Solve : Help! Newbie here with a hijack This log fil? – InterviewSolution

1.	Solve : Help! Newbie here with a hijack This log fil?
Answer» Logfile of HijackThis v1.99.1 Scan saved at 2:29:02 AM, on 3/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\WINDOWS\SYSC00.exe C:\windows\eee2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\MMKeybd.exe C:\WINDOWS\BCMSMMSG.exe C:\windows\system32\qodsregm.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Lbud\Xdwdll.exe C:\WINDOWS\system32\mrtMngr.EXE C:\WINDOWS\system32\PPPATC~1\svchost.exe C:\Program Files\Common Files\??mantec\?srss.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Internet Optimizer\actalert.exe C:\Program Files\Logitech\ImageStudio\LowLight.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8DM3OXUB\hijackthis[1]\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O2 - BHO: (no name) - {47013682-FE6E-A194-1EEA-D5BFDB8189B8} - C:\WINDOWS\system32\ajcdl.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto O4 - HKLM\..\Run: [winsysupd] c:\\winsysupd12.exe O4 - HKLM\..\Run: [zmyblqxA] C:\WINDOWS\zmyblqxA.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe O4 - HKLM\..\Run: [winsysban] C:\\winsysban12.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe O4 - HKLM\..\Run: [=464] c:\windows\eee2.exe O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\swinprag.exe TST001 O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64 O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe O4 - HKLM\..\Run: [ms-update] scvhost.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [{A8-87-78-8B-ZN}] C:\windows\system32\qodsregm.exe TST001 O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [Rpuirrx] C:\Program Files\Lbud\Xdwdll.exe O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot O4 - HKLM\..\RunServices: [ms-update] scvhost.exe O4 - HKCU\..\Run: [priwmd] C:\WINDOWS\system32\priwmd.exe O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\PPPATC~1\svchost.exe" -vt ndrv O4 - HKCU\..\Run: [Qjff] C:\Program Files\Common Files\??mantec\?srss.exe O4 - Startup:ed in indy...... Your hijackthis file isn't complete ........ it is too large to fit in one post so either zip the file and add it to your post as an attachment or ....... post it in several posts . I just had a quick look at what you have posted and your machine is infected , also you do not have any sort of Anti-virus program installed and running ......so before you go ahead and post the rest of your hijackthis log file .......... Download and install ...the FREE version of AVG ...... http://free.grisoft.com/freeweb.php/doc/2/ once you have it installed, get the latests updates, then reboot your machine into SAFE mode and run a complete anti virus scan with AVG. REMOVE anything it finds ......... then rescan with hijackthis and post the complete logfile dl65 A cursory glance of your incomplete file reveals several infections. Carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done. If POSSIBLE, zip the logfile and attach it rather than post it.I downloaded, updated and ran the AVG scan, and then re-ran HJT but the log file is STILL to long for one post...so here is the first part with the rest to come in a 2nd post. Tks ed : Logfile of HijackThis v1.99.1 Scan saved at 5:22:43 PM, on 3/29/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QUICKENW\QAGENT.EXE C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\mrtMngr.EXE C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\windows\eee2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\MMKeybd.exe C:\WINDOWS\BCMSMMSG.exe C:\windows\system32\qodsregm.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\PPPATC~1\svchost.exe C:\Program Files\Common Files\??mantec\?srss.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\ImageStudio\LowLight.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe C:\WINDOWS\system32\cidaemon.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing) O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll O2 - BHO: (no name) - {FBE22966-E1D4-BB73-FA11-CA5E656B62E3} - C:\WINDOWS\system32\mlmgmjln.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [MsUpdate] C:\Program Files\MsUpdate\MsUpdate.exe /auto O4 - HKLM\..\Run: [winsysupd] c:\\winsysupd12.exe O4 - HKLM\..\Run: [zmyblqxA] C:\WINDOWS\zmyblqxA.exe O4 - HKLM\..\Run: [winsysban] C:\\winsysban12.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe O4 - HKLM\..\Run: [=464] c:\windows\eee2.exe O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\swinprag.exe TST001 O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64 O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe O4 - HKLM\..\Run: [ms-update] scvhost.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [{A8-87-78-8B-ZN}] C:\windows\system32\qodsregm.exe TST001 O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\RunServices: [ms-update] scvhost.exe O4 - HKCU\..\Run: [priwmd] C:\WINDOWS\system32\priwmd.exe O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\PPPATC~1\svchost.exe" -vt ndrv O4 - HKCU\..\Run: [Qjff] C:\Program Files\Common Files\??mantec\?srss.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinprag.exeHeres the 2nd part of my HJT log file O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinprag.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\zitst001.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .popuppers.com O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4719/mcfscan.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing) You are still heavily infected.Ok I went through all the downloads in the "in this post" list. The F-Secures Blacklight Beta would not download for some reason and I don't think the Panda Active Scan or the A2Free worked properly, I believe EVERYTHING else worked...anyway here is a zip file of my HJT log file results. Also now I'm having trouble getting web sites to open when I click on icon shortcuts on my desk top. Any help you can provide will be greatly appreciated. Thank you edI do not for one minute believe that the procedures that I outlined have been properly followed. However, if you wish to do things the hard way and massively increase the necessity to reinstall and lose data, so be it. Re-run Hijackthis and fix the following: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {FBE22966-E1D4-BB73-FA11-CA5E656B62E3} - C:\WINDOWS\system32\mlmgmjln.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [zmyblqxA] C:\WINDOWS\zmyblqxA.exe O4 - HKLM\..\Run: [ms-update] scvhost.exe O4 - HKLM\..\Run: [{A8-87-78-8B-ZN}] C:\windows\system32\qodsregm.exe TST001 O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\swinprag.exe TST001 O4 - HKLM\..\RunServices: [ms-update] scvhost.exe O4 - HKCU\..\Run: [priwmd] C:\WINDOWS\system32\priwmd.exe O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\PPPATC~1\svchost.exe" -vt ndrv O4 - HKCU\..\Run: [Qjff] C:\Program Files\Common Files\??mantec\?srss.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinprag.exe O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .popuppers.com O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://ax.emsisoft.com/axscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing) Reboot to Safe Mode, search for and delete the following files and or folders: C:\WINDOWS\zmyblqxA.exe C:\windows\system32\qodsregm.exe C:\Program Files\AdwareAlert\ C:\WINDOWS\system32\PPPATC~1\ C:\Program Files\Common Files\??mantec\ C:\WINDOWS\system32\swinprag.exe TST001 C:\WINDOWS\system32\priwmd.exe C:\WINDOWS\system32\swinprag.exe C:\WINDOWS\System32\ScsiAccess.EXE scvhost.exe Post another logfile when done.Backdated: I followed your guideline exactly. However the Panda scan would not install giving me this error message: [highlight]Setup has encountered a problem and will now close.[/highlight] I tried 6 times to install this program. F-secures blacklight gave me the following error: [highlight]F-Secures Blacklight was unable to acquire necessary privleges{SeBug privlege}[/highlight] I tired 3 x with the same result I think A2Free worked but I was just not sure. It showed me the list of problems the online scan found and then had me download the trial version which as far as I can tell downloaded and installed ok but it never gave me any indication that the probems were fixed. All other programs on your list worked fine, I've just went over 12 hours of working on this pc (glad this was my day off) and I certainly do not want to do things the hard way and massively increase the necessity to reinstall and lose data. So I'm gonna backout of this for now...get some sleep and start over tomorrow. Thank you for your time. edActually, looking at that list he made, it doesn't look like you'll lose too much. That stuff with the O4 prefix? That shows what loads at startup. The most you'll lose is any "run this at startup" settings, which can be easily reset if desired. The R0 and R1 serve no purpose, and can be deleted without causing problems. O2 and O3 - ditto. It's basically a bunch of stuff that your computer doesn't need. So both of you guys, please, calm down a little. I can see why you're frustrated, but just take it easy for a few minutes. Computer problems annoy me like all get-out as well. Get some water. Catch some sleep. We're all friends here, no reason to fight. And in my opinion Panda not installing isn't the end of the world. Let's just get back to tuning up the OP's computer, OK? Afterthought: If you're computer features a Restore program, you can make a Restore point before you fix all this. If you don't like the result, you can restore to that point. And it's not like you're gonna lose your Windows directory or important files vital to the computer - at most, if you want some toolbar back that got removed you can always just reinstall that. At absolute worst, you'll need to reinstall a couple of programs. But it's not the end of the world for you or your PC.Dilbert: My restore point somehow got turned off prior to all the trbl so unfortunately could not go that route: Thanks for the suggestion though. Backdated: I fixed all the HJT items you listed. After rebooting into safe mode not all the search items were found but I deleted all that were and heres my latest HJT. Tks edEnsure that "ShowAll Files" etc is enabled as per the previous procedure. Ensure that System Restore is disabled and it's cache emptied as per the previous procedure. Empty all temp folders. Empty your internet cache(s). Use [highlight]EmpTemp[/highlight] for clearing temp caches if you wish. Re-run Hijackthis and fix the following: O4 - HKLM\..\Run: [loadadv64] C:\WINDOWS\system32\loadadv64 O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe (file missing) Reboot to Safe Mode, search for and delete the following files and/or folders: C:\Program Files\Network\ C:\WINDOWS\system32\loadadv64 Run Spybot and remove anything it finds Run Ad-Aware and remove anything it finds. Run A² and remove anything it finds. Reboot, re-run Hijackthis and post another logfile. These instructions must be followed explicitly or follow on infections can occur. Many of these parasites have stealth or or pseudo stealth capabilities so it's essential that directions are followed carefully and exactly. If there's anything that you don't understand, please ask.I hope I did everything right...heres my latest log file. edI'd still get rid of: O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll That's what I see at first glance. It looks much cleaner than before. Hi Dilbert: Here's what I've got now. tks ed

Discussion

No Comment Found

Related InterviewSolutions