Weird Issues with XP - HJT LOG

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BaseballDude

Thread Starter
Joined
Aug 19, 2003
Messages
206
Hey. So when I start up my computer, the loading bar just sits there and wont move until I hit space bar a couple of times? Weird? Also its pretty slow/laggy.

Logfile of HijackThis v1.99.1
Scan saved at 3:25:39 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095857093304
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2435E171-0A7D-4FEE-BBCF-1EAF7D587E7B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

TY!!
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,262
Judging by your log entries, your computer is a laptop and not a desktop.

What is the processor speed and the amount of RAM?

-------------------------------------------------------------------------------------

Cacheman is an old memory management utility from the Windows 95 days and doesn't do any good with Windows XP, so uninstall it. Go into C:\Program Files afterwards, then delete its leftover folder - if it's still there.

Logitech Desktop Messenger isn't needed, so uninstall it. Go into C:\Program Files\Logitech afterwards, then delete its leftover folder - if it's still there.

-------------------------------------------------------------------------------------

There are too many unnecessary programs running in the background that don't need to be, so let's get the startup list trimmed down.

Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from:

IgfxTray (igfxtray.exe)

HotKeysCmds (hkcmd.exe)

QuickTime Task (qttask.exe)

SunJavaUpdateSched (jusched.exe)

RealTray (realplay.exe)

Adobe Gamma (adobe gamma loader.exe)

Click Apply - OK afterwards, then reboot when prompted to. When the SCU window appears during reboot, ignore the message, place a checkmark in it, then click OK.

--------------------------------------------------------------------------------------

After you've done the above, run another scan with HijackThis, then post that new log here.

--------------------------------------------------------------------------------------
 

BaseballDude

Thread Starter
Joined
Aug 19, 2003
Messages
206
I did what you told me, some of the items that you told me to remove the checkmarks from werent there.

I am running a laptop as you mentioned 2.66ghz pentium 4 768mb Ram comp.

Its laggy, I have issues typing like sometimes when I space bar it doesnt space at all, and sometimes it adds multiple spaces with one click. Same with the backspace. Also as I already said when I load the comp I get to the dell screen with the loading bar and it will go a little bit but then the loading bar stops and i have to press the space bar and it will continue moving. Also sometimes I get a back screen that says my computer is not botting up correctly and it gives me a profile to pick (only one choice profile one).

Sample typing without editing the spacebar errors:

hello mycomputer isreally messed up please help!! (Edit I guess it doesnt show multiple spaces but they are there too :( )

HJT LOG!

Logfile of HijackThis v1.99.1
Scan saved at 7:35:41 AM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095857093304
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer2005ScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2435E171-0A7D-4FEE-BBCF-1EAF7D587E7B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Feb 21, 2002
Messages
162
I'm not expert enough to help with this log but I would be suspicious of this line - Winfixer is a known trouble maker -

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/Wi...nerInstall.cab

Google for "Ewido" and download and run it to see what it finds (and/or search this site for how best to use it). Post what it finds here - someone may be able to help.

Good luck
 
Joined
Sep 7, 2004
Messages
49,014
Yes that O16 should go

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

BaseballDude

Thread Starter
Joined
Aug 19, 2003
Messages
206
My computer seems to be doing better now! It started up correctly at least.

Logfile of HijackThis v1.98.2
Scan saved at 4:13:56 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shady\Desktop\Joosh\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095857093304
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2435E171-0A7D-4FEE-BBCF-1EAF7D587E7B}: NameServer = 192.168.1.1
 

BaseballDude

Thread Starter
Joined
Aug 19, 2003
Messages
206
********
2:46 PM: | Start of Session, Friday, January 13, 2006 |
2:46 PM: Spy Sweeper started
2:46 PM: Sweep initiated using definitions version 601
2:46 PM: Starting Memory Sweep
2:48 PM: Memory Sweep Complete, Elapsed Time: 00:02:04
2:48 PM: Starting Registry Sweep
2:48 PM: Found Adware: blazefind
2:48 PM: HKLM\software\microsoft\windows\ || vnmispoisn (ID = 104518)
2:48 PM: Found System Monitor: perfect keylogger
2:48 PM: HKCR\interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a}\ (8 subtraces) (ID = 136696)
2:48 PM: HKLM\software\classes\interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a}\ (8 subtraces) (ID = 136703)
2:48 PM: Found Adware: screensavers
2:48 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
2:48 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140551)
2:48 PM: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
2:48 PM: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
2:48 PM: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
2:48 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
2:48 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140556)
2:48 PM: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
2:48 PM: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
2:48 PM: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
2:48 PM: HKLM\software\classes\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140560)
2:48 PM: HKLM\software\classes\screensaversinstaller.installer\ (5 subtraces) (ID = 140561)
2:48 PM: HKLM\software\classes\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140562)
2:48 PM: HKLM\software\classes\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140563)
2:48 PM: HKLM\software\classes\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140564)
2:48 PM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140565)
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\screensaversinstaller\ (2 subtraces) (ID = 140568)
2:48 PM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
2:48 PM: HKCR\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140570)
2:48 PM: HKCR\screensaversinstaller.installer\ (5 subtraces) (ID = 140571)
2:48 PM: HKCR\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140572)
2:48 PM: HKCR\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140573)
2:48 PM: HKCR\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140574)
2:48 PM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140575)
2:48 PM: Found Adware: websearch toolbar
2:48 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow_as2.dll\ (2 subtraces) (ID = 146482)
2:48 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
2:48 PM: Found Adware: ezula ilookup
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\toptext\ (17 subtraces) (ID = 965815)
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\microsoft\internet explorer\explorer bars\{9ff56d85-db4f-4267-b669-8d05b0bf9a04}\ (1 subtraces) (ID = 965832)
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\microsoft\internet explorer\explorer bars\{f7384c48-97b6-45df-a2fa-1d7762d32f9c}\ (1 subtraces) (ID = 965834)
2:48 PM: Found Adware: great net downloadware
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\downloadware\ (ID = 125353)
2:48 PM: Found Adware: ieplugin
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\dsktb\ (ID = 128171)
2:48 PM: Found Adware: upspiral toolbar
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\dsktb\ (ID = 128171)
2:48 PM: Found Adware: redzip toolbar
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\dsktb\ (ID = 128171)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\intexp\ (2 subtraces) (ID = 128173)
2:48 PM: Found Adware: 180search assistant/zango
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\msbb\ (13 subtraces) (ID = 135781)
2:48 PM: Found Adware: networkessentials
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\support software\ (8 subtraces) (ID = 136177)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\updater\ (1 subtraces) (ID = 136178)
2:48 PM: Found Adware: search-exe hijacker
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\toolbar\ (16 subtraces) (ID = 146513)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\wintools\ (10 subtraces) (ID = 146514)
2:48 PM: Found Adware: sidesearch
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\toolbar\ (16 subtraces) (ID = 646239)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\wintools\ (10 subtraces) (ID = 646241)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\downloadware\ (ID = 775210)
2:48 PM: Registry Sweep Complete, Elapsed Time:00:00:15
2:48 PM: Starting Cookie Sweep
2:48 PM: Found Spy Cookie: yieldmanager cookie
2:48 PM: [email protected][1].txt (ID = 3751)
2:48 PM: Found Spy Cookie: adknowledge cookie
2:48 PM: [email protected][1].txt (ID = 2072)
2:48 PM: Found Spy Cookie: specificclick.com cookie
2:48 PM: [email protected][2].txt (ID = 3400)
2:48 PM: Found Spy Cookie: adrevolver cookie
2:48 PM: [email protected][1].txt (ID = 2088)
2:48 PM: [email protected][2].txt (ID = 2088)
2:48 PM: Found Spy Cookie: adserver cookie
2:48 PM: [email protected][2].txt (ID = 2141)
2:48 PM: Found Spy Cookie: ask cookie
2:48 PM: [email protected][1].txt (ID = 2245)
2:48 PM: Found Spy Cookie: atwola cookie
2:48 PM: [email protected][1].txt (ID = 2255)
2:48 PM: Found Spy Cookie: banner cookie
2:48 PM: [email protected][1].txt (ID = 2276)
2:48 PM: Found Spy Cookie: burstnet cookie
2:48 PM: [email protected][2].txt (ID = 2336)
2:48 PM: Found Spy Cookie: casalemedia cookie
2:48 PM: [email protected][2].txt (ID = 2354)
2:48 PM: Found Spy Cookie: go.com cookie
2:48 PM: [email protected][1].txt (ID = 2728)
2:49 PM: Found Spy Cookie: nextag cookie
2:49 PM: [email protected][2].txt (ID = 5014)
2:49 PM: Found Spy Cookie: realmedia cookie
2:49 PM: [email protected][2].txt (ID = 3235)
2:49 PM: Found Spy Cookie: statcounter cookie
2:49 PM: [email protected][2].txt (ID = 3447)
2:49 PM: Found Spy Cookie: burstbeacon cookie
2:49 PM: [email protected][1].txt (ID = 2335)
2:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
2:49 PM: Starting File Sweep
2:49 PM: c:\program files\screensavers.com (8 subtraces) (ID = -2147480365)
2:49 PM: a0060725.dll (ID = 74752)
3:00 PM: ezstub.exe (ID = 60525)
3:02 PM: a0060727.exe (ID = 111862)
3:07 PM: swpstart.exe (ID = 74759)
3:16 PM: Found Adware: twain-tech
3:16 PM: polmx3.inf (ID = 81859)
3:16 PM: Found System Monitor: potentially rootkit-masked files
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,262
Concerning your reply in #8, which items were you unable to find?

I see that

SunJavaUpdateSched (jusched.exe)

HotKeysCmds (hkcmd.exe)

are still in the startup list and haven't been unchecked and disabled.

Are you using the touchpad or an external mouse?

--------------------------------------------------------------------------------------
 
Joined
Sep 7, 2004
Messages
49,014
You reverted to the Old HiJack version need a log from V1.99.1

Looks like Spy Sweeper's log was cut off or it did not complete - run it again and post the entire log
 

BaseballDude

Thread Starter
Joined
Aug 19, 2003
Messages
206
********
2:46 PM: | Start of Session, Friday, January 13, 2006 |
2:46 PM: Spy Sweeper started
2:46 PM: Sweep initiated using definitions version 601
2:46 PM: Starting Memory Sweep
2:48 PM: Memory Sweep Complete, Elapsed Time: 00:02:04
2:48 PM: Starting Registry Sweep
2:48 PM: Found Adware: blazefind
2:48 PM: HKLM\software\microsoft\windows\ || vnmispoisn (ID = 104518)
2:48 PM: Found System Monitor: perfect keylogger
2:48 PM: HKCR\interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a}\ (8 subtraces) (ID = 136696)
2:48 PM: HKLM\software\classes\interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a}\ (8 subtraces) (ID = 136703)
2:48 PM: Found Adware: screensavers
2:48 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
2:48 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140551)
2:48 PM: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
2:48 PM: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
2:48 PM: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
2:48 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
2:48 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140556)
2:48 PM: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
2:48 PM: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
2:48 PM: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
2:48 PM: HKLM\software\classes\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140560)
2:48 PM: HKLM\software\classes\screensaversinstaller.installer\ (5 subtraces) (ID = 140561)
2:48 PM: HKLM\software\classes\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140562)
2:48 PM: HKLM\software\classes\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140563)
2:48 PM: HKLM\software\classes\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140564)
2:48 PM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140565)
2:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\screensaversinstaller\ (2 subtraces) (ID = 140568)
2:48 PM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
2:48 PM: HKCR\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140570)
2:48 PM: HKCR\screensaversinstaller.installer\ (5 subtraces) (ID = 140571)
2:48 PM: HKCR\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140572)
2:48 PM: HKCR\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140573)
2:48 PM: HKCR\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140574)
2:48 PM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140575)
2:48 PM: Found Adware: websearch toolbar
2:48 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow_as2.dll\ (2 subtraces) (ID = 146482)
2:48 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
2:48 PM: Found Adware: ezula ilookup
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\toptext\ (17 subtraces) (ID = 965815)
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\microsoft\internet explorer\explorer bars\{9ff56d85-db4f-4267-b669-8d05b0bf9a04}\ (1 subtraces) (ID = 965832)
2:48 PM: HKU\S-1-5-21-767207218-2161094215-672958589-1009\software\microsoft\internet explorer\explorer bars\{f7384c48-97b6-45df-a2fa-1d7762d32f9c}\ (1 subtraces) (ID = 965834)
2:48 PM: Found Adware: great net downloadware
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\downloadware\ (ID = 125353)
2:48 PM: Found Adware: ieplugin
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\dsktb\ (ID = 128171)
2:48 PM: Found Adware: upspiral toolbar
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\dsktb\ (ID = 128171)
2:48 PM: Found Adware: redzip toolbar
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\dsktb\ (ID = 128171)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\intexp\ (2 subtraces) (ID = 128173)
2:48 PM: Found Adware: 180search assistant/zango
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\msbb\ (13 subtraces) (ID = 135781)
2:48 PM: Found Adware: networkessentials
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\support software\ (8 subtraces) (ID = 136177)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\updater\ (1 subtraces) (ID = 136178)
2:48 PM: Found Adware: search-exe hijacker
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\toolbar\ (16 subtraces) (ID = 146513)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\wintools\ (10 subtraces) (ID = 146514)
2:48 PM: Found Adware: sidesearch
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\toolbar\ (16 subtraces) (ID = 646239)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\wintools\ (10 subtraces) (ID = 646241)
2:48 PM: HKU\WRSS_Profile_S-1-5-21-767207218-2161094215-672958589-1008\software\downloadware\ (ID = 775210)
2:48 PM: Registry Sweep Complete, Elapsed Time:00:00:15
2:48 PM: Starting Cookie Sweep
2:48 PM: Found Spy Cookie: yieldmanager cookie
2:48 PM: [email protected]ldmanager[1].txt (ID = 3751)
2:48 PM: Found Spy Cookie: adknowledge cookie
2:48 PM: [email protected][1].txt (ID = 2072)
2:48 PM: Found Spy Cookie: specificclick.com cookie
2:48 PM: [email protected][2].txt (ID = 3400)
2:48 PM: Found Spy Cookie: adrevolver cookie
2:48 PM: [email protected][1].txt (ID = 2088)
2:48 PM: [email protected][2].txt (ID = 2088)
2:48 PM: Found Spy Cookie: adserver cookie
2:48 PM: [email protected][2].txt (ID = 2141)
2:48 PM: Found Spy Cookie: ask cookie
2:48 PM: [email protected][1].txt (ID = 2245)
2:48 PM: Found Spy Cookie: atwola cookie
2:48 PM: [email protected][1].txt (ID = 2255)
2:48 PM: Found Spy Cookie: banner cookie
2:48 PM: [email protected][1].txt (ID = 2276)
2:48 PM: Found Spy Cookie: burstnet cookie
2:48 PM: [email protected][2].txt (ID = 2336)
2:48 PM: Found Spy Cookie: casalemedia cookie
2:48 PM: [email protected][2].txt (ID = 2354)
2:48 PM: Found Spy Cookie: go.com cookie
2:48 PM: [email protected][1].txt (ID = 2728)
2:49 PM: Found Spy Cookie: nextag cookie
2:49 PM: [email protected][2].txt (ID = 5014)
2:49 PM: Found Spy Cookie: realmedia cookie
2:49 PM: [email protected][2].txt (ID = 3235)
2:49 PM: Found Spy Cookie: statcounter cookie
2:49 PM: [email protected][2].txt (ID = 3447)
2:49 PM: Found Spy Cookie: burstbeacon cookie
2:49 PM: [email protected][1].txt (ID = 2335)
2:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
2:49 PM: Starting File Sweep
2:49 PM: c:\program files\screensavers.com (8 subtraces) (ID = -2147480365)
2:49 PM: a0060725.dll (ID = 74752)
3:00 PM: ezstub.exe (ID = 60525)
3:02 PM: a0060727.exe (ID = 111862)
3:07 PM: swpstart.exe (ID = 74759)
3:16 PM: Found Adware: twain-tech
3:16 PM: polmx3.inf (ID = 81859)
3:16 PM: Found System Monitor: potentially rootkit-masked files
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top