1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Popups and Spyware and a Slow Computer

Discussion in 'Virus & Other Malware Removal' started by icecream33, Jan 25, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    My computer has become increasingly slower and slower...the amount of popups I have been getting lately has gone through the roof. I suspect I may have one or many problems with my computer. Is there anybody that would be willing to take a quick peek at my hijack this log? Being a somewhat technology illiterate girl, I don't exactly know how to explain what's goin on on my computer...if anybody needs to know more info just lemme know.

    Thanks guys:)

    Logfile of HijackThis v1.99.1
    Scan saved at 10:36:58 PM, on 1/24/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\SVA Player\SVAPLAYER.EXE
    C:\Program Files\DelFin\PromulGate\PgMonitr.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fightingsioux.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: EMES X Class - {000000DA-0786-4633-87C6-1AA7A4429EF1} - C:\WINDOWS\System32\emesx.dll
    O2 - BHO: FOne Organizer Class - {000000F1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\FOne.dll
    O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\lwz.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: IEHlprObj Class - {40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} - C:\WINDOWS\bpboh.dll
    O2 - BHO: (no name) - {4D9972C3-CDB9-3124-070F-10A270C94632} - C:\WINDOWS\CDM\gmctobmhoa.dll
    O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
    O2 - BHO: Invisible Class - {7DD896A9-7AEB-430F-955B-CD125604FDCB} - C:\WINDOWS\System32\veg32.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [PromulGate] "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
    O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerWrap1076.exe
    O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Homeland Network] "C:\Program Files\HomelandNetwork\HomelandNetwork.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/074b34f1a2d9889aa804/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Welcome to TSG :)

    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
  3. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    Thank you so much cheeseball81.

    Here is the hijack log followed by the ewido thingy log. Thanks again;)

    Logfile of HijackThis v1.99.1
    Scan saved at 1:07:55 AM, on 1/25/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\SVA Player\SVAPLAYER.EXE
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fightingsioux.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {7799006E-A491-69D8-0E96-E8D8881ED9DC} - C:\WINDOWS\CDM\gmctobmhoa.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerWrap1076.exe
    O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Homeland Network] "C:\Program Files\HomelandNetwork\HomelandNetwork.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/074b34f1a2d9889aa804/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
     
  4. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    oops, my message was too long--didn't let me add the ewido report. here it is. i'll have to do it in 2 messages cause I had a ton of stuff to delete...

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 12:55:21 AM, 1/25/2006
    + Report-Checksum: 1785E025

    + Scan result:

