0

I've viewed some of the other posts/replys, but I have't been able to locate the problem yet. I can view the MS website but when I go to windows update, it's some web address that is something like "mng.mn.m...." I don't have a clue what's going on. Then, while I'm connected, IE will just start popping up little windows (usually about 2/min.) Once the little pop up windows come up and I close them, I can't view any web page. The little popups all say "cannot load page." It's so bad, I had to use MY computer to download HJT and then copy to disc, load HJT onto her computer, run it, copy log to disc, paste back to my pc and then copy and paste here. The owner admitted to deleting some "url" files - maybe that started this whole mess. There were 200+ processes running at one time, according to taxk manager!!!!! I didn't think that many could run at one time. But anyway, ANY help would be greatly appreciated.

Oh yeah, she also mentioned that they "uninstalled" Norton, and then installed some other anti-virus called "Panda" (which I've never heard of)...I uninstalled Panda b/c I don't know anything about this program and I had a lot trouble with getting it to even work right - so who knows....
This is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 1:15:06 PM, on 2/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\rpcxsocsa.exe
C:\WINNT\System32\PROMon.exe
C:\documents and settings\owner\local settings\temp\J1d866WK0.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\surfmonkey\smproxy.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - (no file)
O2 - BHO: SDWin32 Class - {3C36CEAA-BB32-4BDA-969E-4EA0A638D114} - C:\WINNT\System32\pwmjm.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\System32\pwmjm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {CFB383F8-2428-4D4A-229F-BD91AFC28672} - C:\WINNT\Utqohvss.dll (file missing)
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Owner\Local Settings\Temp\9hKCjpBY.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Search - {EC9D025A-DE44-A463-E72D-0F26B1C20A15} - C:\WINNT\Utqohvss.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [Microsoft Windows Update] msoffice2.exe
O4 - HKLM\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\Run: [Social Security Agency] rpcxsocsa.exe
O4 - HKLM\..\Run: [zxpg] C:\WINNT\yynureudj.exe
O4 - HKLM\..\Run: [zkocokb] C:\WINNT\cbohqwp.exe
O4 - HKLM\..\Run: [ysprints] C:\WINNT\System32\ysprints.exe
O4 - HKLM\..\Run: [wogxw] C:\WINNT\phhx.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [kfvesjrxhs] C:\WINNT\System32\trjoic.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [KDW1] C:\documents and settings\owner\local settings\temp\KDW1.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINNT\jawa32.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINNT\jawa32.exe
O4 - HKLM\..\Run: [J1d866WK0] C:\documents and settings\owner\local settings\temp\J1d866WK0.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpiuyas] C:\WINNT\System32\hpiuyas.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINNT\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [dP] C:\documents and settings\owner\local settings\temp\dP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [bajcz] C:\WINNT\Agwtkjh.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINNT\aqadcup.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [6025478F] C:\WINNT\System32\uasdcue.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Pwcm74i.exe
O4 - HKLM\..\Run: [2HeV] C:\documents and settings\owner\local settings\temp\2HeV.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows Update] msoffice2.exe
O4 - HKLM\..\RunServices: [winprocessor Update] winprocessor.exe
O4 - HKLM\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\RunServices: [Social Security Agency] rpcxsocsa.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] msoffice2.exe
O4 - HKCU\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKCU\..\Run: [Windows Runtime Proccess] 32RUNdll.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [Social Security Agency] rpcxsocsa.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E9E7443-49E6-4597-889D-7A9DC43F653C}: NameServer = 207.69.188.187 207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DD703-3940-47FB-AD0C-34A6728739D5}: NameServer = 4.2.2.2,12.127.17.72
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

2
Contributors
11
Replies
12
Views
12 Years
Discussion Span
Last Post by crunchie
0

Full of nasties there. Do the following first please.

Go here to TrendMicro for an on-line scan & set it to autoclean for you.

Try this scan at Panda as well.

1. Download and install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days


2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found

Download & instal Spybot S&D 1.3 from here. Update it before scanning.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot

Then post a new log please.

0

I had "done" Trend micro and Panda scan prior to original posting. There were 52 viruses/worms, and I fixed/deleted them. I forgot to mention that part.

Here is the new Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 7:29:12 AM, on 2/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\surfmonkey\smproxy.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\System32\rpcxsais.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - (no file)
O2 - BHO: SDWin32 Class - {3C36CEAA-BB32-4BDA-969E-4EA0A638D114} - C:\WINNT\System32\pwmjm.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\System32\pwmjm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {CFB383F8-2428-4D4A-229F-BD91AFC28672} - C:\WINNT\Utqohvss.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Search - {EC9D025A-DE44-A463-E72D-0F26B1C20A15} - C:\WINNT\Utqohvss.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [Microsoft Windows Update] msoffice2.exe
O4 - HKLM\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\Run: [zxpg] C:\WINNT\yynureudj.exe
O4 - HKLM\..\Run: [zkocokb] C:\WINNT\cbohqwp.exe
O4 - HKLM\..\Run: [ysprints] C:\WINNT\System32\ysprints.exe
O4 - HKLM\..\Run: [wogxw] C:\WINNT\phhx.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [kfvesjrxhs] C:\WINNT\System32\trjoic.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [KDW1] C:\documents and settings\owner\local settings\temp\KDW1.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINNT\jawa32.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINNT\jawa32.exe
O4 - HKLM\..\Run: [J1d866WK0] C:\documents and settings\owner\local settings\temp\J1d866WK0.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpiuyas] C:\WINNT\System32\hpiuyas.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINNT\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [dP] C:\documents and settings\owner\local settings\temp\dP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [bajcz] C:\WINNT\Agwtkjh.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINNT\aqadcup.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [6025478F] C:\WINNT\System32\uasdcue.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Pwcm74i.exe
O4 - HKLM\..\Run: [2HeV] C:\documents and settings\owner\local settings\temp\2HeV.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Special Aritifcal Intelligence Service] rpcxsais.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] msoffice2.exe
O4 - HKLM\..\RunServices: [winprocessor Update] winprocessor.exe
O4 - HKLM\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\RunServices: [Special Aritifcal Intelligence Service] rpcxsais.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] msoffice2.exe
O4 - HKCU\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKCU\..\Run: [Windows Runtime Proccess] 32RUNdll.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Special Aritifcal Intelligence Service] rpcxsais.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DD703-3940-47FB-AD0C-34A6728739D5}: NameServer = 4.2.2.2,12.127.17.72
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

0

Download the PeperFix.exe tool from here:

http://downloads.subratam.org/PeperFix.exe

Click on the PeperFix.exe to launch it.

Click the Find and Fix button.

It will scan the %Systemroot% folder and locate all the peper files. You will be prompted to reboot. Reboot and it will delete the peper files.
Ensure that you are online before starting the fix. Make sure to run the fix twice.

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: (no name) - {22B9A67D-E689-44B6-B775-0E8FE84B4F9B} - (no file)
O2 - BHO: SDWin32 Class - {3C36CEAA-BB32-4BDA-969E-4EA0A638D114} - C:\WINNT\System32\pwmjm.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINNT\System32\pwmjm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: (no name) - {CFB383F8-2428-4D4A-229F-BD91AFC28672} - C:\WINNT\Utqohvss.dll (file missing)
O2 - BHO: (no name) - {} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Search - {EC9D025A-DE44-A463-E72D-0F26B1C20A15} - C:\WINNT\Utqohvss.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Windows Update] msoffice2.exe
O4 - HKLM\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\Run: [zxpg] C:\WINNT\yynureudj.exe
O4 - HKLM\..\Run: [zkocokb] C:\WINNT\cbohqwp.exe
O4 - HKLM\..\Run: [ysprints] C:\WINNT\System32\ysprints.exe
O4 - HKLM\..\Run: [wogxw] C:\WINNT\phhx.exe
O4 - HKLM\..\Run: [kfvesjrxhs] C:\WINNT\System32\trjoic.exe
O4 - HKLM\..\Run: [KDW1] C:\documents and settings\owner\local settings\temp\KDW1.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINNT\jawa32.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINNT\jawa32.exe
O4 - HKLM\..\Run: [J1d866WK0] C:\documents and settings\owner\local settings\temp\J1d866WK0.exe
O4 - HKLM\..\Run: [hpiuyas] C:\WINNT\System32\hpiuyas.exe
O4 - HKLM\..\Run: [dP] C:\documents and settings\owner\local settings\temp\dP.exe
O4 - HKLM\..\Run: [bajcz] C:\WINNT\Agwtkjh.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINNT\aqadcup.exe
O4 - HKLM\..\Run: [6025478F] C:\WINNT\System32\uasdcue.exe
O4 - HKLM\..\Run: [2SWZKN82R5K47C] C:\WINNT\System32\Pwcm74i.exe
O4 - HKLM\..\Run: [2HeV] C:\documents and settings\owner\local settings\temp\2HeV.exe
O4 - HKLM\..\Run: [Special Aritifcal Intelligence Service] rpcxsais.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] msoffice2.exe
O4 - HKLM\..\RunServices: [winprocessor Update] winprocessor.exe
O4 - HKLM\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] navupdaters.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\RunServices: [Special Aritifcal Intelligence Service] rpcxsais.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] msoffice2.exe
O4 - HKCU\..\Run: [winprocessor Update] winprocessor.exe
O4 - HKCU\..\Run: [Windows Runtime Proccess] 32RUNdll.exe
O4 - HKCU\..\Run: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [NAV Auto Updates] navupdaters.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKCU\..\Run: [Special Aritifcal Intelligence Service] rpcxsais.exe
O4 - HKCU\..\RunServices: [Windows Runtime Proccess] 32RUNdll.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

Reboot into safe mode following the instructions here and navigate to and delete the following if found:

c:\installer\id53.exe<----file
C:\WINNT\yynureudj.exe<----file
C:\WINNT\cbohqwp.exe<----file
C:\WINNT\System32\ysprints.exe<----file
C:\WINNT\phhx.exe<----file
C:\WINNT\System32\trjoic.exe<----file
C:\WINNT\jawa32.exe<----file
C:\WINNT\System32\hpiuyas.exe<----file
C:\WINNT\Agwtkjh.exe<----file
C:\WINNT\aqadcup.exe<----file
C:\WINNT\System32\uasdcue.exe<----file
C:\WINNT\System32\Pwcm74i.exe<----file

C:\documents and settings\owner\local settings\temp<----folder contents

All the above files in bold need to be tracked down and eliminated too :D.

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Reboot normally after doing the above, rescan with hijackthis, then post that log here please.

0

done as told. new hijack log below. I can't run "search" from windows explorer. I can open, but I just can search (not even from start > search) The window comes up but can't search....so I don't know if I was able to locate all of the exe's in Bold

anyway....here's the new log....I really do appreciate ALLLLLLLl of your help with this!!!! :cheesy: :cheesy: :cheesy:

Logfile of HijackThis v1.99.1
Scan saved at 6:31:28 PM, on 2/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\PROMon.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\surfmonkey\smproxy.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ELNKProxy] C:\WINNT\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\billmind.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B02DD703-3940-47FB-AD0C-34A6728739D5}: NameServer = 4.2.2.2,12.127.17.72
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)

0

All the nasties appear to be gone from that log now, but I wouldn't mind seeing a silent runners log.

Go here and download and run Silent Runners.vbs. It generates a log, please post the information back in this thread.

You should also get service pack 1 for both Xp and IE6.

http://windowsupdate.microsoft.com/

0

tried to install silent runner - unsuccessful. Keep getting this error message
could not create object named "wscript.shell".

AND Now I can't view any web page - not a single one. I've not done anything different as far as connecting - I'm able to connect, just can't do anything once connected. Keep in mind, I'm using MY computer to download apps, then copying to disc and then copying apps to the "stupid" computer. I tried to download XP SP2 and IE Service pack with no luck either.

I don't know what to do now. Any ideas? :idea:

0

Yes - I have IE on my computer...I redownloaded but still unsuccessful. I was able to download Winsock fix but it did nothelp. I still can't view pages.
Maybe I just need to reinstall XP - man I really hate to do that. Please tell me you have other ideas. :-|

0

Close IE and go to Start > Run and run the following commands one after the other, each line followed by 'enter':

regsvr32 shdocvw.dll
regsvr32 urlmon.dll
regsvr32 comcat.dll
regsvr32 actxprxy.dll
regsvr32 Shell32.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 jscript.dll

Run each line individually. After each run, you should see a short message stating the command was successful. Reboot.

If that does not help try this;

Try running IEFIX.htm which will repair IE and run a System File Check.

0

I'm not sure what happened between my last reply and yours, but I was somehow successfull with reinstalling IE. I can at least view the "update web page(s)" now, well at least for about 10-15 minutes, then it's back to cannot display page. I've got 2 #'s for dial-up ISP that I'm using. I can connect with both, but will let me view pages but the other will not :confused: I don't know for sure that the numbers would make a difference - I wouldn't think so. I think there may have been an installation error with one, b/c it was set up with a disk (this is the # I have problems with), whereas the other connection I've set up manually and it seems to do fine. So I guess basically it's just a matter of pinpointing just that. Now I've just got to downloand XP SP 1 and we'll go from there.

I performed what you said as well. I really, really, really do appreciate your help! Thanks!

0

Without being able to see anything that is causing this, it is really hard to pinpoint :(. If you can get silent runners going it may show something that HJT does not.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.