Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm Trying to Re-Install Internet Explorer.........


  • Please log in to reply

#31
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Please go here:

Malware Removal Guide

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum

For the purpose of accurate malware analysis, Hijack This Logs are only dealt with in the Malware Forum. Posting them anywhere else will result in a delayed response

If you are unable to run any of the programmes, ask for advice in the Malware Forum
  • 0

Advertisements


#32
Dominique H

Dominique H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Keith,

Belieive it or not, but as critical as it is for me to get this solved, I haven't even completed the original task. I've been bombarded with my business practice. But, at the present time (and I apologize for NOT doing this earlier) here is the "highjackthis" description of my system:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:16 AM, on 01/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AdLib\AdLib eXpress\AdLibFMR.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Sawmill 7\SawmillService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Sawmill 7\SawmillCL.exe
C:\Program Files\Sawmill 7\SawmillCL.exe
C:\Program Files\Search Engine Commando\ScheduleService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\PayPal Monitor\PayPal Monitor.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\hijackthis\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hayllc.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://vivisimo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hayllc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hayllc.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\winmgd.win
F1 - win.ini: run=C:\WINDOWS\system32\mouse_configurator.win
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\kk6js58u.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dan\Application Data\Mozilla\Profiles\default\kk6js58u.slt\prefs.js)
O2 - BHO: XBTB07983 - {3FC4585B-7B09-4b9a-973D-A9CD3D6B9079} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\INSTAL~1\{C49DD~1\0\TODAYS~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Todays_Indie toolbar - {f9a7e0cd-4fd8-4b65-a356-7369a6e22eb7} - C:\Program Files\Todays_Indie\tbToda.dll
O3 - Toolbar: Teoma Bar - {4194307F-65BB-454A-81D4-9E8A9D7CBAEA} - C:\WINDOWS\system32\teomabAC.dll
O3 - Toolbar: Business.com IE Toolbar - {A1502779-71FD-83A1-90FE-83C12D86ADC7} - C:\WINDOWS\Downloaded Program Files\CONFLICT.6\businessbar.dll
O3 - Toolbar: Clusty - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Clusty Toolbar\toolbar2.dll
O3 - Toolbar: TodaysIndie.com Toolbar - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\installed\{C49DD894-C6DE-4910-8C41-BA20F852D8BC}\0\todaysindie.toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [GetPDF] C:\Program Files\GetPDF Web Server\GetPDF.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: PayPal Monitor.lnk = C:\Program Files\PayPal Monitor\PayPal Monitor.exe
O4 - Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SecExpert.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clusty meta-search - res://C:\Program Files\Clusty Toolbar\toolbar2.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &WebStasher Search - res://C:\Program Files\Flexity\WebStasher\WebStasher.dll/SelectTerms.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add all items to the auction list - res://c:\Program Files\RKD\AuctionNavigator\BidCtxtClick.dll/202
O8 - Extra context menu item: Add this item to the auction list - res://c:\Program Files\RKD\AuctionNavigator\BidCtxtClick.dll/201
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Ultra\teleport.htm
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Dan\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\PROGRA~1\Browster\Browster.dll/CustomPrefetchMenu.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Dictionary Search - javascript:external.menuArguments.location.href="javascript:TeomaBarcommand='cmd-search-selection-word'"
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Explore with &Instant Source - C:\Program Files\Instant Source\context.html
O8 - Extra context menu item: Html To Image - C:\Program Files\Html To Image\menu.htm
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Search Using Copernic Meta - res://C:\WINDOWS\Downloaded Program Files\CopernicMeta.dll/HTML/SearchExt
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Teoma Search - javascript:external.menuArguments.location.href="javascript:TeomaBarcommand='cmd-search-selection'"
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Instant Source - {8BD5271D-69C9-4467-882D-5139952D7754} - C:\Program Files\Instant Source\isrc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra 'Tools' menuitem: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe
O9 - Extra button: TodaysIndie.com Toolbar - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\installed\{C49DD894-C6DE-4910-8C41-BA20F852D8BC}\0\todaysindie.toolbar.dll
O9 - Extra 'Tools' menuitem: TodaysIndie.com Toolbar - {C49DD894-C6DE-4910-8C41-BA20F852D8BC} - C:\PROGRA~1\SOFTOM~1\TOOLBA~1\installed\{C49DD894-C6DE-4910-8C41-BA20F852D8BC}\0\todaysindie.toolbar.dll
O9 - Extra button: HttpWatch - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwtch.dll
O9 - Extra 'Tools' menuitem: HttpWatch - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwtch.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://hayllc.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://hayllc.com
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O15 - Trusted Zone: http://www.lyricshosting.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://www.snapfiles.com
O15 - Trusted Zone: http://cache.ysbweb.com
O15 - Trusted Zone: http://www.ysbweb.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Copernic Meta -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} (Teoma Installer Control) - http://sp.ask.com/do...teomab-inst.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {ADFEE671-5D06-48A7-AF43-A598D3A58AF6} (DemoForge Player Control) - http://www.demoforge.../dst/dfplay.cab
O16 - DPF: {B6B14E82-E23B-48DE-BFFF-876EC90D9B96} -
O16 - DPF: {CDC7F1F0-C73B-4061-913C-61A4CAFB43D5} - http://www.business....ar2/toolbar.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - C:\WINDOWS\DOWNLO~1\COPERN~1.DLL
O18 - Protocol: flex - {DEDBAFF5-6763-4DB5-8A7F-485B1543F16E} - C:\Program Files\Flexity\WebStasher\WebStasher.dll
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AdLib FMR - AdLib eDocument Solutions - C:\Program Files\AdLib\AdLib eXpress\AdLibFMR.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe" "C:\Program Files\Icecast2 Win32 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - InstallShield - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sawmill - Unknown owner - C:\Program Files\Sawmill 7\SawmillService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Search Engine Commando Schedule Service (SECScheduleService) - Tates Creek Software, LLC - C:\Program Files\Search Engine Commando\ScheduleService.exe
O23 - Service: GetPDF Printing (Service1) - Unknown owner - C:\Program Files\GetPDF Web Server\GetPDFPrinting.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: PaperCut Print Charging (wPaperCut) - Oscura - C:\Program Files\PaperCut\PCService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


I will try to work on the original task with the next 30 mins. THANKS AGAIN KEITH
  • 0

#33
Dominique H

Dominique H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Keith, I just posted the posting before reading your info. I will do that as well. Sorry about posting the Highjackthis in this section.

I will be back.
  • 0

#34
Dominique H

Dominique H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
If you are still watching this posting Keith, I have administered the Ad-Aware SE prog since I last posted prior to this one. Sadly to say, it's still running. Thought it's caused a tremendous delay for me, it has shown me that there where a lot of hidden things that could be clogging up my cpu that my other spyare programs couldn't find. Go figure. I thought I had some great spyware programs. Most seems like they're wasted dollars for me. Anyway, once this has finished scanning my system I will follow through the rest of the procedure of cleaning the system. After that, I will reinstall ie one more time. Hopefully at that level everything will be running smoothly again. If not, maybe a reinstall of the OS will be due? I really hope not. THANKS AGAIN FOR ALL OF YOUR HELP THUSFAR.
  • 0

#35
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
If you have malware, and it seems so, then it will get in the way of any repairs you try, so, hopefully you get the all clear soon, then you can revisit the repair and it will be more effective
  • 0

#36
Dominique H

Dominique H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Keith, I think we can just close this posting. Nothing has been solved. I think it may be worse than I thought.

It's crazy, but, everything seems to be working fine. Except WINDOWS starts up slow. This could be for a lack of memory. I have 120 NON_TRUE Gigs on my harddrive and now there's about 4. something gigs left. There's a lot of power drainage I know. My memory's at 512mb.

Well, anyway, I will be reinstalling my system. I can't wait any longer. It's costing me too much time and money. If you have any other suggestions for a solution............"PLEASE, LET ME KNOW ASAP!" For I will be backing up and saving a lot of things on my system now in preparing for the thing I didn't want to do.....REINSTALL THE OS.

I will be coming back to this posting from time to time to see if you have another solution or not Keith.
  • 0

#37
Dominique H

Dominique H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Keith, another reason what's strongly prompted me to reinstall the OS is the following:

Posted Image

Please look at the date area. Why does that showing a bunch of foreign sysmbols? It doesn't make sense to me other than something may be seriously messed up?

Thank you

Edited by Dominique H, 05 January 2006 - 06:31 AM.

  • 0

#38
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Re-installing will deal with the potential malware as well, and you will only need to load what you need back on

You could also consider increasing the installed ram memory, windows can use virtual memory but needs hard drive space to create this, theoretically, the more a hard drive is used up, the less windows has to work with, which could account for the performance slow down

You can look at using dban or the hard drive manufacturer's set up utility which will format the drive more comprehensively than the windows format, although windows will still want to format as part of installation

http://dban.sourceforge.net/

If you can back up everything you need then a clean install is a good move
  • 0

#39
Dominique H

Dominique H

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Keith, again, thanks for your valuable inputs. I have made a landmark decsion to do a "clean install." I don't have the time to do anything else anymore.

The thing that I was dreading the most was the "back up process." Too many programs to reinstall, update them, plus the activation process. Then all of the important folders that need saved. ALL A LOT OF WORK AND TIME. I feel like I'm needing to talk to my cpu shrink. Or maybe you've become just that for me. Anyway, thanks for the great support that you've given me and the great experience which I had encountered here at Geekstogo.com . The help here is priceless. THANKS A ALOT.


P.S. First, since I don't believe in spamming through emails, groups, forums, etc I would like to repay geekstogo.com by allowing some free advertising space on some appropriate web projects. Let me know if there is an interest in this. You can post another posting here with your response.

I have already started the "back-up" process and will be down for a while. So, if I don't see your response soon in either venue, I will see them soon and go from there. AGAIN THANKS FOR YOUR HELP
  • 0

#40
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Hello Dominique,

Thank You for the kind offer

I removed the e-mail address because the site can be viewed by visitors and it could lead to you getting contact from anyone and everyone

Will be in touch

Keith
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP