoint Media Player is a web browser plug-in that enables users to view 3D content and other rich media, such as Flash® content and video, on the Internet. Viewpoint Media Player is the graphics engine for AOL® Instant Greetings™, AIM Themes and other popular web applications. Viewpoint Media Player is distributed with AOL, AIM, versions of Netscape™, certain Adobe® products, and some retail computers sold today. Required with installation of AOL, AIM, current versions of the Netscape web browser, certain Adobe products, and some retail computers sold today From opt-in prompts on websites that require Viewpoint Media Player to view site content " Q: Which website requires an extra viewer to display its contents?? A: None, except those who wish to send you bonus ads! * To remove ARMY MEN & DESCENT II, go to Start \| Settings \| Control Panel \| Add/Remove Programs and remove them from there. If you already tried that and the uninstallation failed, then check if there are still folders for those programs on your system, like c:/program files/army men/ or c:/program files/descent II/. __________________ Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you. Last edited by Detah; 05-25-2005 at 07:24 AM.