    HKLM\SOFTWARE\Brilliant Digital Entertainment -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDE3D -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEEngine -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEinstaller -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEinstaller\BDECache -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEPlayer -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEPlayer\DisplayConfigs -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEPlayer\DisplayConfigs\3D Hardware Acceleration -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEPlayer\DisplayConfigs\3D Software Rasterizer -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEPlayer\settings -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\BDEViewer -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\Install -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bde3d_ref2.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bde3d_refk7.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bde3d_refp3.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bde3d_refp4.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bdeengine2.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bdeimage.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bdeinstall.exe -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bdeplayer2.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bderastdx6_30002.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bderastmmx_30001.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bdesac10.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bdesac24.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\bdesacs48.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\dopat30n.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\libraries\npbdplay2.dll -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Brilliant Digital Entertainment\Products -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\CNForm.EXE -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\b3ds_auto_file -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\b3ds_auto_file\shell -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\b3ds_auto_file\shell\Open -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\b3ds_auto_file\shell\Open\command -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\b3ds_auto_file\shell\Open As New -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\b3ds_auto_file\shell\Open As New\command -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\BPboh.IEHlprObj -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\BPboh.IEHlprObj\CLSID -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\BPboh.IEHlprObj\CurVer -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\BPboh.IEHlprObj.1 -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{000000DA-0786-4633-87C6-1AA7A4429EF1} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{000000F1-34E3-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{00000EF1-34E3-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B} -> Spyware.SmartPops : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{139D88E5-C372-469D-B4C5-1FE00852AB9B} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4F9CA775-2C5F-4E2A-B157-CB440564F7F4} -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} -> Spyware.iGetNet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{730F2451-A3FE-4A72-938C-FC8A74F15978} -> Spyware.iGetNet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{7DD896A9-7AEB-430F-955B-CD125604FDCB} -> Spyware.DailyWinner : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{882F36A6-5178-477B-A00A-2E1D3B7E8E80} -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{954814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A54814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A6475E6B-3C2E-4B1F-82FD-8F1C0B1D8AD0} -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{B8AB2281-447F-482B-86E9-1F0ED5973637} -> Spyware.EzSearchBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{ECB81A15-365C-4953-827F-6E848634C1F0} -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.CNBarHelper -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.CNBarHelper\CLSID -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.CNBarHelper\CurVer -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.CNBarHelper.1 -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.History -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.History\CLSID -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.History\CurVer -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\CNForm.History.1 -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\F1.Organizer -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\F1.Organizer\CLSID -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\F1.Organizer\CurVer -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\F1.Organizer.1 -> Spyware.VX2 : Cleaned with backup
    HKLM\SOFTWARE\Classes\HP.Hopper -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\HP.Hopper\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\HP.Hopper\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\HP.Hopper.1 -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{1423903E-86CC-4470-8AB0-257C10D77D45} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{40AC4D2C-491D-11D4-AAF2-0008C75DCD2B} -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4DEA7CA1-3372-4204-937C-2DD4A6ED6562} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4F476E6B-1ECA-4A3B-845A-505D8892DA1A} -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{51958168-D5E3-11D1-AA42-0000E842E40A} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{64809B75-D8C3-4052-A7AD-6A3ECC39218E} -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{676058E3-89BD-11D6-8A8C-0050BA8452C0} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{A42DC659-33B5-409E-A433-650AC42ECCA4} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{A8516F49-8046-4295-8EE9-C59D5041C9E2} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{F94C0089-9394-4E44-B4EA-58DBA1F7B84E} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{FB82CCD5-174B-4379-BC37-72D9B5ADAEDA} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\InvisiblePop.Invisible -> Spyware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\InvisiblePop.Invisible\CLSID -> Spyware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\InvisiblePop.Invisible\CurVer -> Spyware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\InvisiblePop.Invisible.1 -> Spyware.DailyToolbar : Cleaned with backup
    HKLM\SOFTWARE\Classes\SP.SmartPops -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\SP.SmartPops\CLSID -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\SP.SmartPops\CurVer -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\SP.SmartPops.1 -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{40AC4D20-491D-11D4-AAF2-0008C75DCD2B} -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{47350D97-09E9-4590-864E-3431DA53BF37} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF} -> Spyware.eXact : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{676058DB-89BD-11D6-8A8C-0050BA8452C0} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{AC04DC43-28E9-4746-9164-C200A04B8921} -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{ACBA087F-1547-41DE-8E9E-3F0963CE4BEF} -> Spyware.eUniverse : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{DFFE1CCF-E1E8-4470-9962-73277CC2C898} -> Spyware.LOP : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{EF100607-F409-426A-9E7C-CB211F2A9030} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{FA777197-4BF7-4AA9-A088-A0D803198DE0} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\CommonName -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\CommonName\User -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Cydoor -> Spyware.Cydoor : Cleaned with backup
    HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\DownloadWare -> Spyware.Downloadware : Cleaned with backup
    HKLM\SOFTWARE\DownloadWare\Prefs -> Spyware.Downloadware : Cleaned with backup
    HKLM\SOFTWARE\Homeland Network -> Spyware.Homelandnetwork : Cleaned with backup
    HKLM\SOFTWARE\Homeland Network\CONFIG -> Spyware.Homelandnetwork : Cleaned with backup
    HKLM\SOFTWARE\Homeland Network\UPDATE -> Spyware.Homelandnetwork : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CommonName -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CommonName\BrowserAgent -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CommonName\HttpError -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CommonName\Tooltip -> Spyware.CommonName : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000DA-0786-4633-87C6-1AA7A4429EF1} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000F1-34E3-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-34E3-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40AC4D2D-491D-11D4-AAF2-0008C75DCD2B} -> Spyware.WurldMedia : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} -> Spyware.iGetNet : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DD896A9-7AEB-430F-955B-CD125604FDCB} -> Spyware.DailyWinner : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\WhenU -> Spyware.SaveNow : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
     
  5. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    Here's the rest.

