41 replies to this topic

[Chasmed]

Logfile of HijackThis v1.99.1
Scan saved at 7:18:49 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Alan\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...sario&pf=laptop
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf....ler/Install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1137851692281
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicr...scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9DDE8DE-3D41-4F14-9595-A439B9C9A6F4}: NameServer = 192.168.0.1
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[LDTate]

Please read my last post.

[Chasmed]

Nothing visible under Restricted sites

[LDTate]

Lets see if it's teaTimer. To disable TeaTimer 1) Run Spybot-S&D 2) Go to the Mode menu, and make sure "Advanced Mode" is selected 3) On the left hand side, choose Tools -> Resident 4) Uncheck "Resident TeaTimer" and OK any prompts

[Chasmed]

Disabled Tea timer and still cannot get www.dictionary.com. I did notice that SDhelper or something like that was checked. I did notice that when I boot my computer it says "generating list cache" It is a little window that looked much like a window that poped up when I ran spyboy S&D. UNRELATED problem: I dropped my powersupply and it is not working right now. I am going to try to get it working or get my roomate's powersupply. Otherwise things might end abruptly.

[LDTate]

Try adding www.dictionary.com to your Trusted Zone.

[Chasmed]

I tried to add the site and it would not let me add it unless it had https://

[LDTate]

were you able to add it? Does it load now?
http://dictionary.reference.com/

[Chasmed]

Tried adding it as https:// and it would not load.

[LDTate]

If you click the link I posted does it load?

[Chasmed]

My battery just died on me and the computer seems to be not charging. I am on my desktop at the moment.

Edited by Chasmed, 28 January 2006 - 06:56 PM.

[Chasmed]

It just went out of warranty too. I guess I will have to get back to the thread once I can get a new powersupply.

[LDTate]

OK

[Chasmed]

I'm back in business. I love my new iGO ICE 90.

As for the dictionary.com link you posted, I was not able to access the site from it. I did not get http://sea.search.ms....dictionary.com this time. Instead I got the page that simply says "Page cannot be displayed....."




ON a separate but related note. A good while back when I had some problems with my desk top someone provided me with some custom settings to run on Ad-aware. These settings were able to detect a problem that I had while the normal settings could not find it. I get the feeling that these settings were for a "power user" for lack of a better word. Would you know what these settings are or how I can recover them and transfer them to my laptop? I am thinking that it MIGHT be able to help in this instance.

Edited by Chasmed, 03 February 2006 - 07:41 PM.

[Chasmed]

Another thing. EVERY time I boot up I get a little window "windows security alert". It says something to the effect that my computer is not protected by antivirus. Is this simply because Norton is below this on the start-up list or is it because this bugger of a virus is disableing it long enough for it (the virus) to boot up so it can mess with my internet? UPDATE: I just downloaded Mozilla Firefox as I have heard it is a "safer" and more secure browser. It cannot access dictionary.com either.

Edited by Chasmed, 03 February 2006 - 08:00 PM.