My computer problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
I am having a problem with my computer and I dont know why. My screen keeps going in and out like when you have two pages open and you click on a new one, the other goes into the background. My screen is doing it constantly and its slowing everything down. Also, on the system tray, an icon logmein disappears and reappears as the screen goes in and out. I dont actually lose the screen but its as im not even working on the screen or page. the logmein icon is not normally on my tray but it keeps flashing on for one second then stays off for about a minute. Its really aggravating. I use dialup service through Internet Explorer and AOL, but by Internet Explorer will not work at all. I get an error page everytime I try to use it. Can somebody please help me before I lose my mind? Thank you soooo much!!!!!
:confused:
 
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
Logfile of HijackThis v1.99.0
Scan saved at 2:37:05 AM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\LogMeIn\RaMaint.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8HMZ05MV\HijackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\ragui.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [klybwv] C:\WINDOWS\klybwv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1101998767468
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - https://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://m7.demoservers.com/etc/controls/srdp.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.0487139180371017&file=stamps.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb07.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA7C7DAE-25C1-454C-898B-1E1085B516E0}: NameServer = 205.188.146.145
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LogMeIn Maintenance Service - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Dust Sailor

Dust Sailor

Joined
Mar 17, 2004
Messages
2,735
http://www.majorgeeks.com/download4180.html Get the LSP fix here Do not use it unless needed But read the information .

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - Startup: PowerReg Scheduler V3.exe
O10 - Hijacked Internet access by New.Net ( check off ALL of these)
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab


Close all windows except Hijack This Place a check beside all those listed above , Press " Fix Checked "
Reboot

Delete the C:\Program Files\MyWay\ folder.

Search for and delete the file Alcxmntr.exe

Uninstall NewDotNet and delete the folder C:\Program Files\NewDotNet\

Delete the file "PowerReg Scheduler V3.exe" which resides in either the C:\WINDOWS\ , C:\WINDOWS\SYSTEM\ , or C:\WINDOWS\SYSTEM32\ folder.


Empty the recycle bin . Reboot and post another log here please
 
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
Although you told me to use Hijack This and delete certain files, I could not delete the file '010-Hijacked Internet Access New.NET. Also, you told me to search for certain files and folders and delete or uninstall them, the files or folder are;Alcxmntr.exe, NewDotNew, PowerReg Scheduler V3.exe. Now with Alcxmntr, I deleted some of the files, but it would not let me delete al of them. With NewDotNew, it said that it couldnt be deleted because the file might be in use, which it isnt, with PowerReg, it said the file didnt exist. I tried to go to add or remove programs and none of these were there. I aslo tried to use the Lspfix, and the file that I need to fix isnt even listed there. I am having the same problem with my computer but I dont want to empty my recycling bin untill I hear from you just in case I made a big error. Please get back to me as soon as possible I would really appreciate it. Thanks
 
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
I did what you said, as I said before, a lot of things couldnt be deleted. My computer is doing the same thing. Just wanna know if you can explain things better so I know im doing it right.
 
Flrman1

Flrman1

Joined
Jul 26, 2002
Messages
46,349
Go to Add/Remove prgograms and uninstall New.Net (NewDotNet)

If that doesn't work do the following:

First Click here to download LspFix

You may not need it, but go ahead and download it just in case.


Now go here and scroll to the bottom of the page to Precedure 4 and download and run the New.Net uninstaller.

If you lose your internet connection after running the New.Net uninstaller, Run LspFix, and click Finish. (Don't do anything else)

That should restore the internet connection.


Also I see you are running Hijack This from your Temporary Internet Files folder. This is a bad idea because it cannot create and restore backups from there. You need to create a new folder in My Documents and name it Hijack This. Now Click here to download Hijack This again. Download it and click "Save". Save it to the Hijack This folder you just created. That way it can create and restore backups if needed. HJT will store the backups in the same location that it is run from.

After you have done all that, rescan with Hijack This and post a fresh log.
 
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
Logfile of HijackThis v1.99.0
Scan saved at 12:29:57 AM, on 2/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Owner\My Documents\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\ragui.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [klybwv] C:\WINDOWS\klybwv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1101998767468
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - https://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://m7.demoservers.com/etc/controls/srdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.0487139180371017&file=stamps.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb07.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA7C7DAE-25C1-454C-898B-1E1085B516E0}: NameServer = 205.188.146.145
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LogMeIn Maintenance Service - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



I removed the NewDotNet and I am stil having the same problem with my computer so I downloaded Hijack this again and stored another log, this is the log. Could you please go over it and tell me what other problem there could be? Also, I dont want to try to fix anything because the last time, I had a problem and couldnt connect to the internet again. Please help me, this is getting really confusing. Thank you.
 
