Please help! Explorer not working[resolved]

Welcome Guest ( Log In | Join )

If you don't enter, you can't win! Enter here

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

Please help! Explorer not working[resolved], Application error

Options

18et View Member Profile	Apr 16 2005, 12:07 PM Post #1
Member Posts: 12 OS: Windows XP	I just joined Geeks to Go, a couple weeks ago and I'm totally clueless when it comes to fixing computers (I'm a teenager), and I rather would appreciate help fixing this problem. there is an application error that occurs whenever I try to open Windows Explorer, My Documents, My computer, C:/, etc. and it's titled Explorer.EXE- Application error, it looks a little like this: The instruction at "0x03dbe9dc" referenced memory at "0x00000000". This memory could not be "written" Click on Ok to terminate the program Click on CANCEL to debug the program and at that point the screen sometimes flickers, returns to a window-free desktop, and afterthat it will return you to the program you were working on before but the explorer/mydocuments/my computer program doesn't open. I scanned my computer with ad-aware, mccafee virus scan online, spybot, cwshredder, and other online scans specified in the "before you post" section, the error simply will not go away. Here is my HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 12:47:39, on 2005/04/16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\ImageMate CompactFlash USB\SandIcon.Exe C:\WINDOWS\BQTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe C:\Program Files\Creative\Broadband Blaster UI\bbui.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Creative\ShareDLL\Mediadet.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\nsvsvc\nsvsvc.exe C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\system32\picsvr\picsvr.exe C:\WINDOWS\System32\n?svc32.exe C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLHOS~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLServiceHost.exe C:\Program Files\America Online 9.0\waol.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\America Online 9.0\shellmon.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Support.com\bin\tgcmd.exe C:\DOCUMENTS AND SETTINGS\TINA\DESKTOP\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...d&HelpLCID=1033 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file) O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing) O2 - BHO: (no name) - {5EAA2F45-D1CD-B563-FFDE-C027423888AF} - C:\WINDOWS\System32\gbwtbt.dll O2 - BHO: (no name) - {6E871F44-FCFA-8C26-D29D-850A070EA59A} - C:\WINDOWS\System32\gbwtbt.dll O2 - BHO: (no name) - {6E871F45-FCFD-8553-D2EE-F00A7208A59F} - C:\WINDOWS\System32\gbwtbt.dll O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [SandIcon] C:\Program Files\ImageMate CompactFlash USB\SandIcon.Exe O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [BroadbandBlasterUI] C:\Program Files\Creative\Broadband Blaster UI\bbui.exe O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper O4 - HKLM\..\Run: [nif] C:\WINDOWS\nif.exe O4 - HKLM\..\Run: [UU] C:\documents and settings\tina\local settings\temp\UU.exe O4 - HKLM\..\Run: [Quy6xnzg] C:\documents and settings\tina\local settings\temp\Quy6xnzg.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100809015\EE\AOLHostManager.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [DbT] C:\documents and settings\tina\local settings\temp\DbT.exe O4 - HKLM\..\Run: [6gBuGib9] C:\documents and settings\tina\local settings\temp\6gBuGib9.exe O4 - HKLM\..\Run: [netdaemon] C:\WINDOWS\System32\netdaemon /v O4 - HKLM\..\Run: [ntechin] C:\Documents and Settings\Tina\n20050308.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [udxcoljb] c:\windows\system32\udxcoljb.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vzvlvv.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKCU\..\Run: [ZeroAds] C:\Program Files\FBM Software\ZeroAds\Zeroads.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Tina\Application Data\eetu.exe O4 - HKCU\..\Run: [Rms] C:\WINDOWS\System32\n?svc32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b O4 - Startup: Sid Registration.lnk = D:\ATR1.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - C:\WINDOWS\System32\crtv2_32.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8094/Java/cs4ms090.cab O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.5.21/fl...r-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.3.20/ho...m-ob-assets.cab O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc02.rightnowtech.com/7012-b345...l/java/RntX.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O20 - AppInit_DLLs: mad.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

coachwife6 View Member Profile	Apr 17 2005, 01:00 PM Post #2
SuperMod Posts: 11,399 From: In the gym OS: xp home, xp pro	Welcome to Geeks to Go 18et. Did you follow the recomendations here? I think once you follow these procedures, your computer will be much easier to work on. Give me another log when you're through.

18et View Member Profile	Apr 17 2005, 02:53 PM Post #3
Member Posts: 12 OS: Windows XP	yeah, I'd already followed that whole list. I found out that my explorer works in safe mode, but not in the regular mode. But thank you for your reply! Would you like me to post a new hijackthis log? Also, from what I've researched, this is a pretty common error, and it needs a hotfix or something (would you happen to know where to get one of those?)

coachwife6 View Member Profile	Apr 17 2005, 08:36 PM Post #4
SuperMod Posts: 11,399 From: In the gym OS: xp home, xp pro	First download Killbox from here: http://www.bleepingcomputer.com/files/killbox.php Then copy the part in bold below to notepad and name it removemad.reg save it to your desktop. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707E6F76-9FFB-4920-A976-EA101271BC25}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}] You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder Press Control-Alt-Del to enter the Task Manager. Click on the Processes tab and end the following processes: C:\WINDOWS\system32\nsvsvc\nsvsvc.exe C:\WINDOWS\system32\picsvr\picsvr.exe Exit the Task Manager when finished. Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file) O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing) O2 - BHO: (no name) - {5EAA2F45-D1CD-B563-FFDE-C027423888AF} - C:\WINDOWS\System32\gbwtbt.dll O2 - BHO: (no name) - {6E871F44-FCFA-8C26-D29D-850A070EA59A} - C:\WINDOWS\System32\gbwtbt.dll O2 - BHO: (no name) - {6E871F45-FCFD-8553-D2EE-F00A7208A59F} - C:\WINDOWS\System32\gbwtbt.dll O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\webdir.dll O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [SandIcon] C:\Program Files\ImageMate CompactFlash USB\SandIcon.Exe O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINDOWS\BQTray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [Windows Explorer] EXPLORERZ.EXE O4 - HKLM\..\Run: [nif] C:\WINDOWS\nif.exe O4 - HKLM\..\Run: [UU] C:\documents and settings\tina\local settings\temp\UU.exe O4 - HKLM\..\Run: [Quy6xnzg] C:\documents and settings\tina\local settings\temp\Quy6xnzg.exe O4 - HKLM\..\Run: [DbT] C:\documents and settings\tina\local settings\temp\DbT.exe O4 - HKLM\..\Run: [6gBuGib9] C:\documents and settings\tina\local settings\temp\6gBuGib9.exe O4 - HKLM\..\Run: [netdaemon] C:\WINDOWS\System32\netdaemon /v O4 - HKLM\..\Run: [ntechin] C:\Documents and Settings\Tina\n20050308.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Tina\Application Data\eetu.exe O4 - HKCU\..\Run: [Rms] C:\WINDOWS\System32\n?svc32.exe O4 - Startup: Sid Registration.lnk = D:\ATR1.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<<resource hog O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B} - C:\WINDOWS\System32\crtv2_32.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O20 - AppInit_DLLs: mad.dll Click on Fix Checked when finished and exit HijackThis. Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold (if found): C:\WINDOWS\System32\gbwtbt.dll C:\WINDOWS\webdir.dll EXPLORERZ.EXE C:\WINDOWS\nif.exe C:\documents and settings\tina\local settings\temp\UU.exe C:\documents and settings\tina\local settings\temp\Quy6xnzg.exe C:\documents and settings\tina\local settings\temp\DbT.exe C:\documents and settings\tina\local settings\temp\6gBuGib9.exe C:\WINDOWS\System32\netdaemon /v C:\Documents and Settings\Tina\n20050308.exe C:\Program Files\SpyKiller\<<entire folder C:\Program Files\BestPopUpKiller C:\Documents and Settings\Tina\Application Data\eetu.exe C:\WINDOWS\System32\n?svc32.exe C:\Program Files\Ebates_MoeMoneyMaker Then doubleclick the file we made on your desktop and confirm you want to merge it with the registry. Then use Killbox to delete: c:\windows\system32\mad.dll Choose the "Delete on Reboot" functions and copy & paste the path into the box. Please scan your system with Ad-aware: Ad-aware SE - Download - Home Page If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now". Once the definitions have been updated: Reconfigure Ad-Aware for Full Scan as per the following instructions: Launch the program, and click on the Gear at the top of the start screen. Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.) "Automatically save logfile" Automatically quarantine objects prior to removal" Safe Mode (always request confirmation) Prompt to update outdated confirmation) - Change to 7 days. Click the "Scanning" button (On the left side). Under Drives & Folders, select "Scan within Archives" Click "Click here to select Drives + folders" and select your installed hard drives. Under Memory & Registry, select all options. Click the "Advanced" button (On the left hand side). Under "Shell Integration", select "Move deleted files to Recycle Bin". Under "Log-file detail", select all options. Click on the "Defaults" button on the left. Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com. Click the "Tweak" button (Again, on the left hand side). Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following: "Unload recognized processes during scanning." "Obtain command line of scanned processes" "Scan registry for all users instead of current user only" Under "Cleaning Engine", select the following: "Automatically try to unregister objects prior to deletion." "During removal, unload explorer and IE if necessary" "Let Windows remove files in use at next reboot." "Delete quarrantined objects after restoring" Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)" Click on "Proceed" to save these Preferences. Click on the "Scan Now" button on the left. Under "Select Scan Mode, be sure to select "Use Custom Scanning Options". Close all programs except ad-aware. Click on "Next" in the bottom right corner to start the scan. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish. Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer) You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button. Make sure the following are checked: Downloaded Program Files Temporary Internet Files and Recycle Bin Click OK and Disk Cleanup will delete those files for you. If you would please, rescan with HijackThis and post a fresh log in this same topic.

