[Lili]

Aww, lol, thanks for all your time.

I did the scan twice, but I'll post the log from the first time, which took about 75 minutes. The second time it only took seven.

I've tried so many times to post the log today. When I paste it into the post, it freezes every time. When I attach it, it makes like it's loading for at least 15 minutes and then gives me a Page Cannot Be Displayed Page or something like that.

Edit: Oops... I'm really sorry for the triple post. I guess two of the times I was trying to attach the log, it went through, but without the attachment. The other times when I checked it didn't go through. I'm really sorry.

Edited by Lili, 14 June 2005 - 09:42 PM.

[Advertisements]

Hi Lili

Don't try to post that log, we will start to clean you dead file's and links now.

Make a list of the programs that you can't remove from add remove program file's post the list.

Download and install EasyCleaner:
http://personal.inet...rts/ecleane.htm

After installing it check under Settings > Registry tab if the backup
option is checked and if the directory it points to exists.
This should be true by default, but check anyway.

Then click OK and click Registry
Then click Search. When it is done select all the items per color,
(most, if not all should be green) and are safe to remove click Remove.

Reboot when you are done and let us know how it goes.

Kc

[Lili]

The programs on my Add or Remove Programs list that I want to uninstall, but can't, are Mozilla Firefox (1.0.2) (I already have a later version installed) and Neopets Toolbar v3.0.0.40.

I got EasyCleaner, but it's not how you described. There's no Settings button, but I went to Options and found a Registry tab, but it doesn't have a backup option to check, unless that's the same thing as "Create undo file on delete?"
I did the search and it came up with a lot of stuff that said software and they all had a green icons by them, but I don't really understand what these things are and what the colors mean, so I didn't delete them yet.

Thank you.

[Lili]

Hi,

I'm sorry I haven't replied in a few days, I've just been so frustrated with these computer problems I'm having. I'm still getting disconnected every 5 to 15 minutes and now my computer is running really slow. I've never had that problem with this computer before. It's just really slow. Every time I open a new application it takes so much longer than normal just to open and slows everything else down. I find it especially odd that it started happening now, because when I was thinking about doing a restore/reformat, I burned all my files, except video and audio files, onto a disk so I actually have more space on my hard drive than before it started being so slow. And the weirdest part is that my internet problems seem to be connected with my friend's internet problems. This is just one of many examples: he was online and for once wasn't getting disconnected all the time, his internet was working fine, then I got online and as soon as I did and started talking to him (via instant messenger), he started getting disconnected. This doesn't happen with other people I talk to, however. What causes something like that where it just affects one other person? I'm just sooo incredibly frustrated and tired of it all. Anyway...

I really appreciate your help. Thank you so much!

I downloaded the Advanced Uninstaller PRO the other day and was able to uninstall the things I couldn't uninstall the regular way. I also used to Quick Cleaner it has, and the Registry Cleaner and Optimizer, and used it to delete temporary Windows files. Is there anything else I should use it for? I'm not sure what all of it does. I noticed it has a thing where you can manage the programs that start when you startup the computer, but I don't know what they are and which ones need to be there, so I'm afraid to erase any, but there are quite a few and I don't know what most of them are. Should I still use EasyCleaner and delete those software things it finds?

[Lili]

Ok, I did that.

[Lili]

I have AIM, but I almost never use it, so I don't think the problem is coming through it. I open it maybe every other month. I ran that AimFix program, though. It said it removed registry key "load" from startup.

Here's my new HJT.log -

Logfile of HijackThis v1.99.1
Scan saved at 2:59:52 AM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.neonewsnow.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Thanks.

[Lili]

Erm, I'm really confused. How would I be reinfecting the system again? I didn't know what you meant by the hosts file, but I think I found it:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

64.91.255.87 www.dcsresearch.com



Um, why does it say www.dcsresearch.com? I went there and it's the site for that one program I couldn't run, why would it say it here as the host name?

Edited by Lili, 22 June 2005 - 06:16 AM.

[Lili]

I didn't realize that Windows XP came with something that does the same thing as GoBack. Are you saying I shouldn't use GoBack? Just the one that comes with Windows XP? This part is really confusing me.

This part is especially confusing me: "Roxio. The GoBack software allows allows you to revert your Windows configuration file (the registry) back to it's previous states in the event of non-ciritcal errors. This program should not be terminated unless suspected to be causing problems." What do you mean?

Ok, I removed that thing you told me to. How did it get there? That site is for a program that's recommended on this forum in that other thread of things to do before you post...

Also, what kind of thing would cause a problem that would affect my internet connection and one other person's that I correspond with, but no one else who I talk to?

All of this is really frustrating me, not knowing more about it; I'd really appreciate a better explanation. (About the www.dcsresearch.com hosts thing, and Roxio, and what would cause something like this.)

Thanks for all your time and help.

[Lili]

I asked him to, but I don't know how soon he'll get to it. He doesn't use AIM anyway. I'll try to get him to run it, though.

Could you please answer my questions in my previous post? I'd really appreciate it. Thanks.