Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus?


  • Please log in to reply

#1
cher1234

cher1234

    Member

  • Member
  • PipPip
  • 24 posts
My computer is acting really slow. All my programs are crashing.
When I looked at msconfig, there is something in my start up that is named a bunch of symbols- kindof like this... □□□□□□□□□□□□□
I have 2 anit-virus programs that usually catch everything. Even with updating the virus definitions they don't catch this sneaky guy.
I think I may have more than one virus.

HELP!!
:tazz:
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and post your log as a new topic in the Hijack This forum. It will get a better response there from the people most qualified to analyze logs.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
cher1234

cher1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I followed the five steps. Ad aware found 70 threats but 60 of them are from my other anti-virus program. It seems to think my other program is a virus. The program is called Stop-Sign Eacceleration.
Here is the log from Ad aware:


Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 8:12:31 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):1 total references
BroadCastPC(TAC index:7):1 total references
eAcceleration(TAC index:7):61 total references
istbar(TAC index:6):8 total references
Lycos Sidesearch(TAC index:7):1 total references
WinAD(TAC index:7):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-2-2005 8:12:31 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 568
ThreadCreationTime : 5-3-2005 3:09:35 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 5-3-2005 3:09:38 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 5-3-2005 3:09:40 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 5-3-2005 3:09:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 5-3-2005 3:09:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 5-3-2005 3:09:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 912
ThreadCreationTime : 5-3-2005 3:09:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1128
ThreadCreationTime : 5-3-2005 3:09:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1244
ThreadCreationTime : 5-3-2005 3:09:46 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [userinit32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 5-3-2005 3:09:46 AM
BasePriority : Normal


#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1276
ThreadCreationTime : 5-3-2005 3:09:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1436
ThreadCreationTime : 5-3-2005 3:09:47 AM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1456
ThreadCreationTime : 5-3-2005 3:09:47 AM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 5-3-2005 3:09:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1676
ThreadCreationTime : 5-3-2005 3:09:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:16 [hpconfig.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1716
ThreadCreationTime : 5-3-2005 3:09:48 AM
BasePriority : Normal
FileVersion : 3, 0, 1, 8
ProductVersion : 3, 0, 1, 8
ProductName : HPConfig Module
CompanyName : Hewlett-Packard
FileDescription : HPConfig Module
InternalName : HPConfig
LegalCopyright : Hewlett-Packard Copyright © 1999-2002
OriginalFilename : HPConfig.EXE
Comments : HP Configuration Interface Service

#:17 [hpwirelessmgr.exe]
FilePath : C:\Program Files\HPQ\Notebook Utilities\
ProcessID : 1736
ThreadCreationTime : 5-3-2005 3:09:48 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : HPWirelessMgr Module
CompanyName : Hewlett-Packard Co.
FileDescription : HPWirelessMgr Module
InternalName : HPWirelessMgr
LegalCopyright : Hewlett-Packard Copyright 2002
OriginalFilename : HPWirelessMgr.EXE
Comments : HP Wireless On/Off Button Service

#:18 [mousehs.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1808
ThreadCreationTime : 5-3-2005 3:09:49 AM
BasePriority : Normal


#:19 [nprotect.exe]
FilePath : C:\Program Files\Norton AntiVirus\AdvTools\
ProcessID : 1848
ThreadCreationTime : 5-3-2005 3:09:49 AM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:20 [scan.exe]
FilePath : C:\PROGRA~1\ACCELE~1\SCRIPT~1\
ProcessID : 1876
ThreadCreationTime : 5-3-2005 3:09:49 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Stop-Sign
CompanyName : Acceleration Software
FileDescription : scan
InternalName : scan
LegalCopyright : Copyright © 2003
OriginalFilename : scan.exe
Comments : Script Guard

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1932
ThreadCreationTime : 5-3-2005 3:09:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1960
ThreadCreationTime : 5-3-2005 3:09:49 AM
BasePriority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:23 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1032
ThreadCreationTime : 5-3-2005 3:09:57 AM
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:24 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1328
ThreadCreationTime : 5-3-2005 3:09:59 AM
BasePriority : Normal
FileVersion : 6.13.10.3022
ProductVersion : 6.13.10.3022
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:25 [onetouch.exe]
FilePath : C:\PROGRA~1\HPQ\ONE-TO~1\
ProcessID : 1400
ThreadCreationTime : 5-3-2005 3:10:01 AM
BasePriority : Normal
FileVersion : 1.6.3.0
ProductVersion : 1.6.3.0
ProductName : Dritek System Inc. OneTouch 10.05.2002 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : One-Touch
InternalName : OneTouch
LegalCopyright : Copyright © 2002 Dritek System Inc.
OriginalFilename : OneTouch.exe