18et View Member Profile	Apr 23 2005, 11:38 AM Post #5
Member Posts: 12 OS: Windows XP	Dear CoachWife6, Thank you thank you thank you very much! I really want to let you know that I appreciate all the help you have given me because the computer is now working perfectly now (well, almost, a computer is never perfect... ). We were considering throwing this computer out because of the slowness and the memory error that kept on coming up (which is now I'm thankful to say, completely gone) and now I will probably keep this computer longer than I thought! Once again thanks! Here is a new fresh hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 12:32:13, on 2005/04/23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\Program Files\Creative\Broadband Blaster UI\bbui.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLHOS~1.EXE C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLServiceHost.exe C:\Documents and Settings\Tina\Start Menu\Programs\Hijackthis\HijackThis.exe C:\Program Files\Support.com\bin\tgcmd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://officeupdate.microsoft.com/office/r...d&HelpLCID=1033 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [BroadbandBlasterUI] C:\Program Files\Creative\Broadband Blaster UI\bbui.exe O4 - HKLM\..\Run: [bbui] C:\Program Files\Creative\8xxx\bbui.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100809015\EE\AOLHostManager.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [udxcoljb] c:\windows\system32\udxcoljb.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vzvlvv.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [ZeroAds] C:\Program Files\FBM Software\ZeroAds\Zeroads.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8094/Java/cs4ms090.cab O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.5.21/fl...r-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.3.20/ho...m-ob-assets.cab O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc02.rightnowtech.com/7012-b345...l/java/RntX.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

coachwife6 View Member Profile	Apr 24 2005, 08:52 PM Post #6
SuperMod Posts: 11,399 From: In the gym OS: xp home, xp pro	You may wish to print out a copy of these instructions to follow while you complete this procedure. Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible. I would suggest disabling Microsoft Anti-Spyware until we get you clean as well. Click Start > Run > type services.msc, then click OK Scroll down and right click on 'COM+ System Service' Select 'Properties' and set the "Service Status" option to "Stop" Set "Startup type" to "Disabled", click Apply, then OK. Press Control-Alt-Del to enter the Task Manager. Click on the Processes tab and end the following processes: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Exit the Task Manager when finished. Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked. O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [udxcoljb] c:\windows\system32\udxcoljb.exe O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\vzvlvv.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll Let's remove the following just to clean things up a bit. The next time you go to these sites, the Active X controls will be download. O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab O16 - DPF: ChatSpace Java Client 2.1.0.90 - http://64.85.20.117:8094/Java/cs4ms090.cab O16 - DPF: Dice Derby by pogo.com - http://checkeredflag.pogo.com/applet/check...g-ob-assets.cab O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.5.21/fl...r-ob-assets.cab O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.3.20/ho...m-ob-assets.cab O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtm_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt4_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt0_x.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc02.rightnowtech.com/7012-b345...l/java/RntX.cab Click on Fix Checked when finished and exit HijackThis. Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold (if found): c:\windows\system32\udxcoljb.exe C:\WINDOWS\system32\vzvlvv.exe Post back a fresh HijackThis log and we will take another look.

18et