• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
KDUBZ

hijack this log - 2 Topics Merged...

10 posts in this topic

:scratchhead:

Hi,

here is my hijack this log please review.

 

But I ned help a.s.a.p with RUN TIME ERRORS. They are driving me nuts :rofl:

 

I used to know what to do years ago thanks to you guys here. But being I was offline for almost two years, I forget how to do alot of stuff.

 

I did download the new version of Hijack this, as I was using the one I downloaded back in 02 or 03. lol.

 

Please help. Thanks so much.

 

Logfile of HijackThis v1.99.1

Scan saved at 2:26:07 PM, on 4/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\gearsec.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Local Keylogger Pro\klg.exe

C:\WINDOWS\system32\ctfmon.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\Program Files\Corel\WordPerfect Office 2002\Programs\Wpwin10.exe

C:\Program Files\ArcSoft\PhotoImpression 4\PhotoImpression.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sWClient] C:\Program Files\AMSys\swsys.exe

O4 - HKLM\..\Run: [junk grim slow logo] C:\Documents and Settings\All Users\Application Data\BOREMOVEJUNKGRIM\RealHold.exe

O4 - HKLM\..\Run: [RKLG Startup] C:\Program Files\Local Keylogger Pro\klg.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [exitdale] C:\DOCUME~1\K~DUBS\APPLIC~1\FILMFR~1\ooze coal.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139610285828

O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/3ef815/games/files...aploader_v6.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

hi...ive done two scans...one with ad-aware and one with spy bot. i even ran cw shreder knowing it probably wouldnt fix this. I have been having serious pop ups even with a pop up blocker turned on. they come one after another for all sorts of stuff. even being on spywareinfo.com. please help. :unsure:

 

also if anyone can help me on some questionable things on "my computer"> "my programs" and also things in my "add/remove programs list". been trying to clean out my pc. :techsupport:

 

and i also need to know if anyone knows what kind of memory to buy to upgrade my memory. i have a 5 yr old Dell Dimension 2350. Its getting pretty bad these dys. and i cant afford a new pc. :weep: but can afford to fix this one a little at a time. ^_^

 

 

ps. i have a pc monitor program.. so i know that it will be on my log. However I dont know why theres Ipod stuff. I dont have one of them. :scratchhead:

and i also been getting run time errors.

thank you so much. kristen :love:

(myspace.com/k33...come say hi :wave: )

 

log---

 

Logfile of HijackThis v1.99.1

Scan saved at 2:09:52 AM, on 4/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\gearsec.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

c:\progra~1\intern~1\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [RKLG Startup] C:\Program Files\Local Keylogger Pro\klg.exe

O4 - HKLM\..\Run: [MSRegScan] C:\Program Files\BBK Demo\BBKDemo.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [exitdale] C:\DOCUME~1\K~DUBS\APPLIC~1\FILMFR~1\ooze coal.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139610285828

O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/3ef815/games/files...aploader_v6.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Share this post


Link to post
Share on other sites

Oh by the way.. everytime the pop ups..pop up. They have CiD: on the browser top...then sometimes it changes a it loads to the name of the site. However I havent found this Cid...on my log or anywhere else.

 

--kdubz

Edited by KDUBZ

Share this post


Link to post
Share on other sites

Hi, Again!

:wave: Been trying to get answers on other pos below. But while waiting I thought of some other things Im having Problems with. I have a Dell Demension 2350, bout 5 or 6 yrs old now, Windows XP.

:techsupport:

-Deleting registy keys that wont delete. When I go to Add/ Remove programs I cant seem to get rid of a few things. Long ago I downloaded a trial program called Xara Screenmaker 3D. When I try to delete this program off the list I get.."COULD NOT DELETE REGISTRY KEY". So after a couple years I gave up on deleting it. But now its time to clean out the PC and do some Upgrades.

Also I have problems getting rid of...

  • Hoyle Casino 2003
  • I-Tunes

Hoyle was a disk game bought. I no longer have the disk or book or anything to it. It doesnt seem to show up elsewhere but on my ADD/REMOVE list it stays there and uses memory. I get the "repair, Change, Remove" box when I try to delete. When I choose Remove, it goes thru the removing process but once done, it says Mantenece is complete, and it remains on my PC.

 

I-Tunes, goes thru the removing Process, But when done it says to restart. After restarting...it still remains.

----------------------------------------------------------------------------------------------------------------------------

 

-I have things in my ADD/REMOVE programs list I have no clue what they are for. And if not needed Id like to remove.

Questionable Programs-

  • ADOBE ATOSPHERE PLAYER (I know its a adobe sidekick, but is it needed?)
  • ADOBE DOWNLOAD MANAGER 1.2 (needed?..I barely use adobe Acrobat reader, do i need these extra things?)
  • Adobe Flash Player 9 Active X
  • Corel Applications (dont use anymore, removed but the Program remains on list..although it is blank at end where it usually tells the MB and usage)
  • Hijack this..(yes of coarse I know what this is and I have my log in my post below, however I have two now on my ADD/REMV list. Yesterday I deleted one, but its there still I just found out. Both are 1.99.1, I will try to delete one again and see what happens)
  • J2SE Runtime Enviroment 5.0 Update 8 (I also have Update 10..these both are large MBs)
  • Java Web Start
  • Microsoft.net Framework (I have version 1.03705, and version 1.1)
  • MSXML 4.0 SP2 (Two of these....KB925672, and KB927978)
  • Viewpoint Manager (remove only)
  • Windows Installer 3.1 (KB893803)

----------------------------------------------------------------------------------------------------------------------------

 

-When going to "My Computer" > "Local Disk C" > I have a few questionable folders.

  • 75c4277a4eda9cb19f3b5b83a845 (this is the folder name, inside is...msxml4-KB927978-enu...a Notepad file, however axcess is denied when I try to open)
  • 93a2870d83ad7f0772658ce9....(This one has lots of items inside...but the main icon I believe to be the main thing, has a blue circle with stars on it, and says "ticrf" under it)
  • 68313e73c55418de91....(this one has also alot of items, and the blue icon with the stars but this one has "icrav03")
  • ATI (this one is some program..inside..a chain of folders..starting with Support>then>>>wxp-w2k-catalyst-7-93-030812a1-010735c-efg....then it opens to a whole bunch of items.)
  • Boinc-IRC
  • dcf05fe1d0abeb9663f1d42bae (another one of these folders...this one when opened has 4 folders.. COMMON, SP1, SP2, xpsp1hfm<<< this is a application icon but its a blank browser icon)
  • l386 (this one looks important, theres cursors and all sorts of little icons in here. Some look like windows stuff, but others look questionable..like Dinosaur cursors..I see that its all microsoft mostly but other things look weird)
  • iSiteLogs (inside is a notepad doc labeled "SystemLog0828154554"
  • NVIDIA (inside>>>folder "Win2KXP" then folder >>>"53.03" then inside that is a few icons, the main one is a program called "nvappbar" description underneath "NVIDIA nView Toolbar, Version 53.03 "
  • sj665 (might be windows stuff)
  • sj666 (yikes..)
  • SmartDraw (probably a drawing program trial I downloaded long ago, but dont know if I downloaded it for sure or if its windows.)

 

--------------------------------------------------------------------------------------------------------------------------

 

-This is some questionable things in "my Programs"

  • Partygaming (I know this is from Partypoker, which I recently deleted but in program files I can not delete the file, it says access denied)
  • Toolbar (inside, a folder..labeled "cursors" inside that contains 4 folders with this as the first "73F3DA4CAD9EB97BDCA5DA6CF6CC3969" the other 3 are just about the same, and the last icon says cursors underneath)
  • XEROX (inside a folder "NWWIA" but then nothing inside that...tried to delete the folder XEROX but i got a error box pop up saying "cannot delete folder NWWIA, it is being used by another program")

 

 

---------------------------------------------------------------------------------------------------------------------------

 

Also at one point last week when I opened "my Programs" in My Computer, the first bout 25 folders was some crazy things, folders named something like "$NFHIGNT" and instead of being in black (font) the font color for the folders were Blue. But they seemed to disappear.. I must have found the culprit and deleted it recently. Does anyone know what they may have been?

 

 

>>>>Soon I need info on upgrading memory and a vid card.

 

 

 

 

>>>>I also recently bought a new DVD/CD Burner drive. I wont put it in until I know my PC can handle it. Any Sugestions?

