Windows Legacy OS forum

General discussion

Non - Stop Error Messages - Spyware Doctor - Hi-Jack Log

by NetKnockout / February 13, 2006 3:15 AM PST

Here is a link to screen shots of the error messages.
and here's some others.
I was having an issue with my IE settings being changed, which normally happens when I have acquired some adawre, so I went and did a scan on OCWizard, that came up clean, except for a keylogger, "Key Thief", which flipped me out so I searched the registry, tried a bunch of different scans, trend, panda,etc. and finally decided to buy Spyware Doctor, as it would interfere with anyone trying to record keystrokes, but now I am having all these error messages, and the original problem with "something" changing my IE settings still has not been resolved... I'll post a copy of my Hi-jack log at the close of this e-mail, as well I will paste my pc spec and PC Pitstop results, though it says my system is fast, IT ISN'T)... Any help would be greatly appreciated! ~Nikki

My pc specs:
HP a1130n (XP)
AMD Athlon 64 3500+ processor
1.0GB PC 3200 DDR SDRAM
250GB 7200RPM Serial ATA HD
16x DVD+R/RW
DVD ROM 16x max speed
2nd HD with Windows ME and 80GB
(PC Pitstop results: Test Results Summary
Computer Name: BENJAMIN
Date Tested: Fri Feb 10 12:03:16 EST 2006
This system performs extremely well on our benchmarks and appears to be among the fastest systems available! See the information below for your system details and advice on how to tweak the hardware and software for best performance.
http://www.pcpitstop.com/pcpitstop/Summary.asp?conid=14869725)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

0x1000a060 memory could not be written
explorer. exe application error
to help protect windows has closed this program
Run aDLL as an App

data execution prevention
C:\WTDT
C:\System Volume Information in not accessible
Acess is denied
CTF LOADER

HI-JACK LOG
Logfile of HijackThis v1.97.7
Scan saved at 2:05:57 PM, on 2/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aksrvnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\vubmtmpc.exe
C:\WINDOWS\system32\wjview.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Audacity\audacity.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\+Spyware Protection\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = 0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = It's A New Day
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
O1 - Hosts: 72.36.156.164 view.atdmt.com
O1 - Hosts: 72.36.156.164 us.a1.yimg.com
O1 - Hosts: 72.36.156.164 ad.n2434.doubleclick.net
O1 - Hosts: 72.36.156.164 n3349ad.doubleclick.net
O1 - Hosts: 72.36.156.164 altfarm.mediaplex.com
O1 - Hosts: 72.36.156.164 ad.doubleclick.net
O1 - Hosts: 72.36.156.164 z1.adserver.com
O1 - Hosts: 72.36.156.164 ar1.atwola.com
O1 - Hosts: 72.36.156.164 disney.go.com
O1 - Hosts: 72.36.156.164 familyfun.go.com
O1 - Hosts: 72.36.156.164 dist.belnk.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\_SPYBO~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0 DIAMOND\Vcs3RT.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Babya Software Group\Babya Logic\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Anti-keylogger check] C:\Program Files\Anti-keylogger\AntiKey.exe /checkautorun
O4 - Startup: HandyNotes.lnk = C:\Program Files\HandyNotes 2.0\HandyNotes.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Connection Help (HKLM)
O9 - Extra 'Tools' menuitem: Connection Help (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Connection Help (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help (HKCU)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://mpsnet.com/JavaVM3186.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4517420D-CAB2-4EBE-9242-A7E07F8C01B7}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1DD6F9C-6E6D-4336-86BD-1C286D33A19F}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1DD6F9C-6E6D-4336-86BD-1C286D33A19F}: NameServer = 66.82.4.8

Discussion is locked
You are posting a reply to: Non - Stop Error Messages - Spyware Doctor - Hi-Jack Log
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Non - Stop Error Messages - Spyware Doctor - Hi-Jack Log
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Oops - Was I not allowed to post links???
by NetKnockout / February 13, 2006 3:18 AM PST

If not, I'm sorry....: (

Collapse -
(NT) (NT) NT not that, posting HiJackThis logs is frowned upon.
by phattdaddy / February 13, 2006 6:47 AM PST
Collapse -
Sorry..... I honestly did not know...
by NetKnockout / February 13, 2006 6:56 AM PST

Then where am I supposed to post HJ logs?? Or are they not of use? I don't understand why it is bad to post them..... : (
I'm certainly not trying to cause any trouble, I have way more than enough in front of me at this moment...: ( ~Nikki

Collapse -
The highlights...
by John.Wilkinson / February 13, 2006 7:39 AM PST

* The Cnet forums generally do not accept HiJackThis logs due to the time and skill they take to analyze. You can read about that, and the specialized forums that handle them, by clicking here. However, don't worry about posting it this time...you didn't know of the unwritten rule, it's not forbidden, and they are sometimes requested.

