View Full Version : I could really use some help
sdaltons
08-31-2005, 12:35 PM
So here it goes:
My computer loads the way it should, but after that there are some problems
-my taskbar doesn't show any programs, etc. that I have open
-I cannot drag and drop anything with my mouse
-copy and paste does not work
-Internet Explorer doesn't register ANY pop-ups, including when I click a link that should open a new page
-I am a cheap college student and had allowed Norton to expire (probably the reason all this is happening), but Norton, in general, won't do a thing. When I open it, it won't give me any info. All of the items just say "refreshing" permanently. Live Update can't even try to connect.
What I've tried:
I have run Spybot S&D
I have run Hijack This (log attached)
I have downloaded the free Anti-Virus program, Anti Vir Guard. It found a lot of spyware, all of which was deleted, but that did not fix the problem.
Worst of all, something is up with System Restore. When I click it, it can't even load. (if someone tells me how to manually work the IMG tags, I'll put up a screenshot of what System Restore does). At first it said that System Restore was suspended since there weren't at least 200MB available, while I actually had more than 2.5GB available. I seem to have fixed that, though, because now it at least tries to load System Restore.
I have LinkSys, which is apparently the reason that I have the ODHost, which I've read could be a problem. It doesn't appear in my log, because I told my task manager to end the ODHost process.
I would love to use System Restore to fix all of this, but if it comes down to it, I will buy Norton.
Here is my HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 3:27:33 PM, on 8.31.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Sam Dalton\My Documents\Not As Good Stuff\Stuff\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.mizzou.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://webmail.mizzou.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = GO Sam!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\PREVX\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
I need to get this fixed as soon as I can, so I would truly appreciate any help! Thank you!
nightowl
08-31-2005, 07:09 PM
I dont see much here. Maybe the newer version of HijackThis will show more.
Download CW Shredder, AdAware, Microsoft AntiSpyware, Hijack This (Links at the bottom of my message)
You have an old version of HijackThis Please download the latest version.
Reboot To Safe Mode (tap F8 on Startup)
Open up Hijack This and Place a check next to each of these and click Fix Checked.
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
Still In Safe Mode Run the programs one at a time. Delete what they find. Delete Temporary Internet files, Cookies. Empty Recycle Bin.
Reboot and Post a New HijackThis Log..........Jim
sdaltons
08-31-2005, 09:32 PM
Okay, I have run all of the programs that you suggested. Here is my log file:
Logfile of HijackThis v1.99.1
Scan saved at 12:29:38 AM, on 9.1.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Sam Dalton\Desktop\Computer Saving etcs!\New Folder\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.mizzou.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://webmail.mizzou.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = GO Sam!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\PREVX\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
A new problem: so I finally caved and purchased Norton. After the download was complete, I went to install it. It went through most of the install, but then told me that the download had failed. I determined that this was probably because I hadn't uninstalled my previous version, though a lot of it was removed in the installation process, including the uninstall file. So my problem is: I can't uninstall the old version completely and I can't install the new version completely, meaning neither of them works. Please help!
Thanks for everything!
nightowl
09-01-2005, 10:27 AM
The latest version of hijackThis found one more entry.
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
It says File Missing.
First reboot into Safe Mode
To make sure the file is gone follow the path.
C:\WINDOWS\System32\angelex.exe
If you find angelex.exe in the System32 folder manually delete it (right click then click delete)
Empty Recycle Bin
Open up HijackThis and place a check next to this entry
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
Run the programs again and post a new log...........Jim
sdaltons
09-01-2005, 12:40 PM
Okay, I've done those steps. I'm still having the problem installing Norton. Also, what it help to switch to Windows XP SP2?
Anyway, here is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 3:34:54 PM, on 9.1.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Sam Dalton\Desktop\Computer Saving etcs!\New Folder\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.mizzou.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://webmail.mizzou.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = GO Sam!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\PREVX\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - Global Startup: Network Device Switch.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
nightowl
09-02-2005, 08:36 AM
Updating to SP2 is a good idea. There are no more security updates for SP1 so your computer is more At Risk. Do you have Dial up or Cable or DSL?
If you have dialup it would be better to get the CD from Microsoft. If you have DSL or Cable you can download it from the internet. To order the CD click the link below.
http://www.microsoft.com/windowsxp/sp2/default.mspx
Lets try a Deeper Scan on your computer. This program sometimes picks up Spyware that HijackThis does not find.
Download and Run Ewido Security suite
http://download.ewido.net/ewido-setup.exe
Run Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop
Close Ewido
Post a new HijackThis log along with the Ewido log you saved.........Jim
sdaltons
09-02-2005, 10:54 AM
I can't seem to install SP2. As I said, for some reason, no pop-ups will open when I use IE, so after realizing that I couldn't get it that way, I switched to my other browser - Opera. Opera was working fine up until the part where the download begins through Windows Update. Instead, I just got a message saying that only IE (and maybe Netscape?) is supported. So unless I can come up with a way to get around that, I will upgrade as soon as we get this fixed.
I am going to try the other program right now. I'm assuming you meant for me to do it in safe mode, so that's what I'm going to do.
nightowl
09-02-2005, 01:11 PM
Give it a try in Safe Mode. If you are unable run the program in normal mode.