#:26 [syntplpr.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1424
ThreadCreationTime : 5-3-2005 3:10:01 AM
BasePriority : Normal
FileVersion : 6.7.4 09Sep02
ProductVersion : 6.7.4 09Sep02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:27 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1656
ThreadCreationTime : 5-3-2005 3:10:02 AM
BasePriority : Normal
FileVersion : 6.7.4 09Sep02
ProductVersion : 6.7.4 09Sep02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:28 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 1920
ThreadCreationTime : 5-3-2005 3:10:02 AM
BasePriority : Normal
FileVersion : 6.0.8.122
ProductVersion : 6.0.8.122
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:29 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2000
ThreadCreationTime : 5-3-2005 3:10:03 AM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:30 [carpserv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 500
ThreadCreationTime : 5-3-2005 3:10:06 AM
BasePriority : Normal
FileVersion : 6.02.05
ProductVersion : 6.02.05
ProductName : SoftK56 Modem Driver
CompanyName : Conexant Systems, Inc.
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2003
OriginalFilename : carpserv.exe

#:31 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 708
ThreadCreationTime : 5-3-2005 3:10:07 AM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:32 [hpztsb07.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 1064
ThreadCreationTime : 5-3-2005 3:10:09 AM
BasePriority : Normal
FileVersion : 2,140,0,0
ProductVersion : 2,140,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

#:33 [hphmon04.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2052
ThreadCreationTime : 5-3-2005 3:10:10 AM
BasePriority : Normal
FileVersion : 4,2,41
ProductVersion : 4,2,41
ProductName : hp photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon04
InternalName : HPHmon04
LegalCopyright : Copyright © 2001
OriginalFilename : HPHmon04.exe

#:34 [usrprmpt.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 2088
ThreadCreationTime : 5-3-2005 3:10:11 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Helper
InternalName : UsrPrmpt.dll
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : UsrPrmpt.dll

#:35 [stopsignav.exe]
FilePath : C:\Program Files\Acceleration Software\Anti-Virus\
ProcessID : 2120
ThreadCreationTime : 5-3-2005 3:10:12 AM
BasePriority : Normal
FileVersion : 0,0,1,3927
ProductVersion : 0,0,1,3927
ProductName : Stop-Sign Threat Scanner
CompanyName : eAcceleration Corp
FileDescription : Stop-Sign Threat Scanner GUI
LegalCopyright : Copyright 2001-2005
OriginalFilename : stopsignav.exe

#:36 [eanthology.exe]
FilePath : C:\Program Files\Common Files\eAcceleration\
ProcessID : 2472
ThreadCreationTime : 5-3-2005 3:10:22 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 634
ProductVersion : 1, 0, 0, 634
ProductName : eAcceleration
CompanyName : eAcceleration Corp
FileDescription : eAcceleration Software Station
InternalName : eanthology.exe
LegalCopyright : Copyright © 2002-2004 eAcceleration Corp
LegalTrademarks : ...
OriginalFilename : eanthology.exe
Comments : ...

#:37 [dguard.exe]
FilePath : C:\PROGRA~1\ACCELE~1\DOWNLO~1\
ProcessID : 2564
ThreadCreationTime : 5-3-2005 3:10:23 AM
BasePriority : Normal
FileVersion : 2.0.1.30
ProductVersion : 1.0
ProductName : Download Guard
CompanyName : Acceleration Software International Corporation
FileDescription : Download Guard
InternalName : FCUB
LegalCopyright : Copyright © Acceleration Software 2004

#:38 [mediaacck.exe]
FilePath : C:\Program Files\Media Access\
ProcessID : 2612
ThreadCreationTime : 5-3-2005 3:10:25 AM
BasePriority : Normal


#:39 [mediaaccess.exe]
FilePath : C:\Program Files\Media Access\
ProcessID : 2644
ThreadCreationTime : 5-3-2005 3:10:26 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE

#:40 [wlancfg4.exe]
FilePath : C:\Program Files\NETGEAR\MA111 Configuration Utility\
ProcessID : 2852
ThreadCreationTime : 5-3-2005 3:10:29 AM
BasePriority : Normal


#:41 [wpc54cfg.exe]
FilePath : C:\Program Files\Linksys\Wireless-G Notebook Adapter\
ProcessID : 2880
ThreadCreationTime : 5-3-2005 3:10:30 AM
BasePriority : Normal
FileVersion : 1.0.5.98
ProductVersion : 1.0.5.0
ProductName : Linksys Instant WLAN Monitor
CompanyName : The Linksys Group, Inc.
FileDescription : Linksys Instant WLAN Monitor
InternalName : WLANMonitor.EXE
LegalCopyright : Copyright © 2003, Linksys
LegalTrademarks : Instant Wireless
OriginalFilename : WLANMonitor.EXE
Comments : Linksys Instant WLAN Monitor

#:42 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3132
ThreadCreationTime : 5-3-2005 3:10:43 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:43 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 3980
ThreadCreationTime : 5-3-2005 3:11:32 AM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:44 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2080
ThreadCreationTime : 5-3-2005 3:11:49 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:45 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2952
ThreadCreationTime : 5-3-2005 3:12:29 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : "Stop-sign" shellextension
Rootkey : HKEY_CLASSES_ROOT
Object : *\shellex\contextmenuhandlers\stopsignrcs

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Stop-sign" shellextension
Rootkey : HKEY_CLASSES_ROOT
Object : *\shellex\contextmenuhandlers\stopsignrcs
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{41ec560d-9371-4923-b0ad-f6a9504d3aa0}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{459729ac-727d-4d97-b18a-72ee224efec0}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{459729ac-727d-4d97-b18a-72ee224efec0}
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{46d570d9-71c8-44e5-a76c-aadfe94442ca}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6acd11bd-4ca0-4283-a8d8-872b9ba289b6}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{878c1976-66ab-4454-a9b1-40cd594ac223}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bb83fd23-ac96-472d-8aa2-7d8560a61d1a}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bb83fd23-ac96-472d-8aa2-7d8560a61d1a}
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c398f337-51d5-40c3-aa3b-684e833d8888}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c398f337-51d5-40c3-aa3b-684e833d8888}
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f63c5b10-b709-4df5-ba27-b90102ad313b}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : defender.scancore

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : defender.scancore
Value : Version

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : defender.scangui

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : defender.scangui
Value : Version

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : directory\shellex\contextmenuhandlers\eac_virusscanner

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : directory\shellex\contextmenuhandlers\eac_virusscanner
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb80b457-f3f6-4992-a0c3-a128d58c7fb2}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb80b457-f3f6-4992-a0c3-a128d58c7fb2}
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d951b1f4-7399-426a-a925-d2c41fcf2002}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d951b1f4-7399-426a-a925-d2c41fcf2002}
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e6a8ee26-1fad-431c-99d6-8dba1e25cd72}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e6a8ee26-1fad-431c-99d6-8dba1e25cd72}
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f073d8a5-c4ac-4ddc-9204-b1c032b4bd72}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f073d8a5-c4ac-4ddc-9204-b1c032b4bd72}
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mseaid.gd\glsid

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mseaid.gd\glsid
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tetra.tetra

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tetra.tetra
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tetra.tetra.1

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tetra.tetra.1
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{3e072ab7-3cda-4536-8afd-56b0fe6846b4}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5fc3bb0f-d421-4587-aa1f-0e27358e0905}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{963dd0ff-4836-4de4-9590-d7efe8f62f8d}

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcelerator.webcbrowserhelper

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcelerator.webcbrowserhelper
Value : Version

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcelerator.webcbrowserhelper
Value :

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2965103273-785359745-2445748291-1006\software\acceleration software international corporation

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\acceleration software international corporation

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\eanthology

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{2f099f5d-7003-4441-82c2-707c7c273feb}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{2f099f5d-7003-4441-82c2-707c7c273feb}
Value : Clsid

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{2f099f5d-7003-4441-82c2-707c7c273feb}
Value : MenuText

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{2f099f5d-7003-4441-82c2-707c7c273feb}
Value : MenuStatusBar

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{2f099f5d-7003-4441-82c2-707c7c273feb}
Value : Default Visible

