Please help with Hijack This & I am new to computing

Good morning from the west coast!!
I was told last nite to run Hijack This & need help.. I am a total novice & dont wish to mess up my computer. I have micro windows XP home version 2002, serv pack1. computer viscom tech group, V2 Premier, Intel Pentium 4CPU 1700MHz, 1.70 GHz, 256 MB of Ram.

I continually have probs with email receiving porn crap, trying to access msn sometimes just flickers & cant get in, other stuff. I am on a LAN & have disabled my firewall. I have Adaware & Stopzilla for pop ups. When I use Adaware I continually receive 13,20,sometimes more things to delete, Ican turn around & do another scan & have another bunch to delete. What is going on? I need freeware as am unemployed at moment. Would someone help? I am frazzeled with this..Thank you in advance. Pearl from west coast.

 

Sorry I forgot,

Here is the log d/l from hijack this:

Logfile of HijackThis v1.97.7
Scan saved at 8:08:34 AM, on 3/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 216.93.174.28 view.atdmt.com
O1 - Hosts: 216.93.174.28 ad.doubleclick.net
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {31995C64-CB4D-483E-82C2-CCFFE2F66CAB} - C:\WINDOWS\System32\msvcn.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZillaBar - {CAAE9D7F-FFCC-46CF-8DEE-00DCC6CDF5A1} - C:\Program Files\STOPzilla!\ZILLAbar\ZillaBar.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSvr] C:\Program Files\Common Files\Presentia\LSvr.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\programs\ispbeg.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\System32\lexpps.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.2502662037
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

thank you.

 

Hello

Well to start off read the following

http://www.majorgeeks.com/vb/showthread.php?t=26149

You mean the XP firewall right?? I hope you have another firewall active.

Try this first

http://www.pandasoftware.com/activescan/

then comeback for more freebies that might will help you clear out your computer

 

hi pearl
thats some very good advice given there
wht would you disable your firewall
Anyway ive only had a quick look but this needs dealing with
C:\WINDOWS\System32\wuauclt.exe
its normal usage is a updater for Windows ME however seeing as its XP you are using this is actually a trojan
please go here for removal instructions

also this needs dealing with

 

To Halo & General Lee Stoned....

I am at loss....Ive tried to d/l firewall...Dont understand, when I did, i couldnt get in msn email..I d/o Spybot, elimated a bunch. I am a very new computer user & I do not understand any of these terms.. I am in tears now knowing Im infected but can't figure anything out. Thank you all for trying to help an ignoramus. I don't even know how to back up. I turned the msn firewall back on. (It was enabled when I went there yesterday, I have no idea how that happened. Maybe when Comcast guy came to hook me up initially. I am totally embarassed as I have had the computer for a year and haven't learned much. It is totally frustrating for me as I had ADHD. Thanks tho very much. Have a nice Saturday.
Pearl

 

ok Pearl theres no need to get upset well help you sort it out

lets start from the beginning if you have these already i think you have please run ad-aware and spybot but before running the scans make sure you use the check for updates buttons and download the newest updates acvailable then fix anything found
next look at Halos post to the link for an online virus scan go there and run a scan and fix anything found
after doing this please re-run hijack this then check the boxes on these lines if they are still there
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r2.attbi.com:8000
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 216.93.174.28 view.atdmt.com
O1 - Hosts: 216.93.174.28 ad.doubleclick.net
O2 - BHO: (no name) - {31995C64-CB4D-483E-82C2-CCFFE2F66CAB} - C:\WINDOWS\System32\msvcn.dll
O4 - HKLM\..\Run: [LSvr] C:\Program Files\Common Files\Presentia\LSvr.exe

after checking the boxes close all windows except hijack and select fix
reboot and run a new scan and come back here and post it up
theres a couple more things i need to check
and when you come back ill guide you through removal of the trojan

also what firewall did you download

 

Hi General....I tried to d/l Kerio Personal firewall & when I did, couldnt get in to email, said cookies unable..Dam Net Passport MSN %^&*(&^%(!!!!!)

Anyway I enable firewall located on my network connections area. I have LAN thru Comcast, used to be ATTIBI. I really appreciate you talking with me. Gonna try to go do those first things you asked again. Be back (sorry it takes me so long) Hugs to you Pearl

 

Hi General Lee Stoned....

I hope this is what you need, I did all that you asked....Here is copy of log

Logfile of HijackThis v1.97.7
Scan saved at 1:19:59 PM, on 3/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZillaBar - {CAAE9D7F-FFCC-46CF-8DEE-00DCC6CDF5A1} - C:\Program Files\STOPzilla!\ZILLAbar\ZillaBar.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\programs\ispbeg.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.2502662037
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab


Pearl

 

What firewall did you get??

I recommend you download this one is free and its pretty good



http://www.majorgeeks.com/download.php?det=388

once you have installed this one disable the xp firewall

I am confused about you talking about a msn firewall??

Edit:I missed your earlier post. sorry about that you have downloaded a firewall. kerio

DId the panda online find any viruses?

 

Ok your log is looking a lot cleaner but you have a slight winsock problem there this can be caused by using an outdated version of Ad-aware not completly wiping entrys from the registry so i want you to go here and download this
http://www.cexx.org/lspfix.htm
Launch the application and click the I know what I'm doing box
move pavlsp.dll into the right hand window and hit finish

So please make sure you have the newest version of Ad-aware here

please run this and Spybot at least once a week, and also im glad to see your using Panda security now, make sure you keep this updated and run a full system scan on a regular basis

you can also have hijack fix this line to avoid conflicts
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

Do those things and you should be all finished

 

I have concerns about this one:

C:\Program Files\Webshots\WebshotsTray.exe

Isn't this a spyware type program?

 

Hi General Lee Stone!!!
I moved the pavlsp.dll, what the heck is a winsock problem? I do have the latest version of Ad-aware but its the free one, and the Panda security is on a 30 trial. Do I need to purchase these? Im sure I should. I totally put myself in your hands which is very hard for me to do, but I felt I could trust you. I dont know anything so someone could mislead me but am glad I did. Although I have no idea what we just did. I thank you so very much for your hard work in sticking with me. I am sending you big hugs & lots of sunshine which we had here today. I really like the General Lee name!!! Again many thanks & I will post another scan so you can see....Byeee...


Logfile of HijackThis v1.97.7
Scan saved at 5:25:24 PM, on 3/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Download Files\avwinsfx.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZillaBar - {CAAE9D7F-FFCC-46CF-8DEE-00DCC6CDF5A1} - C:\Program Files\STOPzilla!\ZILLAbar\ZillaBar.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\programs\ispbeg.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.2502662037
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

Hi XSwiftX,

No its not (somebody else here said this) I wouldnt know myself. Its a place I d/l images of art pics or flower pics or animals to use as screensavers... Pearl

 

Hi General

I thought about one other thing you had mentioned..That Trojan thing,did we get that WAUCLT (sp?) in the registry done? It was something you wanted to walk me thru? I hope you are out having dinner, movie, and having a nice Sat evening. Will check in later or tommorrow. Have a wonderful evening .... Pearl

 

Hi Pearl
looking a lot better now dont worry about the winsock problem you have it fixed now it was just some messed up internet settings which could have prevented you accessing some sites

As for the Panda i thought you had taken advantage of the great free offer here
http://www.majorgeeks.com/vb/showthread.php?t=29036
its exactly what youve got but its the full free version so read that post follow the instructions once youve downloaded uninstall any Anti-virus you have including Anti-vir which i see you have downloaded please dont run more than one at once then install the new free version and you are nicely covered there for a year

Next yes some people consider webshots a nasty but a lot of people dont
I have no opinion either way as ive never used it, so i would say if you use this and like it by all means keep it if not uninstall it

Right lastly the C:\WINDOWS\System32\wuauclt.exe
Yes its gone one of the apps has spotted and killed it if you look in your first log its listed and now in your last log no signs of it
If it was still present i could have talked you through it manually but dont worry its all gone and if you get your Panda up and running and keep it updated you can prevent these sort of attacks in the future

So finally to sum up grab the great free offer for Panda Anti-virus and firewall
keep it updated and run regular scans on your computer
Run ad-aware etc on a regular basis make sure to keep them updated and you should be good to go

 

Thats a fantastic offer! Ive been needing a decent antivirus for my parents machine for quite a while now, so this will be it!

As far as Webshots go, its fine. Its just that us tweakers prefer not to have things running in the background unless we use them all the time. Its a speed things basically.

Youre in good hands with GLS

 

Good morning General.....
(I'm saluting you !!) Thank you for everything you have done for me I trust you had a good evening. The Panda keeps popping up in the lower righthand corner of my computer saying I have a partial version & should buy the upgrade...I'll go check out the link you gave me. Hugs. Pearl
looking a lot better now dont worry about the winsock problem you have it fixed now it was just some messed up internet settings which could have prevented you accessing some sites

As for the Panda i thought you had taken advantage of the great free offer here
http://www.majorgeeks.com/vb/showthread.php?t=29036
its exactly what youve got but its the full free version so read that post follow the instructions once youve downloaded uninstall any Anti-virus you have including Anti-vir which i see you have downloaded please dont run more than one at once then install the new free version and you are nicely covered there for a year

Next yes some people consider webshots a nasty but a lot of people dont
I have no opinion either way as ive never used it, so i would say if you use this and like it by all means keep it if not uninstall it

Right lastly the C:\WINDOWS\System32\wuauclt.exe
Yes its gone one of the apps has spotted and killed it if you look in your first log its listed and now in your last log no signs of it
If it was still present i could have talked you through it manually but dont worry its all gone and if you get your Panda up and running and keep it updated you can prevent these sort of attacks in the future

So finally to sum up grab the great free offer for Panda Anti-virus and firewall
keep it updated and run regular scans on your computer
Run ad-aware etc on a regular basis make sure to keep them updated and you should be good to go [/QUOTE]

 

Ok Pearl its no problem glad to help
Just make sure you take advantage of the free software and save yourself 70 dollars

 

Hi General,

It's me the pest again...I just went to look at Panda & it really is a 30 day trial...The version is Panda 2004 and i guess they have a Titanium7 version out. Im not really understanding this, I certainly cant afford 70 bucks. So Sybot Search & Destroy-Is this also an antivirus program & is this the one I should delete? Please advise. Pearl

 

Hi Pearl
in that link i posted theres a link to get free Panda anti-virus fill in your details and download the file indicated it is 24mb
You will then recieve an activation code in your e-mail once you recieve this disconnect from the internet and uninstall your trial version and any other Anti-virus you may have installed(i noticed you downloaded Anti-vir if you installed this uninstall it as well) reboot your machine and install the version you just downloaded in the e-mail there will be a link to the registration page follow that and register with your activation code once finished you will be given a user name and password fill these details in by opening panda from the system tray and selecting the update tab you will see the boxes
You then have free Anti-Virus protection for the next year
This will be confirmed with a e-mail in the next 24 hours

 

Ok General,

I can't find where Antiver is in the computer. Im looking in program files & cant find it . Also looked in d/l files, temporary. Anyway to find it? Pearl

 

Hi pearl im assuming you downloaded it but didnt install it right
if you installed it just use add/remove programs

this is the file
C:\My Download Files\avwinsfx.exe

If not you must have removed it but to be sure use the search from the start button for
avwinsfx.exe
if its found delete

 

You are the bomb! You know Im learning alot from you...Totally appreciate it. I wrote a little something (good of course) about you today in the comment/give points section. Something I don't understand is about zipping and unzipping files, they ask you where you want to put them. I think I need to write it down since Im such a novice. I've only used the computer for email & paint shop groups. Are computers how you make a living? Should be, you are very smart!!!! One last questionn & I will leave you alone:
Do I delete SPYBOT?

Have a wonderful day General....Fondly, Pearl

 

Ok hi Pearl thanks for the words but im not a god but i am a man yes

Anyway yes i try to scratch an honest living but unfortunately im off work sick at the moment so just come on majorgeeks to keep my eye in

Right as for Winzip files by default they are unzipped to a temporary file
if you wish to keep track of these files create a new folder somewhere you can find easily like on your desktop or in My Documents call it unzipped or whatever you like then when you open a zip file use the browse tab and browse to your unzipped file and select that the files will then be unzipped there for easy retrieval
Mind you its been a while since ive used Winzip i personally use Winrar

As for Spybot please keep that installed and at least once a week run a full scan after checking for updates

 

General Lee,
Thanks again & again. I hope you feel better soon... Will keep coming back here and reading and learning. What a great forum!!
Fondly,
Pearl