* You are running an outdated version of HJT...you should download version 1.99.1 and run another scan for updated results.
------------------------------------------------------
Delete the following:
* O1 - Hosts: 72.36.156.164 view.atdmt.com
* O1 - Hosts: 72.36.156.164 us.a1.yimg.com
* O1 - Hosts: 72.36.156.164 ad.n2434.doubleclick.net
* O1 - Hosts: 72.36.156.164 n3349ad.doubleclick.net
* O1 - Hosts: 72.36.156.164 altfarm.mediaplex.com
* O1 - Hosts: 72.36.156.164 ad.doubleclick.net
* O1 - Hosts: 72.36.156.164 z1.adserver.com
* O1 - Hosts: 72.36.156.164 ar1.atwola.com
* O1 - Hosts: 72.36.156.164 disney.go.com
* O1 - Hosts: 72.36.156.164 familyfun.go.com
* O1 - Hosts: 72.36.156.164 dist.belnk.com

What is:
* O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://mpsnet.com/JavaVM3186.exe

Something that really sticks out:
HiJackThis reported 33 instances of C:\WINDOWS\system32\rundll32.exe when there should only be one. Since there can't be two files or programs in a directory with the same name and extension, that must be a mistake on HJT's part, but certainly is strange. See if that happens with the latest version of HJT too.
------------------------------------------------------
Aside from the current issues with a hijacked web browser, I don't see any other signs of walware, so whatever did the damage may have flown the coop, or it may have been done by a malicious website. Just remove those entries, restoring the defaults, then run a scan with HiJackThis 1.99.1. Since we're already handling this, go ahead and post the new one as a reply.

Hope this helps,
John

Collapse -
HJT - Sorry Post...
by NetKnockout / February 16, 2006 12:42 PM PST
In reply to: The highlights...

John, first off thank-you very much for your understanding, time and help!

I went and d/l HJT version 1.99.1, and then I went to remove the old version before installing, just to see that the old version was 1.99.1, I posted a screen shot here:

http://pg.photos.yahoo.com/ph/truebeauty74/album?.dir=ade6

Though, I am going to go and uninstall/ reinstall, now...: ) BRB....

Well, that was weird, when I went to uninstall HJT it told me that there was an error, (big surprise), that the program may have already been uninstalled...>sigh<
Anyhow, I reinstalled HJT, and deleted the files you told me to. Here is the log:
(Oh, and now there aren't ANY instants of C:\WINDOWS\system32\rundll32.exe)

Logfile of HijackThis v1.99.1
Scan saved at 11:35:56 PM, on 2/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\wjview.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Roxio\Easy CD Creator 6\Easy CD Creator\creatorc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe
G:\Program Files\IrfanView\i_view32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = 0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 0
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 0
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = It's A New Day
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\_SPYBO~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0 DIAMOND\Vcs3RT.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Babya Software Group\Babya Logic\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HandyNotes.lnk = C:\Program Files\HandyNotes 2.0\HandyNotes.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://mpsnet.com/JavaVM3186.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4517420D-CAB2-4EBE-9242-A7E07F8C01B7}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1DD6F9C-6E6D-4336-86BD-1C286D33A19F}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1DD6F9C-6E6D-4336-86BD-1C286D33A19F}: NameServer = 66.82.4.8
O20 - AppInit_DLLs: interceptor.dll,system32\akdllnt.dll, system32\akdllnt.dll,
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) - Hughes Network Systems - C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Collapse -
Clarity Regarding The Issues.... IE
by NetKnockout / February 16, 2006 1:44 PM PST
In reply to: The highlights...

Hi John, (AGAIN,THANK-YOU!!!)

I'm not sure if I was clear or not in my original message... I'll try to make them more clear here. (I must be having a blonde moment, as I cannot figure out how to edit the text here, meaning; highlight, bold, underline etc., and I apologize for that).Issues:

1.) Something continues to change my IE settings, it does not redirect me or anything like that, but at it's will it will check one of the boxes under...
tools>IE options> advanced> Http
And it unchecks the box beside "bypass proxy..."
tools> IE options> connections> lan settings

2.)I cannot, nor ever have been able to reach secure sites... There are some screen shots here:
http://pg.photos.yahoo.com/ph/truebeauty74/album?.dir=ade6

And now my system will not even allow me to access my hotmail account! It brings up a page saying:

"The page cannot be displayed"

And at the bottom of that page it says:

"If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0."

Under my advance tab there is not an option for "PCT 1.0."

My IE info:

Version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519
Cipher Strength: 128-bit
Update Version; SP2

3.) This is a strange issue. It doesn't seem to be relate to any page inparticular, but randomly when I go to a website, I get a message


"please wait while windows configures MS Word 2000 SR-!"
"the feature you are trying to use is on a CD-ROM or other removable..."
"Error 1706. No valid source could be found for product MS...."

http://pg.photos.yahoo.com/ph/truebeauty74/slideshow2?.dir=ade6&.beg=1&.src=ph

Collapse -
This is getting good ;)
by John.Wilkinson / February 17, 2006 5:37 AM PST

I'll hit the points one-by-one, as this is getting good. Happy

Here in the Cnet forums we use BBS coding as opposed to the standard HTML. For info about using this, click here.
-------------------------------------------------------
Your LAN and HTTP settings may be being changed by your ISP, which from your HJT log appears to be DIRECTV through Hughes Network Systems. I don't know much about their setup, so you may want to contect them and see what they have to say.
-------------------------------------------------------
PCT (Private Communication Technology) 1.0, was a security protocol designed to be more secure than SSL. However, to my knowledge it was phased out some time back, replaced by SSL 2.0/3.0 and TLS 1.0. In any case, PCT is not an option in Internet Explorer 6.0, so that's not a problem.
-------------------------------------------------------
With IE not loading various websites, there are a couple of things you can try:

* Try another browser, such as Firefox, to see if the issue is specific to the browser.

* Check your hosts file (filename HOSTS in the directory C:\WINDOWS\system32\drivers\etc) and make sure that the sites are not listed. If they are, delete them, as this file contains a list of sites/IP addresses to block automatically.

* Make sure IE is set to use SSL2.0, SSL3.0, and TLS1.0.

* Make sure Norton is not set to block those sites.
* IEFix and WinSock XP ix are two common tools used to fix IE corruption issues. (Both are free.)

* You can click here for instructions on repairing Internet Explorer.
-------------------------------------------------------
For the Microsoft Word issue, it's strange but does happen. First, I'd download the latest updates...you're running Office 2000 SP1, but the latest is SP3. To download the 13MB update, click here. You can also try doing a repair installion of MS office...pop in the CD and run setup, then choose the repair option instead of uninstall. With any luck that will correct the issue.
-------------------------------------------------------
According to HJT, you have Office 11 (2003) installed, but the screenshots you posted indicate Word 2000. Do you have multiple versions installed?
-------------------------------------------------------
If you're no longer using AOL you can/should uninstall it. (I'm one of the ones who don't want anything AOL on my system. You can do a forum search for previous discussions on why it's referred to as ''The Beast.'')
-------------------------------------------------------
Security-wise, you're looking pretty good...no flags go off on your most recent HJT log. (Congrats!) With Norton Internet Security 2005, Spyware Doctor, Tenebril SpyCatcher, SpyBot, and likely more, you're pretty-well protected. Spyware Doctor is much better than SpyCatcher (as evidenced by SpyCatcher's recent performance on your system), so I'd make that your real-time protection and make SpyCatcher the second-stringer that you use on a weekly/monthly basis to make sure your starter doesn't miss anything. Just keep up on the updates and weekly scans and you should be fine.

Hope this helps and let us know how it goes.
John

Collapse -
Ah, Thank-you, so much....: )
by NetKnockout / February 17, 2006 3:25 PM PST

I really appreciate your time. I am absolutely spent right now, and will stumble to my bed as soon as I click submit on this message! I will tackle this "project" first thing in the morning and let you know how things are sitting afterward!!! : ) ~Nikki

Collapse -
Couldn't Sleep..; (
by NetKnockout / February 17, 2006 5:15 PM PST

Hi John,

1.)Checked for host files - none...
2.)Word 2003 came on my pc for a 60 day trial, so I installed MS Word from an old disk perhaps there is a conflict, but the program works fine... Except for those strange installation messages that only occur when browsing... >quirky confused expression<
3.)Thanks for the info pertaining to the BSS, though it's to much for me to dig into right this moment.
Also, thanks for the info regarding the pct thing as that has been baffling me for a long time, by the way, if you don't mind me asking, have you managed to acquire such vast knowledge... Yay you...: )
4.)Firefox- Hmm, someone else suggested that, though honestly I am a little nervous about doing that, or perhaps it is just my humane disposition to resist chnage...: ( So, I'll try the other options first, and if all fails, I'll brave the unknown and give it a a shot...: )
5.)Downloading updates, well that brings me to another issue that I failed to mention, I cannot download updates from Microsoft, it tells me each time I attempt to scan for updates that an error has occurred!!!
6.)I use my AOL, for my main e-mail account, and as a back-up for when the satellite decides to take a break, due to a little puffy cloud floating by, or one of it's unknown reasons, well at least unknown to me.
Though, I will look into this suggestion as I could be wrong, but I think AOL, negatively effects my overall system performance, meaning I think it may be a contributing factor in the sluggish results I'm experiencing with my pc in general, plus I pay something like $60.00 monthly for my satellite service plus something like $40.00 monthly for my AOL... Yuck!
7.)Oh, which brings me to that little issue, that I think I may have failed to mention... My pc is only a few months old, and is suppose to be one of the fastest systems, PC Pitstop has scanned my pc and agrees that it is one of the fastest systems available, though if I have a few programs open then it's speed, (not Internet related just on my pc in general), the speed decreases dramatically, and when it does, I check the task manager, and normally the CPU usage will be between 0% up to 7%, though I have noticed if I watch it, it will occasionally jump to 22%, or something close to that, but only for a second or two...
8.)My Norton, I guess was also a free trial, it still runs but I think I have to pay for updates. The Spyware Doctor seemed to do an excellent job. I also run scans at OCWizards/ Panda/ Trend & Pc Pitstop pretty regularly... I also have ad-aware/ spyware blaster... Although, I don't think I have ANY of it running right now, my system was behaving so poorly that I ended up using selective start-up, with just about everything disabled, I'll need to go back and change that soon. When I last scanned at OCWizards, it came up with a key logger "Key Thief", which of course made me really uncomfortable as that was certainly not something I installed on my pc, and absolutely no one has physical access to my pc... I'd really like to have been able to find out whom or at least when that sucker had been installed and if it had indeed sent any log files, but with all the other little issues, I had to put that on the back burner for now...

WOW, my fingers are feeling the keystrokes required just to write this post, leaving me with a very guilty feeling for all you have lent to me and my "little cause"... I wish I knew of a way to some how repay you for your time and kindness...(If, you should know of one please let me know)...
With Heaps of Gratitude, Nikki

Collapse -
Suggestions.
by Papa Echo / February 16, 2006 6:01 PM PST

You can post your HJT logs to HJT forums, e.g. at Castle Cops, where there are HJT experts. (You have to register first.)

You can still do a lot to help yourself, and perhaps shorten the HJT logs for easier and faster analysis. I suggest that you find (google) and read about, download, install and run:

?CW Shredder
?Stinger
?Spybot S&D
?Ad-Aware SE
?AVG anti -virus
?Ewido
Also run an on-line scan, e.g. HOUSECALL.

The above programs together will remove most, if not all, viruses and parasites. See if they improve things. Then run an HJT log.

After solving the problems, keep the above, then add Zone Alarm and Spyware Blaster.

With this free ''array'' of defences, I find that I do not need to part with my $$ for sharewares. And I have IE as my default browser with IE default e-mail client, which for most at CNet here will have alarm bells ringing.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?