    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\radio shack\Cookies\radio [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\BDECache\bde3F1.tmp/bdesecureinstall.exe -> Adware.BrilliantDigital : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\BDECache\bde3F1.tmp/chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\BDECache\bde3F1.tmp/BDEVerify.exe -> Adware.BrilliantDigital : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\BDECache\bde3F1.tmp/BDEVerify.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\BDECache\bde405.tmp/BDESac24.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\BDECache\bde8.tmp/bdeinsta25.dll -> Adware.BrilliantDigital : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\nst721.EXE -> Spyware.SmartPops : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temp\upd663.tmp/ME.dll -> Spyware.MediaPops : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\0DU3GTM3\ErrorSafeScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\0DU3GTM3\ErrorSafeScannerInstall[2].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\0T2BWH6N\update2[1].cab/ME.dll -> Spyware.MediaPops : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\i[24].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\i[29].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\i[39].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\OEM=wwwp[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\PARENT=3[11].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\PARENT=3[16].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\PARENT=3[24].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\PARENT=3[30].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\PARENT=3[3].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\PARENT=3[7].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\2LWZIX25\PARENT=5[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\5ZV53PZO\i[17].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\5ZV53PZO\i[31].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\7ABT917F\i[32].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\9G035P81\pup[1].htm -> Trojan.NoClose.c : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C105ERCP\OEM=wwwp[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C105ERCP\PARENT=3[11].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C105ERCP\PARENT=3[15].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C105ERCP\PARENT=3[26].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C105ERCP\PARENT=3[30].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C105ERCP\PARENT=3[8].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\i[6].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\OEM=wwwp[2].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\PARENT=27[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\PARENT=2[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\PARENT=3[16].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\PARENT=3[25].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\PARENT=3[30].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\C5M7SDMR\PARENT=3[3].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\LNRVX1K2\indexPE[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\MXLQZ25G\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OTA3MB81\i[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\i[2].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[13].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[17].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[19].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[1].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[20].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[29].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[31].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[33].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[35].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=3[5].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\OXU7WHUF\PARENT=5[3].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\QU2911KY\i[30].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\QU2911KY\i[42].htm -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\radio shack\Local Settings\Temporary Internet Files\Content.IE5\YVW3YXON\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Program Files\CommonName -> Adware.CommonName : Cleaned with backup
    C:\Program Files\CommonName\Toolbar -> Adware.CommonName : Cleaned with backup
    C:\Program Files\CommonName\Toolbar\KeywordLink.dat -> Adware.CommonName : Cleaned with backup
    C:\Program Files\CommonName\Toolbar\KeywordMonitor.dat -> Adware.CommonName : Cleaned with backup
    C:\Program Files\CommonName\Toolbar\UrlMonitor.dat -> Adware.CommonName : Cleaned with backup
    C:\Program Files\DelFin\PromulGate\PgMonitr.exe -> Spyware.Delfin : Cleaned with backup
    C:\Program Files\DelFin\PromulGate\PgSDK.DLL -> Spyware.Delfin : Cleaned with backup
    C:\Program Files\MediaLoads Enhanced\ME1.DLL -> Spyware.MediaPops : Cleaned with backup
    C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL -> Spyware.SmartPops : Cleaned with backup
    C:\Program Files\Recommended Hotfix - 421701D\v15\RH.exe -> Spyware.SmartPops : Cleaned with backup
    C:\QUARANTINE\A0024057.DLL.Vir -> Spyware.IGetNet : Cleaned with backup
    C:\QUARANTINE\A0024059.dll.Vir -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\QUARANTINE\A0024061.EXE.Vir -> Spyware.IGetNet : Cleaned with backup
    C:\QUARANTINE\BHO.DLL.Vir -> Spyware.IGetNet : Cleaned with backup
    C:\QUARANTINE\Rsp.dll.Vir -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\QUARANTINE\WinStart001.EXE.Vir -> Spyware.IGetNet : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP952\A0020561.dll -> Spyware.NewDotNet : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP952\A0020562.dll -> Spyware.NewDotNet : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP964\A0023075.dll -> Spyware.TopSearch : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP964\A0023877.dll -> Spyware.HotBar : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP964\A0023909.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP964\A0023910.exe -> Adware.NewDotNet : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP965\A0024015.exe -> Spyware.Downloadware : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP965\A0024016.DLL -> Spyware.MediaPops : Cleaned with backup
    C:\System Volume Information\_restore{12855640-7D70-4BD9-BBEA-F3A6839FBAEA}\RP965\A0024017.dll -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\BDE -> Adware.BrilliantDigital : Cleaned with backup
    C:\WINDOWS\BDE\b3dlogo -> Adware.BrilliantDigital : Cleaned with backup
    C:\WINDOWS\BDE\Cache -> Adware.BrilliantDigital : Cleaned with backup
    C:\WINDOWS\BDE\movies -> Adware.BrilliantDigital : Cleaned with backup
    C:\WINDOWS\BDE\mskin -> Adware.BrilliantDigital : Cleaned with backup
    C:\WINDOWS\BDE\setup.cab -> Adware.BrilliantDigital : Error during cleaning
    C:\WINDOWS\CDM\gmctobmhoa.dll -> Spyware.SmartPops : Cleaned with backup
    C:\WINDOWS\CDM\gmctobmhoa.exe -> Spyware.SmartPops : Cleaned with backup
    C:\WINDOWS\cdmweb\cfoimdscho.dll -> Spyware.SmartPops : Cleaned with backup
    C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\SYSTEM32\chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ctbv2.dll -> Adware.SAHA : Cleaned with backup
    C:\WINDOWS\SYSTEM32\httppost.exe -> Adware.Specofer : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ignet.dll -> Dropper.Mudrop.w : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ignet2.dll -> Dropper.Mudrop.w : Cleaned with backup
    C:\WINDOWS\SYSTEM32\KVI_111.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\SYSTEM32\ofrg.dll -> Spyware.Favman : Cleaned with backup
    C:\WINDOWS\SYSTEM32\SHAgent1007.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\SYSTEM32\veg32.dll -> Spyware.DailyWinner : Cleaned with backup