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{2f099f5d-7003-4441-82c2-707c7c273feb}
Value : ClsidExtension

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\eanthologyapp

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\eanthologyapp
Value : UninstallString

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : "Stop Sign" uninstall entry
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\stopsigneac

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Stop Sign" uninstall entry
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\stopsigneac
Value : UninstallString

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : "Stop Sign" uninstall entry
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\webscan

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Stop Sign" uninstall entry
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\webscan
Value : UninstallString

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2965103273-785359745-2445748291-1006\\software\acceleration software international corporation

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : InstallDate

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : account_id

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : config

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist
Value : InstallDate

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist
Value : account_id

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist
Value : config

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "EanthologyApp"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : EanthologyApp

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{46D570D9-71C8-44E5-A76C-AADFE94442CA}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shell extensions\approved
Value : {46D570D9-71C8-44E5-A76C-AADFE94442CA}

eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Stop Sign" shell extension
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shell extensions\approved
Value : {BB83FD23-AC96-472D-8AA2-7D8560A61D1A}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 66
Objects found so far: 66


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BroadCastPC Object Recognized!
Type : File
Data : GLK81.tmp
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Mango\Local Settings\Temp\



Lycos Sidesearch Object Recognized!
Type : File
Data : A0031079.dll
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP62\
FileVersion : 1, 0, 0, 8
ProductVersion : 1, 0, 0, 8
ProductName : SEP
FileDescription : SEP Module
InternalName : sep
LegalCopyright : Copyright 2004
OriginalFilename : sep.DLL


180Solutions Object Recognized!
Type : File
Data : A0034081.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP71\



WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 70


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 70




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mseaid.gd

eAcceleration Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Acceleration Software

eAcceleration Object Recognized!
Type : File
Data : Scan Now for Viruses and Threats.lnk
Category : Data Miner
Comment : "Stop-sign" shellextension
Object : C:\Documents and Settings\Mango\Desktop\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 73

8:43:06 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:30:34.908
Objects scanned:152267
Objects identified:73
Objects ignored:0
New critical objects:73



When I tried to log onto the hijackthis log forum this page popped up. http://www.iso.org/i...nline.frontpage
I have no clue where, if any, within this page is a link for hijackthis forum. So I am posting it here instead.



My hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:41:29 AM, on 5/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUMENTS AND SETTINGS\MANGO\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.psychedup.net/"); (C:\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://psychedup.net/cpanel"); (C:\Documents and Settings\Mango\Application Data\Mozilla\Profiles\default\yzhcfj2d.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mango\Application Data\Mozilla\Profiles\default\yzhcfj2d.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] csrssp.exe
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094101820501
O17 - HKLM\System\CCS\Services\Tcpip\..\{12B4C13A-C492-4E0C-BF05-3CEEC5FA27D4}: NameServer = 64.62.175.114,64.62.175.105
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33BB5C6-7BBF-4CBE-A350-38AC79DDD41E}: NameServer = 209.244.0.3 209.244.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{12B4C13A-C492-4E0C-BF05-3CEEC5FA27D4}: NameServer = 64.62.1
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Which help do you want at the moment?
Do you want Moderators (or other staff for that matter),
to move this topic to Ad-aware support and want your Ad-aware logfile to be checked, or do you want that HJT specialists takes a look at your HJT logfile?

- Rawe :tazz:
  • 0

#5
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
The bottom part of your log was cut off. Please run hijack this again and post the entire log.

also, please do this first:

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.
  • 0

#6
cher1234

cher1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Coachwife,
I ran the HijackThis program again. Here is the log.
I was not able to run the disk clean-up because my computer keeps crashing. I did recently delete the temp internet files though.
There seem to be a lot of things running on my system. Along with finding the virus can some of these be bogging down my system... what are they... can they be deleted?



Logfile of HijackThis v1.99.1
Scan saved at 3:56:50 PM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mango\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.

netscape.com/keyword/%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.psychedup.net/"); (C:

\Program Files\Netscape\Users\default\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://psychedup.net/cpanel"); (C:

\Documents and Settings\Mango\Application Data\Mozilla\Profiles\default\yzhcfj2d.slt\prefs.

js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files

%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and

Settings\Mango\Application Data\Mozilla\Profiles\default\yzhcfj2d.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:

\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:

\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:

\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton

Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb

07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd

04.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe

-k
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.

exe" /b Startup
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common

Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] csrssp.exe
O4 - HKLM\..\RunOnce: [StopSignStatus] Rundll32.exe "C:\Program Files\Common

Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus /ro
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111

Configuration Utility\wlancfg.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program

Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32

\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:

\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~

1\StopSign\webcbrowse0.dll
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:

\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.

windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094101820501
O17 - HKLM\System\CCS\Services\Tcpip\..\{12B4C13A-C492-4E0C-BF05-3CEEC5FA27D4}: NameServer =

64.62.175.114,64.62.175.105
O17 - HKLM\System\CS1\Services\Tcpip\..\{12B4C13A-C492-4E0C-BF05-3CEEC5FA27D4}: NameServer =

64.62.175.114,64.62.175.105
O17 - HKLM\System\CS2\Services\Tcpip\..\{12B4C13A-C492-4E0C-BF05-3CEEC5FA27D4}: NameServer =

64.62.175.114,64.62.175.105
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Unknown owner - C:\PROGRA~1\NORTON~3\NORTON~3\GHOSTS~2.

EXE (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:

\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook

Utilities\HPWirelessMgr.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.

exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:

\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:

\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\System32\ofps.exe (file

missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.

exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1

\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:

\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
cher1234

cher1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Rawe,

I'm looking for any help I can get. I put up the ad-aware log because it says to do that before putting up your hijackthis log. I hope i'm doing it right.

I just need help with my computer because I can't do anything on it without it crashing.
Even the taskbar crashes and won't let me shut my computer down... often.
BUMMER.

:tazz:
  • 0

#8
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You're doing fine. ;) The next time you run a scan, I need you to have all the lines configured much better. It was very difficult to read and I think I missed a great deal the first go-round.

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Acceleration is not recommended. Can you go to add/remove programs and remove it?

Please read here:

http://castlecops.co...plist-5183.html

Please set your system to show
all files; please see here if you're unsure how to do this.


Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following processes:

C:\PROGRA~1\ACCELE~1\SCRIPT~1\scan.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Common Files\eAcceleration\eanthology.exe
C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe

Exit the Task Manager when finished.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} -
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} -
\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} -
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
O4 - HKLM\..\Run: [EanthologyApp] "C:\Program Files\Common Files\eAcceleration\eanthology.
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common
O4 - HKLM\..\Run: [sginst] C:\PROGRA~1\ACCELE~1\SCRIPT~1\sginst.exe /upd
O4 - HKLM\..\Run: [dguard] C:\PROGRA~1\ACCELE~1\DOWNLO~1\dguard.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] csrssp.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:
O9 - Extra button: (no name) - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:\PROGRA~1\ACCELE~
O9 - Extra 'Tools' menuitem: Block This Page - {2F099F5D-7003-4441-82C2-707C7C273FEB} - C:


Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.


Using Windows Explorer, locate the following files/folders, and delete them:

C:\PROGRA~1\ACCELE~1<<entire folder
C:\Program Files\Media Access\<<entire folder
C:\WINDOWS\System32\Userinit.exe
C\WINDOWS\EliteSideBar\<<entire folder
C:\PROGRA~1\Aveo\Attune<<entire folder


Exit Explorer, and reboot as normal afterwards.


If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.

Post back a fresh HijackThis log and we will take another look. :tazz:
  • 0

#9
cher1234

cher1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Is is possible to log onto geekstogo without being on my computer? Since my computer crashes so much I tried logging in on another computer and it would not accept my user name & password. I though maybe I had the wrong password but couldn't find any info to find out what it was.
Do I need to do a different log in for every computer i'm using?

As for the Acelleration program...
I have paid a whole year for their services and I use them to dial up on the internet. So I do not want to delete them right now. I'm not sure what to do since at this point.

I'm still working on the other instructions.

thanks,
dazed & confused....
  • 0

#10
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
That other computer may be blocking you from logging in. It may have it's security setting much higher or it may be restricted by the network, particularly if it's a school, business, etc.
  • 0

Advertisements


#11
cher1234

cher1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I followed the instructions of the last message. I did not delete the eacceleration files becuase I use them to dial up on the internet - as well as the anti-virus.
BUT, after following the instructions I restarted my computer only to find out it would log on and immediately log off. I cannot get past that. I've restarted it many times, shut it down completly, waited a while, started it again and the same thing happens. I must have deleted something I wasn't supposed to.

The computer starts up like its going to log on. It gets to the log on screen, acts like it's going to log on and immediately logs off.


NOW WHAT???
:tazz:

cher
  • 0

#12
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Can you post another log?

Are you losing internet connection or have you lost it? If you've lost it, try this.

Please download this Winsock Fix XP file to a floppy disk,
you can run it off the floppy disk
  • 0

#13
cher1234

cher1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I've definitly lost it, but the "it" is my mind... dealing with this computer. :tazz:

I cannot post another log just yet. The computer will not stay logged on long enough to do anything. When I start the computer, it goes through the beginning processes of loading. Usually I don't have to log on, it automatically goes into windows. Right now, it loads almost to windows, (meaning I can see the background start to load) the background flashes for a split second - like it's going to load (but doesn't load) it then automatically logs off. It takes me to the log in window. I click on my log on name, and once again it starts opening windows but within seconds goes back to the log in screen.
It makes the sound of logging into windows and logging out of windows, one right after anohther.

I've downloaded the program onto a floppy. Since I cannot get into windows should I choose to run from the floppy during startup (I think it may be an option by pressing F8). If not, is there another way?

Cher
  • 0

#14
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I've been real busy with my job. We will get this worked out. Don't stress over it. Just walk away from it for awhile. It will be much later tonight when I will be able to tackle it. :tazz:
  • 0

#15
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
First of all, if you have run hijack this already, let's reverse what we have already done. I made a mistake -- your log was difficult to read in wordwrap--I should have had you repost it.

Boot the computer into safe mode. When it starts to boot up, lightly tap F8. We will work in safe mode.

HijackThis comes with a backup and restoral procedure in the event that you erroneously remove an entry that is actually legitimate. If you have configured HijackThis as was shown in this tutorial, then you should be able to restore entries that you have previously deleted. If you have had your HijackThis program running from a temporary directory, then the restoral procedure will not work.

If the configuration setting Make backups before fixing items is checked, HijackThis will make a backup of any entries that you fix in a directory called backups that resides in the same location as Hijackthis.exe.

If you start HijackThis and click on Config, and then the Backup button you will be presented with a screen shot like Figure 6 below. You will have a listing of all the items that you had fixed previously and have the option of restoring them. Once you restore an item that is listed in this screen, upon scanning again with HijackThis, the entries will show up again.
Once you are finished restoring those items that were mistakenly fixed, you can close the program.


If stopsign eacceleration is "another" anti-virus program, that's a problem. having two anti-virus programs running simultaneously will cause your machine to suffer. Please get rid of one.

Go to start>>run>>add/remove programs and remove one of them.

Here is a note on stopsign eacceleration:

Note on eAcceleration Stop-Sign:  eAcceleration's Stop-Sign anti-malware scanner was listed on this page primarily because of the company's history of employing deceptive advertising and drive-by-downloads (1, 2, 3, 4). The company was also known for removing and/or disabling competing apps. These objectionable business practices were employed primarily during the years 2002-2003.

Sometime during 2004 the company underwent reorganization. Not only have the worst of the company's download and installation practices been halted, but the company has completely overhauled its stub installer application, giving users much more control over the software modules to be installed on their systems (1, 2).

While testing indicates that the "threat scanner" is still slow and has occasional problems with false positives -- in large part because of the use of heuristics, which cannot be turned off by the user -- we can no longer classify this application as "rogue/suspect." Nonetheless, this anti-malware application -- at least in its current state -- cannot be recommended, given the many excellent competing anti-virus, anti-trojan, and anti-spyware applications that are available (some for free). 

(Note: other domains associated with this outfit include: accelerationsw.com, buttonware.com, buttonware.net, clicksales.com, downloadsales.com, homepageware.com, oodlz.com, signupsales.com, webcelerator.com) [A: 6-26-04 / U: 8-7-04]



Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following processes:

C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe

Exit the Task Manager when finished.

Find these files -- still in safe mode and delete them.

C:\Program Files\Media Access\<<entire folder
C\WINDOWS\EliteSideBar\<<entire folder
C:\PROGRA~1\Aveo<<entire folder


Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin

Click OK and Disk Cleanup will delete those files for you.

Reboot and see if you can post a new log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP