Posts by 'Stein

Arg, alrite. Heh, I'm gettin sorta desperate (hah, DEMEMTED, time for you to step in).

Have ya tried defragmenting?

Thanks.

Hmm, that's odd. I don't see too much. Fix the following:

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/gam...s/y/mjst4_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab

After fixing those, reboot your computer.

After, post a new HJT log.

Also post a new Ewido and SpySweeper log. (NOTE: your spysweeper may have expired, if so, that's ok.)

Thanks.

Is it just Internet Explorer that won't open? If so, it wouldn't hurt to reinstall it.

Second, I'd strongly recommend sticking with FireFox. It's a MUCH safer program security/spyware-wise.

Thanks.

Alrite, agreed. Flipboi, be sure to also check and remove this line:

O4 - HKLM\..\Run: [SysTray] C:\Program Files\gvyjbtbc.exe

After doing this, reboot into safe mode (keep pressing F8 while starting up). While in safe mode, find this and delete it:

C:\Program Files\gvyjbtbc.exe

Next, empty the recycle bin, and reboot into normal mode. Then, post a new log.

I apolegize for not finding it at first.

Thanks.

Thanks also to Tayspern :)

Sure thing. One of the better AVs out there now (free or not) is AVG free. This is what I use personally. Also, be sure to keep the Ewido, and the only important thing that expires after the 'trial sesison' is the automatic updates. In other words, just be sure to manually update it before ya scan. Also, ya can uninstall SpySweeper now, for it will not remove anything after the 14-day trial.

AVG

Thanks again.

Alrite, that works. Couple more to fix:

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After fixing those, post a new log to be sure you're clean, but that appears to be it.

Thanks.

Tayspern, DMR, Demented : Know anything about
O4 - HKLM\..\Run: [SysTray] C:\Program Files\gvyjbtbc.exe?

Tad bit suspicious if cha ask me.

Yes, you are. Now, run HJT, 'Scan Only', and place checks next to the following:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After placing checks, close all windows and hit 'Fix Checked'. Then, restart your computer.

After the restart, download SpySweeper (link found in sig. below). Be sure to update definitions. Run a full scan, and post the scan log back here, along with a new HJT log.

Thanks.

Here, most of these are unimportant, but it won't hurt to fix um anyways:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Thanks.

Yes, and on top of that, you might want to try something else. Download CCleaner (link found below in sig.). Be sure to update definitions for this. Run this to its full extent, under both 'cleaner' and 'issues' tabs.

Lastly, if ya can, try to include the Ewido scan log in your next post

However, if ya already closed it, it's alrite.

After this, another HJT log would be great.

Heh, ya kno what? Just post them all together.

Thanks.

Yep, 1 more and ya look clean to me. Fix this:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

After this, post a new log, and we'll verify ure all clean.

Thanks again.

Hah you have a small amount of infection, but we can all fix it here. Begin by trying to uninstall anything having to do with Empire Poker or Party Poker

After doing this, check these in HJT:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

After doing this, reboot your computer into safe mode. While in safe mode, find these files and delete them:

C:\Program Files\EmpirePoker
C:\Program Files\PartyPoker

After this, reboot into normal mode. While here, download Ewido and SpySweeper, (links for both can be found below). After updating definitions for both, run scans with both, saving both logs.

Next, post back here with an Ewido log, SpySweeper log, and …

ALrite, several more things to fix:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/gam...inematycoon.cab

Good researching. We'll I'm sorry we coundn't help ya with the problem.

As a last resort, it wouldn't hurt to try calling Dell and seeing what they say.

Sorry we couldn't help.

Thanks.

Good good,, that's a good sign that all Ewido/SpySweeper caught were tracking cookies..
Now to the log. Check the following boxes in HJT:

O4 - HKCU\..\Run: [RealPlayer] "F:\Program Files\realplay.exe" /RunUPGToolCommandReBoot
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After this, post back with a new log.

Hmm, I don't see anything lacking there. Here's a question for ya tho,, is the slowness for everything, or just the internet? I ask this because the problem might be with your internet connection.

Yep, your log looks clean to me. Are ya having any further problems?

Thanks.

First, begin by fixing 1 more in the hjt log

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Several more things to try that might help. First, download CCleaner (link below). Be sure to update definitions, and then run scans, fixing everyting, under the 'Cleaner' and 'Issues' tab.

Second, have ya already tried defragmenting? This can speed things up sometimes.

Lastly, what are the specs for your computer?

Thanks.

Awsome, I'm happy to hear the problem's fixed. If ya were trying to find a place to repost the solution, which I think is a good idea, I would recommend the 'Web Browsers' forum, located in the same place where the virus/nasties folder is also located.

Thanks again.

Hey, Welcome to Daniweb. Heh, first time in a while I've seen somebody prepared. Man, ya already have Ewido, good, HJT is in a permenant folder, good, and you've already followed DMR's protocol---basically, you're incredible. Haha alrite, to work. Begin by checking the following in the HJT log:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...arm1=seconduser
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1...02/cpbrkpie.cab

After doing this, restart your computer, and download SpySweeper (its link can be found in my sig. below) and CCleaner (also below). Update definitions for these, along with Ewido, and run scans with all three, saving the Ewido and SpySweeper logs. Restart again, and post back a new HJT log, along with the saved logs.

After doing all of this, are ya still having problems?

Thanks.

Hey, welcome to Daniweb. To begin, I see several things wrong with the log. Start by first uninstalling MessengerPlus3 using the Add/Remove programs list.

Then, follow this by checking the following in HJT:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

After fixing these, reboot into safe mode. While in safe mode, find and delete this folder if it is there:

C:\Program Files\MessengerPlus! 3

After doing this, reboot into normal mode, and download CCleaner and Ewido (links for both can be found in my sig. below). After updating definitions for both, run scans with each, saving the Ewido log.

After doing this, be sure everything is set to startup in the startup list (if ya dont understand what I mean, don't worry about it). Restar the computer.

After doing this, post back with the saved ewido log and a new HJT log.

Lastly, are ya having any problems, or do ya just want us to go over your log? (either one is ok, im jus curious heh)

Thanks

Heh, I agree with ya competely, I jus don't have $50. Lol I havnt even graduated hs yet...

Hmm, well I don't see anything spyware related-ish in the HJT log. The Ewido and SpySweeper logs had what you'd expect--just cookies, so that's good. Heh and I apolegize, but that's where my computer knowledge really ends. I'd really recommend reposting a new thread in both the 'Windows NT/2000/XP/2003' forum and in the 'Windows tips n tweaks' forum, saying in both that it's been checked by us and is spyware free.

After that, I wish ya good luck with the problem.

Thanks.

Heh it really is fun. To tell ya the truth, I'm just like you, wanted to learn how to read it, and just learned..with the help of some websites. I must say tho, most contributing members here *cough Tayspern, Demented, DMR, cough* are IT guys.

Well here are the sites I used to learn how to read it. (Ill explain each one)

1) the best site I use is CastleCops . Generally, it explains each entry (O2, O3, etc), and what each means. I have this linked to my desktop.

2) The next best site I use is also CastleCops, but it's where it explains virtually every process there is for O2, O3, O4, O9, O10, O16, O18, O20, O21, O22, and O23 (basically, all the important Os). This is where I manually check each process to be sure its spyware free. here You choose the O-type in the pull-down menu in the top left.

3) The 3rd best site I use is sorta a computer checker--basically ya copy/paste the log into the box, and a computer goes over it. HOWEVER, double check each entry here, for there are MANY false positives and negatives. The best option is to double check the entries with Castle Cops (#2).

In general, ya learn by doing it the hard way and taking a log (preferably from this site) and checking over process by process, and eventually ya learn all of the common, …

Alrite, about the nwiz entry. Haha, I'll agree, it looks real suspicious, but its in nearly every log I've looked at. Also, I double checked this with CastleCops (the best in the business), and they confirmed,, its part of an NVidia graphics card.

Other then this though, I don't see anything in the log. IF you're still having problems, download SpySweeper (found in the sig. below). Update definitions and run..saving the log and posting it back here with a new HJT. We'll go from there.

Ya also might want to try CCleaner (link in my sig below). Lastly, it might speed it up a tad if ya uninstalled the Yahoo internet bar.

Thanks.

Tayspern-- did ya subscribe to the membership? awsome

Hah jeez, thats not good, welcome to Daniweb by the way. Ok, begin by trying to uninstall

MessengerPlus! 3

This program is FILLED with spyware. Next, begin by checking these entries in HJT:

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

After this, download SpySweeper, Ewido, and CCleaner from my signature below. Update the definitions for each one, but dont run them yet. Next, reboot into safe mode and start by deleting this file:

C:\Program Files\MessengerPlus!3

Next, run Ewido, Spysweeper, and CCleaner, saving the Ewido and Spysweeper logs.

Then, reboot into normal mode again, and post the 2 logs, along with a new HJT log.

Thanks.

Yes, please delete the folder Oracle. Other then that, I only see 1 thing with the log:

O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

Other then this, I see nothing else.

Are ya still having problems? If so, there's a couple more things we can try.

Thanks.

Well it could be a vareity of things, but it strongly appears to by a spyware. However, we're unsure which one it is yet, especially since a few spywares dodge HJT. Therefore, to fix this, we're gonna have ya download Ewido (link above), to have it scan for other things. Also, it wouldnt hurt to download SpySweeper (link in my sig. below) for the very same reason--they both catch stuff that the other doesn't. Not one spyware scanner is perfect.

Therefore, after runnign Ewido and Spysweeper, post the logs for both, along with a new HJT log.

Thanks.

Ya, alrite, it IS spyware.

Go ahead and check one more:

O4 - HKCU\..\Run: [Aukwquj] C:\Program Files\Common Files\?racle\ntvdm.exe

After this, reboot into safe mode and first unhide folders. Do this by opening My Computer > Tools > Folder Options > View > Show Hidden Folders (also uncheck 'Hide protecting operating system folders')

After doing this in safe mode. Delete this folder:

C:\Program Files\Common Files\?racle

After this, reboot into normal mode and post a new log...and another Ewido log is unnecessary, just as long as you've run it.

Thanks.

Damn, sorry bout that. Couple more to fix, along with what i mentioned above:

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O20 - Winlogon Notify: ddcca - ddcca.dll (file missing)
O20 - Winlogon Notify: ddcyw - ddcyw.dll (file missing)

Welcome to Daniweb. Alrite, I see several things wrong with the log. Begin by checking the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\ASKS~1\alg.exe" -vt mt
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazz....cab?refid=1123
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JA...loadManager.ocx

After doing this, download Ewido and CCleaner (links for both can be found in my signature below). Update definitions for both, and then run scans with both. Save the log from Ewido.

After this, restart your computer and post a new HJT log, along with the saved Ewido log.

After that we'll work from there.

Thanks.

NOTE TO MODS: CastleCops said this was Windows, but what it showed was alittle diff. Eh?

O4 - HKCU\..\Run: [Aukwquj] C:\Program Files\Common Files\?racle\ntvdm.exe

I didnt touch it, but Im suspicious of it.

Haha, awsome, glad its all fixed.

Thanks.

Yep, it looks all clean to me. The only small thing I see for future fixes is to be sure to move HJT into a permenant folder--right now its on ure desktop, saved as a temp folder. To fix this, go to Program Files, and create a new folder, and name it HJT. After this, drag HJT from the desktop into this folder.

But other then that, I don't see anything else. However, alittle advice. From usage, Adaware isn't as good of a spyware scanner as some other ones. Personally, I'd recommend Ewido (its also free, and the link is in my signature below). Lastly, I'd also run CCleaner (also below). This just cleans the computer overall.

Thanks again.

NOTE TO MODS: I thought Vundo, but after fixing with HJT, the entries disappeared. From what I recall, if vundo, the entries wouldn't disappear. Eh?

Heh, ya, that'd be great.

Thanks.

Alrite, welcome to Daniweb. Begin by first trying to uninstall MyWaySA from the Add/Remove Programs list. This works for some people, and doesn't for others. If it doesnt work, just move on. After this, check the following entries in HJT:

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\gebya.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll

Thanks.

NOTE TO MODS: Alrite, I think I see Vundo, shown by O2 line 'gebya.dll', and the same thing in O20 line. I jus wanna double check with you guys tho.

Awsome, lets work on this. Begin by downloading HijackThis, a diagnostic program. Directions for this and download location can be found here:

http://www.daniweb.com/techtalkforums/thread28196.html

After downloading, post a log back here and we'll work from there.

Thanks.

Yea I can confirm it. That's the correct fix above for your current Vundo infection, along with other problems.

Tayspern's been in this business for a LONG time :D

Thanks.

Well this definitely appears to be a spyware problem. Begin by downloading HJT, a diagnostic program. Directions for downloading can be found here:

http://www.daniweb.com/techtalkforums/thread28196.html

After downloading, don't do any of it yourself, just scan and post a log. Be sure to NOT check anything.

After this, we'll work from there.

Thanks.

Awsome, several things to fix. Begin by uninstalling WeatherBug via Add/Remove Programs. Although it helps sometimes, it's a major data hog. Next, follow the directions for removing MyWaySA here (its the last post on the bottom of the page):

http://www.daniweb.com/techtalkforums/thread28196.html

After this, fix the following in the log:

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZUxdm082YYUS
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O13 - Home Prefix: http://103.nowfind.biz/gall.php?url=
O13 - Mosaic Prefix: http://103.nowfind.biz/gall.php?url=

Lastly after this, reboot into safe mode and delete this file if found:

C:\Program Files\newdotnet

After this, restart the computer and post a new log

Actually could ya post a new HJT log?

Thanks.

Fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

After fixing that, do ya have any more problems?

Thanks.

Hello owenj, welcome to Daniweb. First off, we apolegize for bypassing your entry.

Therefore, if you're still having this problem, post a new log and we'll work from there.

Again, we apolegize.

Thanks.

Ok, first off, several things are wrong. Did you happen to run HJT in safe mode. If so, rerun it in normal mode and post it. Also, be sure everything is checked in your startup list.

Second, your HJT is installed in a temporary folder. Begin by creating a new folder inside 'Program Files'. Name it 'HJT'. Then, drag the program (its located inside ure 'My Documents') into the newly created folder.

After fixing both, run a new scan and post a new log.

Thanks.

Hi Quetty, welcome to Daniweb. We apolegize for taking such a long time reaching you. Begin by installing HijackThis. Directions for proper installation, along with the download location can be found here:

http://www.daniweb.com/techtalkforums/thread28196.html

Again, credit given to DMR :)

Thanks.

You might also want to check your router. Most routers can be set to kill the internet and all at certain times.

IT wouldn't hurt to clean it out anyways. First, begin by uninstalling Weatherbug. It's a major memory hog. Then, fix the following in the log:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O8 - Extra context menu item: &Search - http://kb.bar.need2find.com/KB/menusearch.html?p=KB
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://mirs.peoplepc.com/?offername=PeoplePC Online Accelerated&userName=kingeo8080&firstName=George&qs=DIFFKNFNAGBHIBGKEIONEAELNCNMKJJFGOPBOPBHOGALLLFIAGPHNCAGAPLEGFBIANENPGCKBPAIGLLAIGKBFIDMNBEBJMEEAIHGGIPMBMNPEDMCIPCGADPICGLGGFPI|DOELONBDDGNMCNOPADEEAAGOBA
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.com/images/nocach...etup1.0.0.7.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/insta.../sinstaller.cab
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe

Post a new log if ure having problems after this.

Thanks.

Okie, I only see 1 thing, but that could mean a variety of things. Check the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

After doing this, are ya still having problems? If YES:

Start by downloading CCleaner and SpySweeper (both located in my signature), update their definitions, but do not run them yet. Also update the definitions for Ewido (which ya already have, I see). Then, restart into Safe Mode (repeatedly hit F8 while booting up), and while in safe mode, run all three progams, saving the logs from Ewido and SpySweeper.

After doing this, reboot into normal mode again. Then, run HJT again, and post a new log, along with the saved logs.

Lastly, enclose with this the kinds of problems ure having.

Thanks.

(heh, sry guys, Im back)

Well I used Black Ice several years ago, and the only thing that bothered me with it was that it always asked me, every time, whether I wanted the program I had just opened to run. I think I had even tried turning this off, with no avail. Then again, realize this was several years ago, and Im SURE they have better products now.

Security wise, it worked great.

Ya, your HJT log looks clean to me. Are ya still experiencing problems?