    ::Report End
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download KillBox here: http://www.downloads.subratam.org/KillBox.exe
    Save it to your desktop.
    DO NOT run it yet.

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O2 - BHO: (no name) - {7799006E-A491-69D8-0E96-E8D8881ED9DC} - C:\WINDOWS\CDM\gmctobmhoa.dll (file missing)

    O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerWrap1076.exe

    O4 - HKLM\..\Run: [Homeland Network] "C:\Program Files\HomelandNetwork\HomelandNetwork.exe"

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/074b34f1...p/RdxIE601.cab


    Boot into Safe Mode.

    * Double-click on Killbox.exe to run it.

    Put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\Program Files\VBouncer
    C:\Program Files\HomelandNetwork


    Click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confirmation to delete the file.
    Click Yes.
    Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    Killbox may tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.
    Next in Killbox go to Tools > Delete Temp Files
    In the window that pops up, put a check by ALL the options there except these three:
    XP Prefetch
    Recent
    History
    Now click the Delete Selected Temp Files button.
    Exit the Killbox.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new log.
     
  7. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    Sorry it took me so long to get back...

    Here is the new log file.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:30:09 PM, on 1/25/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\SVA Player\SVAPLAYER.EXE
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fightingsioux.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    That's okay. I just realized I overlooked an entry.

    Please fix this one with Hijack This:

    O4 - HKLM\..\Run: [WinStart001.EXE] C:\WINDOWS\System\WinStart001.EXE -b

    Boot into Safe Mode and KillBox this file:

    C:\WINDOWS\System\WinStart001.EXE

    Reboot, post a new log.
     
  9. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    Done...here's the new log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:58:17 PM, on 1/25/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\SVA Player\SVAPLAYER.EXE
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fightingsioux.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I'm not sure if you use something called QuickFlicks Streaming Player, but it should be removed as well. It's regarded as spyware.

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE

    Then find and delete this folder: C:\Program Files\SVA Player

    Empty the Recycle Bin.

    How are things running now?
     
  11. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    Popups are gone...and it's running a bit faster. Is there anything that will bring back some of the loading speed it had when it was new? I realize its pretty old, but it'd be cool if I could get it to be kinda fast again...

    The new log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:09:41 PM, on 1/25/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fightingsioux.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
    O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    How much RAM does the computer have?

    I also see there are no Service Packs installed. Why?
     
  13. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    My computer illiteracy will be exposed here...

    240 MB of RAM

    and I don't know what a service pack is. I got this thing at Radioshack like 5 years ago. Presario 700 if that means anything.
     
  14. icecream33

    icecream33 Thread Starter

    Joined:
    Jan 24, 2006
    Messages:
    12
    But I'm off to bed for now...I'll check again tomorrow. Thanks again cheeseball!! This is awesome!!
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    240MB of RAM for XP is very low. It would help speed things up if you invested in more RAM. :)

    Service Packs are part of Microsoft. They will patch numerous security holes in IE and Windows. Many baddies get on your machine by taking advantage of these vulnerabilities. As your machine stands now it is wide open to attack from all sorts of nasties.

    You can get them here: http://v4.windowsupdate.microsoft.com/en/default.asp
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437056

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice