Hijack This Log, please review-

Hijack log

Hello,

Boy i can sure use some advise. I ran spybot, adware se and norton but i can't get rid of the pop ups and trojan virus. I went to download hijack this so i can post my log but during the download my computer froze and now i can't open any program except for internet explorer and email (outlook)...Please help im getting really nervous! xp Professional, sp2.

Thank you in advance.

 

Okay Tony, i'll try that now. I was able to open windows explorer and run hijack this after starting in safe mode. I thought i read something about checking a box to unlock hidden files....i don't recall how to go about this, but here is the Hijack log and i'll run spybot and adware now. thank you!

Logfile of HijackThis v1.98.2
Scan saved at 4:28:40 PM, on 2/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\HIJACKTHIS (SPYWARE REMOVAL)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\mioky.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\mioky.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\mioky.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\mioky.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\mioky.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\mioky.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\mioky.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EA98A3A0-1C43-2903-6F84-EE2B61D598A3} - D:\WINDOWS\winib.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mfcmo.exe] D:\WINDOWS\mfcmo.exe
O4 - HKLM\..\Run: [JXJAGpC1D] D:\documents and settings\john\local settings\temp\JXJAGpC1D.exe
O4 - HKLM\..\Run: [Kmj8Y4] D:\windows\system32\Kmj8Y4.exe
O4 - HKLM\..\Run: [nIwIJQWe.exe] d:\windows\system32\nIwIJQWe.exe
O4 - HKLM\..\Run: [c] D:\documents and settings\john\local settings\temp\c.exe
O4 - HKLM\..\Run: [HaMFd] D:\documents and settings\john\local settings\temp\HaMFd.exe
O4 - HKLM\..\Run: [FrbyW] D:\documents and settings\john\local settings\temp\FrbyW.exe
O4 - HKLM\..\Run: [5.tmp] D:\DOCUME~1\Robin\LOCALS~1\Temp\5.tmp.exe 1 10001
O4 - HKLM\..\Run: [5.tmp.exe] D:\DOCUME~1\Robin\LOCALS~1\Temp\5.tmp.exe 1 10001
O4 - HKLM\..\Run: [D.tmp] D:\DOCUME~1\John\LOCALS~1\Temp\D.tmp.exe 0 10001
O4 - HKLM\..\Run: [tibs5] D:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [D.tmp.exe] D:\DOCUME~1\John\LOCALS~1\Temp\D.tmp.exe 0 10001
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aent] D:\Documents and Settings\John\Application Data\apbh.exe
O4 - HKCU\..\Run: [Bfg] D:\WINDOWS\system32\ati2evxx.exe
O4 - Global Startup: Shortcut to Internet Explorer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/00e19747/enter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13a9a9039b6e16a32317/netzip/RdxIE601.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

 

Hello johnd1, welcome to the boards.
We'll need a new log after you have run Spybot and Ad-Aware. Things will be different afterwards.
Then it will be checked out for you.
I edited your thread title to a more meaningful subject.

 

Thank you all so much for your help, it is greatly appreciated!
Wow, that was a slow painfull process . Okay, I made sure all of the software had the latest updates then i started in safe mode and ran spybot, then adware and lastly norton. Norton failed to fix 67 files..trojan.admin and a number variations of adware. I rebooted in normal mode and ran Hijack this and here are the results:

Logfile of HijackThis v1.98.2
Scan saved at 5:51:02 PM, on 2/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\System32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\windows\system32\nIwIJQWe.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\nIwIJQWe.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HIJACKTHIS (SPYWARE REMOVAL)\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
O2 - BHO: (no name) - {EA98A3A0-1C43-2903-6F84-EE2B61D598A3} - D:\WINDOWS\winib.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mfcmo.exe] D:\WINDOWS\mfcmo.exe
O4 - HKLM\..\Run: [JXJAGpC1D] D:\documents and settings\john\local settings\temp\JXJAGpC1D.exe
O4 - HKLM\..\Run: [Kmj8Y4] D:\windows\system32\Kmj8Y4.exe
O4 - HKLM\..\Run: [nIwIJQWe.exe] d:\windows\system32\nIwIJQWe.exe
O4 - HKLM\..\Run: [c] D:\documents and settings\john\local settings\temp\c.exe
O4 - HKLM\..\Run: [HaMFd] D:\documents and settings\john\local settings\temp\HaMFd.exe
O4 - HKLM\..\Run: [FrbyW] D:\documents and settings\john\local settings\temp\FrbyW.exe
O4 - HKLM\..\Run: [5.tmp] D:\DOCUME~1\Robin\LOCALS~1\Temp\5.tmp.exe 1 10001
O4 - HKLM\..\Run: [5.tmp.exe] D:\DOCUME~1\Robin\LOCALS~1\Temp\5.tmp.exe 1 10001
O4 - HKLM\..\Run: [D.tmp] D:\DOCUME~1\John\LOCALS~1\Temp\D.tmp.exe 0 10001
O4 - HKLM\..\Run: [tibs5] D:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [D.tmp.exe] D:\DOCUME~1\John\LOCALS~1\Temp\D.tmp.exe 0 10001
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aent] D:\Documents and Settings\John\Application Data\apbh.exe
O4 - HKCU\..\Run: [Bfg] D:\WINDOWS\system32\ati2evxx.exe
O4 - Global Startup: Shortcut to Internet Explorer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/00e19747/enter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13a9a9039b6e16a32317/netzip/RdxIE601.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?316
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab

Removed unrequested startup log Lonny.

 

Disable System Restore, and reboot. This is important to do this as deleted files will reappear otherwise. This could be the location of the uncleanable files, you didn't post a folder location. By disabling SR, you are cleaning it out in the process.

There is another location of files that are not typically cleanable by AV programs. These are packed away in JAR files, much like a ZIP file. Your Java VM creates a cache with JAR files, and you need to just clean it out. Go into your Java Control Panel, look under the General tab, then in the section for Temporary Internet Files, click on the button for Delete Files.

Remove these items in HJT with all internet browsers, and Windows Explorer windows closed.

R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
O2 - BHO: (no name) - {EA98A3A0-1C43-2903-6F84-EE2B61D598A3} - D:\WINDOWS\winib.dll (file missing)
O4 - HKLM\..\Run: [mfcmo.exe] D:\WINDOWS\mfcmo.exe
O4 - HKLM\..\Run: [JXJAGpC1D] D:\documents and settings\john\local settings\temp\JXJAGpC1D.exe
O4 - HKLM\..\Run: [Kmj8Y4] D:\windows\system32\Kmj8Y4.exe
O4 - HKLM\..\Run: [nIwIJQWe.exe] d:\windows\system32\nIwIJQWe.exe
O4 - HKLM\..\Run: [c] D:\documents and settings\john\local settings\temp\c.exe
O4 - HKLM\..\Run: [HaMFd] D:\documents and settings\john\local settings\temp\HaMFd.exe
O4 - HKLM\..\Run: [FrbyW] D:\documents and settings\john\local settings\temp\FrbyW.exe
O4 - HKLM\..\Run: [5.tmp] D:\DOCUME~1\Robin\LOCALS~1\Temp\5.tmp.exe 1 10001
O4 - HKLM\..\Run: [5.tmp.exe] D:\DOCUME~1\Robin\LOCALS~1\Temp\5.tmp.exe 1 10001
O4 - HKLM\..\Run: [D.tmp] D:\DOCUME~1\John\LOCALS~1\Temp\D.tmp.exe 0 10001
O4 - HKLM\..\Run: [tibs5] D:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [D.tmp.exe] D:\DOCUME~1\John\LOCALS~1\Temp\D.tmp.exe 0 10001
O4 - HKCU\..\Run: [Aent] D:\Documents and Settings\John\Application Data\apbh.exe
09 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/00e19747/enter.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Reboot into Safe Mode and set Windows Explorer Folder Options to Show All Files.

Delete all files and folders located in these two folders.
D:\documents and settings\john\local settings\temp
D:\documents and settings\Robin\local settings\temp

Delete this folder.
D:\Program Files\eSyndicate

Delete these files, you may not find all of them. They could have been removed by Spybot or Ad-Aware.
D:\WINDOWS\winib.dll
D:\WINDOWS\mfcmo.exe
D:\windows\system32\Kmj8Y4.exe
d:\windows\system32\nIwIJQWe.exe
D:\WINDOWS\system32\tibs5.exe
D:\WINDOWS\system32\mioky.dll
D:\Documents and Settings\John\Application Data\apbh.exe

When done, surf for a bit, and then post a new log and we'll see if anything is left or new appears.

 

Hello,

Here is my log, could someone please tell me which items need to be deleted? windows xp professional. Ran Adware SE and Spybot prior to running Hijack this. Thank you in advanced for your help!!!!!!

John!

Logfile of HijackThis v1.98.2
Scan saved at 2:18:12 PM, on 2/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files 2\Norton AntiVirus\navapsvc.exe
C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
C:\Program Files 2\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Program Files\logitech\LogiTray.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\LVComS.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\Program Files\Bpt\bpt.exe
D:\windows\system32\BDJTBIES.exe
D:\windows\system32\gWRwqx.exe
D:\windows\system32\BDJTBIES.exe
D:\WINDOWS\system32\dpnmuninst.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\dmdro.exe
D:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
D:\WINDOWS\system32\gWRwqx.exe
C:\Program Files 2\SideACT.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmloan.com/library.html?category=interestrates&article=1198&p=bobmurphy&acctid=307443
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - D:\Program Files\SEP\sep.dll
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - D:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\logitech\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dvx] D:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vbrhthx] d:\windows\system32\vbrhthx.exe
O4 - HKLM\..\Run: [BPT] "C:\Program Files\Bpt\bpt.exe "
O4 - HKLM\..\Run: [BDJTBIES] D:\windows\system32\BDJTBIES.exe
O4 - HKLM\..\Run: [gWRwqx.exe] d:\windows\system32\gWRwqx.exe
O4 - HKLM\..\Run: [BDJTBIES.exe] D:\windows\system32\BDJTBIES.exe
O4 - HKLM\..\Run: [r7Ei3mS] dpnmuninst.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [awxsRgeqe] dmdro.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 2.lnk = C:\Program Files 2\Hewlett Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files 2\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1599a114514f53580b20/netzip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

Hello Here is my revised log-

Hi Mark,

I did everything you said including deleting the (windows) temp and prefetch folders. For some reason my hour glass is always showing on my cursor and the computer is very sluggish.
Note: I did not find the following:

d:\windows\system32\gWRwqx.exe
dpnmuninst.exe
dmdro.exe

I also deleted this, although you didn’t list them…was that bad?
D:\windows\system32\BDJTBIES.dll
d:\windows\system32\gWRwqx.dll

Here is my new hijack this log,

Logfile of HijackThis v1.98.2
Scan saved at 4:29:34 PM, on 2/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files 2\Norton AntiVirus\navapsvc.exe
C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
C:\Program Files 2\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\logitech\LogiTray.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CxtPls\CxtPls.exe
D:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
D:\WINDOWS\system32\LVComS.exe
C:\Program Files 2\SideACT.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\explorer.exe
D:\Program Files\HIJACK THIS\HijackThis.exe
D:\WINDOWS\system32\rkiwuk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmloan.com/library.html?category=interestrates&article=1198&p=bobmurphy&acctid=307443
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: Band Class - {CC378B83-9577-44D0-B4F8-0DD965E176FC} - D:\Program Files\eSyndicate\esyn.dll (file missing)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\logitech\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Narrator] D:\WINDOWS\system32\rkiwuk.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1 "
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: HPAiODevice(hp officejet g series) - 2.lnk = C:\Program Files 2\Hewlett Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files 2\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
O4 - Global Startup: tnuhgn.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1599a114514f53580b20/netzip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

Hi johnd1

Ive merged your separate post into this thread, please use the add reply button rather than starting new treads.

Replace your Hijackthis with the new version(1.99.1) and post a fresh log for Mark62
http://www.merijn.org/files/HijackThis.exe

 

Thanks Lonny!
Here you go Mark. thanks again for all of your assistance!

NOTE: the hour glass isn't hanging today....??

Logfile of HijackThis v1.99.1
Scan saved at 11:16:16 AM, on 2/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files 2\Norton AntiVirus\navapsvc.exe
C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
C:\Program Files 2\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Program Files\logitech\LogiTray.exe
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
C:\Program Files 2\SideACT.exe
D:\WINDOWS\system32\LVComS.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files 2\Norton AntiVirus\OPScan.exe
D:\PROGRA~1\logitech\FxSvr2.exe
D:\Program Files\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmloan.com/library.html?category=interestrates&article=1198&p=bobmurphy&acctid=307443
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\logitech\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Narrator] D:\WINDOWS\system32\rkiwuk.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: HPAiODevice(hp officejet g series) - 2.lnk = C:\Program Files 2\Hewlett Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files 2\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1599a114514f53580b20/netzip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Go install the latest version of Suns java plug-in, click Get it now: http://java.com/en/index.jsp
Turn off its auto-updater, (Its buggy) in control panel Sunjava plug-in > update tab uncheck its option to update automatically.

Download Find-qoologic.zip from here
http://forums.skads.org/index.php?showtopic=89

Unzip the the files inside, open the qoologic folder, Then run qoologic.bat from there wait for it to finish.
It will take awhile, wait untill the dos box disapears and disk activity stops, a text will open, post that back here please.

 

Hi Larry/Mark,

Here is the log you requested from qoologic, along with the hijack this log.
Once again, thanks for all your help! Any recommendations on Anti-Virus software other than Norton?

D:\Program Files\QOOLOGIC

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
D:\WINDOWS\system32\KeyLbI32.dll: .aspack
D:\WINDOWS\system32\ntdll.dll: .aspack
D:\WINDOWS\system32\SKCL.dll: .aspack

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
Finished

Logfile of HijackThis v1.99.1
Scan saved at 7:02:17 PM, on 2/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files 2\Norton AntiVirus\navapsvc.exe
C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
C:\Program Files 2\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\logitech\LogiTray.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\LVComS.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
C:\Program Files 2\SideACT.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmloan.com/library.html?category=interestrates&article=1198&p=bobmurphy&acctid=307443
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\logitech\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Narrator] D:\WINDOWS\system32\rkiwuk.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: HPAiODevice(hp officejet g series) - 2.lnk = C:\Program Files 2\Hewlett Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files 2\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1599a114514f53580b20/netzip/RdxIE601.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Hello

Im not seeing any narrator files, thats a good thing.

Start Hijackthis and place a check next to these items,
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders) [WE do not mean stop the programs in the tray area near the clock]
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O4 - HKLM\..\Run: [Narrator] D:\WINDOWS\system32\rkiwuk.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1599a11...ip/RdxIE601.cab
===========================
Hit fix checked and close Hijackthis.

Delete these folders if you havent yet.
C:\Program Files\CxtPls
D:\WINDOWS\system32\wsxsvc
C:\Program Files\Bpt

Where did these lagit startups go, did you acidently fix them ?
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Bfg] D:\WINDOWS\system32\ati2evxx.exe

Other than Norton (anythings basicly) AVG AntiVir or Avast are free,
Dont get me wrong its a good program, but since it is so popular all the crappies know how to get around it.

Post a fresh log and mention the current problems and symtoms.

 

Hi Lonny/Mark,

In response to your question, "Where did these lagit startups go, did you acidently fix them ? " I don't believe i deleted these. I had two separate posts running, one for my work computer and one for my home computer. You mentioned you merged my posts together, so i'm thinking these files were listed on my post from my home computer??? make sense? Otherwise, i don't know how they got fixed/deleted.

O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Bfg] D:\WINDOWS\system32\ati2evxx.exe


I think everything on this computer (work) is running well now, with the exception of this error code i get on start-up (not sure if this is a big deal or not?
HP AiO Device Object Server
RegisterClassObjects failed: hRes = 0x80004015
The class is configured to run as a security id different from the caller

Maximum retry attempts exceeded

OK

THANKS AGAIN!
Logfile of HijackThis v1.99.1
Scan saved at 10:10:11 AM, on 2/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files 2\Norton AntiVirus\navapsvc.exe
C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
C:\Program Files 2\Norton AntiVirus\SAVScan.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Program Files\logitech\LogiTray.exe
D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\LVComS.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
C:\Program Files 2\SideACT.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files 2\Microsoft Office\Office10\WINWORD.EXE
D:\Program Files\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.topproducerstrategies.com/archive.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\logitech\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: HPAiODevice(hp officejet g series) - 2.lnk = C:\Program Files 2\Hewlett Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files 2\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SideACT!.lnk = C:\Program Files 2\SideACT.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://docmagic.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files 2\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Hi. To aviod confusion always mention which PC is which, if you dont tell us How would we know ?

I suggest you inquire about that error in the XP section of out forums

 

Yah, my bad. I was a first timer posting logs and using the forums.

Thanks again for your help Lonny/Mark!

JD