 

 

 

>>>>And I am working off my second windows log in. I made it have Admistrative Power, but I dont know if I can delete the main Log in I made when I bought my Dell. That Log in has problems. It may be infected, I dont know. It runs bad. Maybe im crazy I dont know, but it seems to run way worse than this log in. I only need one log in.

 

 

 

>>>>Runtimes Errors are driving me nuts. :rofl:

 

 

 

Well thank you...this is quite the post I assume. So I hope someone can take the time to help me out. My computer is running so bad and I am going thru rough times, but yet I need the PC in order to make x-tra cash building websites and making flyers.

 

-Kdubz, come visit me on Myspace.com/k33

 

 

---------------------------------------

 

April 27.

 

Hi guys no one has helped me yet on here since i rejoined a month ago with problems. I hope someone will help me soon. Back in 04-05 I got help right away. I know yer all busy it just seems weird I get ignored yet new people post with the same hijack this logs they need read, after i do and yet they get a bunch of views and replies.

 

but anyhow, I am just scared my pc is about to die. Like my last Dell that lasted bout 7 yrs with no updates.

This one is going on 6 yrs old and Im trying to update it before it blows.

 

Besides the things above, ive had numerious involuntary shut downs.

pc freezes up, have to turn off at surge protecter.

 

today i have ben having realy weird stuff happening.

 

internet explorer shuts down on its own. or i cant click on anything.

when in start..couldnt open control panel.

opened pictures folder and it looked all crazy. didnt have the left side options. just all my pic folders in a big window. when i clicked on a folder, to go to pics. it opened the folder , but when in slideshow ciew, no pics showed up. so i closed it out, reopened, and again the picture folder was missing the left options, then when i again clicked on the folder i wanted pics out of, itthen had the left options but the rest of the folder where the pics views would be, was all black. so i went out again, reopened, now its ok.

 

ive had numourous errors pop up...i didnt write them done but i will next time. but they basically said this or that has to shut down, click ok to terminate or cancel to debug.

 

one of the error megs caused windows to flash to just the blue screen (color on my desktop) all the icons left and task bar, etc. then it was blank for bout a minute. then all of a sudden i got the pointer, then icons, then task bar with explorer still there minimized.

 

its all whacky. the other day i deleted some things. but i thought i deleted only those things i knew what i was deleting.

 

i didnt have any problems until last night. i had to kill the pc at the surge protecter.

 

now today the errors seem to be getting worse.

 

please help. i can not afford a pc right now and i need this one for some work.

 

thank u

Edited by KDUBZ

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).

Also look if next are present in software > add/remove programs and uninstall them:

 

CiD Help / CiD Manager

Download Plugin for Internet Explorer

Zone Media

 

In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

 

Then reboot. Important!

 

After reboot,

 

* Download Deljob.exe and save it on your desktop.

Doubleclick Deljob.exe.

 

A log, (logit.txt) should open afterwards. This log will be present on your desktop. I will ask for it later.

 

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O4 - HKCU\..\Run: [exitdale] C:\DOCUME~1\K~DUBS\APPLIC~1\FILMFR~1\ooze coal.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/3ef815/games/files...aploader_v6.cab

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete theser folders in bold if found.

C:\DOCUME~1\K~DUBS\APPLIC~1\FILMFR~1\

c:\program files\PartyGaming\

 

Restart the computer to complete the fix.

 

Post the contents of the logit.txt in your next reply together with a new Hijackthis log.

Share this post


Link to post
Share on other sites

Oh my gosh thanks you for helping. I know I have so many problems with my pc. But this is a good start.

 

ok ive done what you said. I must of already deleted the 04, run, filmfr. Cause i didnt find it and its no longer on hijack this. Ive been going thru and deleting suspitious stuff.

As I wrote some things in my other posts on this topic questioning what I have I dont know if they can be deleted or not.

 

Anyhow, I deleted partygaming. I had found the CiD on my add/remove after I posted the topic, so Ive found that culprit before hand also. While waiting for a response, I got irritated with the pop ups and figured it out.

 

I found the download plug in ... and deleted that.

 

I however didnt find zone media, must of deleted that already too.

 

here are my logs you asked for.

 

(had to leave this open, while I ran logs. My printer is out of ink. :)

 

--------------------------------------------------------------------------------------------------------------------------

 

--------------------------------------------------------

NO LOP JOBS FOUND

--------------------------------------------------------

FILES IN TASKS FOLDER

 

--------------------------------------------------------

EXPORT APP DATA FOLDERS

 

Volume in drive C has no label.

Volume Serial Number is F81C-0ABB

 

Directory of C:\Documents and Settings\K~DUBS\Application Data

 

04/25/2007 12:56 PM <DIR> .

04/25/2007 12:56 PM <DIR> ..

03/15/2006 12:29 PM <DIR> Adobe

03/15/2006 12:29 PM <DIR> AdobeUM

04/04/2007 02:10 PM <DIR> Aim

08/10/2006 11:44 PM <DIR> ArcSoft

04/09/2007 04:47 PM <DIR> Corel

12/27/2006 07:28 PM <DIR> Google

06/20/2006 02:36 AM <DIR> Help

04/30/2003 07:59 AM <DIR> IDENTI~1 Identities

08/02/2006 10:41 PM <DIR> INTERT~1 InterTrust

06/12/2006 06:53 PM <DIR> MACROM~1 Macromedia

04/25/2007 12:47 PM <DIR> MICROS~1 Microsoft

04/23/2007 02:31 PM <DIR> Mozilla

01/24/2007 12:40 AM <DIR> MySpace

07/02/2006 07:42 AM <DIR> Real

02/16/2007 03:47 AM <DIR> REGIST~1 Registry Cleaner

09/19/2006 05:36 PM <DIR> Roxio

04/24/2007 03:31 PM <DIR> SECOND~1 SecondLife

02/16/2007 03:38 AM <DIR> SOFTAC~1 SoftActivity

12/28/2006 12:11 AM <DIR> Sun

04/04/2007 02:12 PM <DIR> yahoo!

0 File(s) 0 bytes

22 Dir(s) 12,522,262,528 bytes free

Volume in drive C has no label.

Volume Serial Number is F81C-0ABB

 

Directory of C:\Documents and Settings\All Users\Application Data

 

04/25/2007 12:56 PM <DIR> .

04/25/2007 12:56 PM <DIR> ..

04/06/2004 01:39 AM <DIR> Adobe

02/16/2004 08:35 PM <DIR> AOL

09/12/2003 01:47 PM <DIR> AOLDOW~1 AOL Downloads

03/03/2004 06:15 PM <DIR> APPLEC~1 Apple Computer

04/26/2005 12:25 PM <DIR> AVG7

12/03/2008 04:03 PM <DIR> CA

04/30/2003 08:33 AM <DIR> Dell

04/26/2005 01:51 PM <DIR> GAMEBL~1 GameBlend

10/29/2004 12:52 AM <DIR> GAMEHO~1 GameHouse

03/25/2007 05:02 PM <DIR> Kodak

04/30/2003 08:31 AM <DIR> McAfee.com

01/24/2007 12:40 AM <DIR> MICROS~1 Microsoft

02/14/2005 12:44 AM <DIR> MSNMES~1.020 MSN Messenger 6.2.0205

05/09/2003 05:10 PM <DIR> MSN6

04/17/2007 08:32 PM <DIR> PIXELS~1 pixelStorm

02/06/2007 03:51 AM <DIR> PopCap

04/30/2003 08:26 AM <DIR> QUICKT~1 QuickTime

04/30/2003 08:22 AM <DIR> SBSI

03/29/2004 08:47 PM <DIR> SPYBOT~1 Spybot - Search & Destroy

04/13/2005 01:17 PM <DIR> Starware

04/26/2005 12:56 PM <DIR> Symantec

02/22/2007 05:45 PM <DIR> TEMP

02/15/2006 02:55 PM <DIR> Trymedia

08/25/2004 05:04 PM <DIR> VIEWPO~1 Viewpoint

02/10/2006 06:35 PM <DIR> WINDOW~1 Windows Genuine Advantage

04/04/2007 02:12 PM <DIR> yahoo!

0 File(s) 0 bytes

28 Dir(s) 12,522,262,528 bytes free

--------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 2:46:02 PM, on 4/30/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\gearsec.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139610285828

O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/3ef815/games/files...aploader_v6.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

Your log is clean.

 

What problem is remaining?

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0