If you cant download SP2 from the internet, Get the CD from that link. I believe its free. Just pay for Shipping I think.........Jim
sdaltons
09-02-2005, 02:34 PM
The ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:17:12 PM, 9/2/2005
+ Report-Checksum: D25B026B
+ Scan result:
HKLM\SOFTWARE\backup\EliteSideBar -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F72BC3F0-6C20-4793-9DDA-258589D8A907} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC3BBF86-E4EC-4412-9676-8355468B3B05} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DelFin Media Viewer -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKLM\SOFTWARE\ohbbackup -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup\EliteSideBar -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\saap -> Spyware.180Solutions : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Sec urity -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enu m -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1majkcpawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@-1shz2prbmdj6wvny-1sez2pra2dj6wjnyoicjefqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@install.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@sp.trafficmarketplace[2].txt -> Spyware.Cookie.Trafficmarketplace : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoegazologidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyekajahqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysod5ikowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlikhdpebowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiancjadpgmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyumazmgpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysmdjgkogydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Application Data\Earthlink\6.0\sdaltons@earthlink.net\Cookies\ sam dalton@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuhcjclpaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Local Settings\Temp\ckz44644\Files\sx.htm -> Spyware.TwainTech : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Local Settings\Temp\Cookies\sam dalton@ads49.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Local Settings\Temp\ICD1.tmp\QDow.dll -> TrojanDownloader.QDown.d : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Local Settings\Temp\lycos_ss.exe -> Spyware.Sidesearch.a : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Sam Dalton\Local Settings\Temp\wu.exe -> Adware.SaveNow : Cleaned with backup
C:\install_george.exe -> Spyware.PurityScan : Cleaned with backup
C:\Program Files\Netscape\Netscape\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A3.tmp -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A4.tmp -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A5.tmp -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A6.tmp -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq385.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq386.tmp -> Spyware.Zango : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq90.tmp -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp\bdedownload er.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp\dman25.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ADTMI1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ADVC3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ADVC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ADVCTX2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIB9894.bs x -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIC29667.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASID12180.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIE17070.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIF29819.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIF4502.bs x -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIFWH29233 .bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIG21943.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIGT10102. bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIH7853.bs x -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASII21469.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIL18549.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIOG19375. bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIOT25456. bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIPF1965.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIR21184.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIRE20082. bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIS24110.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIS31590.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIT17011.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIT26116.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIW11211.b sx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\ASIWS3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\AUTOS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\BID1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\BingoRoom1. bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\CARD2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\CARS3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\DATE3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\DATE4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\EML1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\FAST1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\FINC1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\FINC3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\FINC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\FLWR1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\HERBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\JOBS4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\MOVS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\MOVS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\NEWS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\NEWS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\SHOP1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\SHOP2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\TECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\TECH2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\TMP1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\UTONE2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\WOMEN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\WOMEN2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\WWW3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\sideb.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\_safesearch.dll -> Spyware.SafeSearch : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
::Report End
The HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:27:36 PM, on 9.2.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
C:\Program Files\TOSHIBA\NetDevSw\NetDevSW.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Sam Dalton\Desktop\Computer Saving etcs!\New Folder\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.mizzou.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://webmail.mizzou.edu/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = GO Sam!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0. dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\PREVX\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - Global Startup: Network Device Switch.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
My computer doesn't usually access the internet in safe mode for some reason. I'll look into that a little later.
A lot of stuff was deleted using ewido, but the problems still exist.
nightowl
09-02-2005, 06:59 PM
Yea that program found quite a bit. I was hoping it would fix your problem.
What exactly is it doing. Is it the Norton Antivirus program?
Your old version is still present after Uninstalling it?
1.Hit the Start button,
2.Click Search
3.Click All Files and Folders
4.Scroll Down to More Advanced Options and Click it.
5.Scroll Down from there and there should be 3 little boxes to check.
1. Search System Folders
2. Search Hidden Files and Folders
3. Search Subfolders.
6.Place a check in each of those boxes and the do a search of your computer for Norton. See if it finds anything. If so delete them.
Then try reinstalling the new one.If that doesnt work call Norton and ask them how to install the new one.
I hope this doesnt happen to me. I just got a new version of Norton and have not installed it yet.........Jim
sdaltons
09-02-2005, 08:10 PM
What happened was that I forgot to uninstall the old version first. I just went straight to installing the new version. After going through most of the installation, it stopped, telling me that it couldn't finish because the old version was still there. I looked, and found some old files, but not all of them, as if trying to install the new one did take care of some of them. I went through "add or remove programs" and it couldn't remove it because "the Windows Installer service could not be accessed" which apparently means that it is not installed correctly. I've never had a problem with this before.
Another issue is that I can't use my search function. When I click the way you said to, absolutely nothing happens. If I do it straight from a folder, it says: "A file that is required to run Search Companion cannot be found. You may need to run setup." I have no idea what that means.
I hope you have more ideas!
nightowl
09-02-2005, 09:16 PM
I'm not sure what to do on that. I just check for Spyware. You may want to ask ECA or some of the other guys in the Software section.
http://forums.designtechnica.com/forumdisplay.php?f=79
They may be able to help you with that. Your Spyware problem looks good..........Jim
sdaltons
09-03-2005, 10:19 AM
I did start a thread in that forum, but I wanted to thank you for all the help you've given me. The way I figure it, if I do get all this fixed, my computer is going to run a lot better thanks to all these programs you've suggested that I download. So thanks for your help!
nightowl
09-03-2005, 08:51 PM
Your welcome, I wish I could help more. My specialty is just Spyware at this time. Good luck over there at the other forum.........Jim :vivi
vBulletin® v3.7.0, Copyright ©2000-2008, Jelsoft Enterprises Ltd.