Flrman1

Flrman1

Joined
Jul 26, 2002
Messages
46,349
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"

O4 - HKLM\..\Run: [klybwv] C:\WINDOWS\klybwv.exe

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete this file:

C:\WINDOWS\klybwv.exe

Delete this folder:

C:\Program Files\WhenUSearch

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin


Go here and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
 
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
Ok, I started to do what u told me, went into safe mode, but then I didnt have the time so now my computer keeps starting in normal mode instead of selective which it was normally in. I tried to put it in selective but it wont work now. I dont know what happened. Please help me.
 
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
I did everything u said, I went into safe boot and tried to delete the files and folders u said, but I could not delete the file, klybwv.exe. I actually couldnt even find it in my search and I searched everywhere in the computer. I also got rid of 2 viruses I found with the online virus scan and deleted them. Now my computer is still doing the same thing and for some reason, my aol is messed up. The weather part of my welcome page is not working and when I click on it, I get an error page. Also, I cannot play any of them games from the aol games, pogo. I have always been able to access these games but now I get an error page that says the java could not get a network access or something like that. I just am getting so frustrated with this computer that I just wanna throw it. When I try to start the computer in selective mode, it just goes into normal mode by itself. Why am I having such bad luck with this computer? I have Nortons antivirus and I just cant understand why all this adware and malware keep on getting in. I think im just gonna do a system restore to like 1 month ago and see what happens.
 
G

ghettomami

Thread Starter
Joined
Feb 3, 2005
Messages
11
I had to use system restore, so I ran Hijack this again and here is my log...

Logfile of HijackThis v1.99.0
Scan saved at 1:54:11 AM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\LogMeIn\ragui.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\windows\salm.exe
C:\WINDOWS\System32\bretiuxh.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\My Documents\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://businesshelp.verizon.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\ragui.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [salm] c:\windows\salm.exe
O4 - HKLM\..\Run: [klybwv] C:\WINDOWS\klybwv.exe
O4 - HKLM\..\Run: [udtqfowhjj] C:\WINDOWS\System32\bretiuxh.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/pm/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1101998767468
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - https://vhost.oddcast.com/admin/hostClientIE.cab
O16 - DPF: {83229950-AD1D-4B94-8304-F56E95AFACF7} (CSurgientTerminal Object) - http://m7.demoservers.com/etc/controls/srdp.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.0487139180371017&file=stamps.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb07.pogo.com/game/deluxe/insaniquarium/popcaploader_v6.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA7C7DAE-25C1-454C-898B-1E1085B516E0}: NameServer = 205.188.146.145
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LogMeIn Maintenance Service - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Flrman1

Flrman1

Joined
Jul 26, 2002
Messages
46,349
Click Here and download the the new version of Killbox and save it to your desktop.

Double-click on Killbox.exe to run it. Now put a tick by Delete on Reboot. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file on next reboot. Click Yes. It will then ask if you want to reboot now. Click No. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\WhenUSearch\whse.exe

c:\windows\salm.exe

C:\WINDOWS\klybwv.exe

C:\WINDOWS\System32\bretiuxh.exe

C:\Program Files\SurfSideKick 2\Ssk.exe

C:\Program Files\Windows AdService\WinAdServ.exe

C:\Program Files\NaviSearch\bin\nls.exe

C:\Program Files\SurfSideKick 2\SskBho.dll

C:\WINDOWS\BTGrab.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"

O4 - HKLM\..\Run: [salm] c:\windows\salm.exe

O4 - HKLM\..\Run: [klybwv] C:\WINDOWS\klybwv.exe

O4 - HKLM\..\Run: [udtqfowhjj] C:\WINDOWS\System32\bretiuxh.exe

O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - Startup: PowerReg Scheduler V3.exe

O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

Now restart your computer.

Let it fully reboot then restart again into safe mode.

How to start your computer in safe mode

Now find and delete these folders:

C:\Program Files\WhenUSearch
C:\Program Files\SurfSideKick 2
C:\Program Files\Windows AdService
C:\Program Files\NaviSearch

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin


Boot back into Windows normally now.


Go to add/Remove programs and uninstall New.Net (NewDotNet). If that fails do the following:

First Click here to download LspFix

You may not need it, but go ahead and download it just in case.


Now go here and scroll to the bottom of the page to Precedure 4 and download and run the New.Net uninstaller.

If you lose your internet connection after running the New.Net uninstaller, Run LspFix, and click Finish. (Don't do anything else)

That should restore the internet connection.



Go here and download Ad-Aware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.



Go here and download Microsoft Antispyware Beta. First press file and check for updates and then run it.

Let it fix anything that it finds (have it quarantine them rather than delete just in case. It is a beta program and there may be false positives)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 507 (members: 10, guests: 497)
Top