BHO's and only the best pop-up, i've tried almost everything!!

[Guest]

I have been working with these popups and another virus which would actually set a new number to dial for internet, but i think that one is gone. These popups won't stop and my home page keeps getting redirected and searching is a nogo. PLEASE HELP I have downloaded hijack this and got a log of my running processes and just need a little guidance if anyone has anything they could tell about this.
Thank you
Suzanne

 

[JR]

This is caused by a third-party program (adware, spyware,
parasite)

Download, install, *update* and run these two programs:
Ad-aware from http://www.lavasoft.de/software/adaware/
Spybot from http://security.kolla.de/ (Remove items
listed in red.)

Additional information at:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Note the security recommendations.

BHOs and Spyware
http://www.generation.net/~hleboeuf/spyware.htm#BHOCOP

Bugs, Glitches & Stuffups:
http://www.mvps.org/inetexplorer/Darnit.htm

Search for common parasites at
http://www.doxdesk.com/parasite/

-----Original Message-----
I have been working with these popups and another virus

which would actually set a new number to dial for
internet, but i think that one is gone. These popups
won't stop and my home page keeps getting redirected and
searching is a nogo. PLEASE HELP I have downloaded hijack
this and got a log of my running processes and just need
a little guidance if anyone has anything they could tell
about this.

 

[mark]

I have the same problem with repeated pop-up and
redirection. Supposedly Microsoft has just released a
patch for this kind of activity. See the link:
http://www.microsoft.com/presspass/press/2004/jul04/07-
02configchange.asp

Cheers,
Mark

-----Original Message-----
I have been working with these popups and another virus

which would actually set a new number to dial for
internet, but i think that one is gone. These popups
won't stop and my home page keeps getting redirected and
searching is a nogo. PLEASE HELP I have downloaded hijack
this and got a log of my running processes and just need a
little guidance if anyone has anything they could tell
about this.

 

[Guest]

I have used the adaware and spyware programs, i think ive tried just about everything, but it keeps rewriting itself. I've used the spybot s&d,
Logfile of HijackThis v1.97.7
Scan saved at 8:20:08 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\appcy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\javasw.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Suzanne Brantley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\systeminit.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [javasw.exe] C:\WINDOWS\system32\javasw.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [svrhost.exe] C:\WINDOWS\system32\svrhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32\svphost.exe
O4 - HKLM\..\RunOnce: [msgr.exe] C:\WINDOWS\msgr.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Suzanne Brantley"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Suzanne Brantley"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://accelerator.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1082489726484
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O19 - User stylesheet: C:\WINDOWS\sstyle.css
O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)

 

[Guest]

Hi Suzanne Brantley
From what I can see, there still lots of things left to
cleanup on your machine....

-----Original Message-----
I have used the adaware and spyware programs, i think

ive tried just about everything, but it keeps rewriting
itself. I've used the spybot s&d,

Logfile of HijackThis v1.97.7
Scan saved at 8:20:08 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\appcy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\javasw.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Suzanne Brantley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defau
lts/sb/*http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defau
lts/su/*http://www.yahoo.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-

E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-

FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-

00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-

8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2- 892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common

Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\systeminit.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program

Files\BellSouth Internet Tools\blsloader.exe"

O4 - HKLM\..\Run: [javasw.exe] C:\WINDOWS\system32 \javasw.exe
O4 - HKLM\..\Run: [WildTangent CDA]

RUNDLL32.exe "C:\Program
Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMai
n

O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft Works Update Detection]

C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [svrhost.exe] C:\WINDOWS\system32 \svrhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32 \svphost.exe
O4 - HKLM\..\RunOnce: [msgr.exe] C:\WINDOWS\msgr.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program

Files\Webroot\Washer\WashIdx.exe "Suzanne Brantley"

O4 - HKCU\..\RunOnce: [Index Washer] C:\Program

Files\Webroot\Washer\WashIdx.exe "Suzanne Brantley"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Internet Answering Machine.lnk =

C:\Program Files\CallWave\IAM.exe

O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}

(Support.com Configuration Class) -
http://accelerator.bellsouth.net/sdccommon/download/tgctlc
m.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}

(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director
/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}

(MSSecurityAdvisor Class) -
http://download.microsoft.com/download/0/5/c/05c905f4-
dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1082489726484

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/Av
Sniff.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}

(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-
0-3-9.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bi
n/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.tr
endmicro.com/housecall/xscan53.cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C}

(CWDL_DownLoadControl Class) -
http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D}

(DoomCln Object) -
http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C}

(Downloader Class) -
https://www.stopzilla.com/_download/Auto_Installer/dwnldr.
cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}

(CRegistryDownload Class) -
http://download.paltalk.com/download/0.x/regdload.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN

Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

 

[Guest]

anonymous i have used all these programs do you have any advice as to what to do next, everytime i go online i run adaware and it picks up 9 new things so i clean those, my norton av shows nothing, please anything

Hi Suzanne Brantley
From what I can see, there still lots of things left to
cleanup on your machine....

-----Original Message-----
I have used the adaware and spyware programs, i think

ive tried just about everything, but it keeps rewriting
itself. I've used the spybot s&d,

Logfile of HijackThis v1.97.7
Scan saved at 8:20:08 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\appcy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\javasw.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Suzanne Brantley\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defau
lts/sb/*http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.bellsouth.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defau
lts/su/*http://www.yahoo.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-

E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-

FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-

00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-

8AD1-7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2- 892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common

Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [system32.dll] C:\WINDOWS\system\systeminit.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program

Files\BellSouth Internet Tools\blsloader.exe"

O4 - HKLM\..\Run: [javasw.exe] C:\WINDOWS\system32 \javasw.exe
O4 - HKLM\..\Run: [WildTangent CDA]

RUNDLL32.exe "C:\Program
Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMai
n

O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft Works Update Detection]

C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [svrhost.exe] C:\WINDOWS\system32 \svrhost.exe
O4 - HKCU\..\Run: [svphost.exe] C:\WINDOWS\system32 \svphost.exe
O4 - HKLM\..\RunOnce: [msgr.exe] C:\WINDOWS\msgr.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program

Files\Webroot\Washer\WashIdx.exe "Suzanne Brantley"

O4 - HKCU\..\RunOnce: [Index Washer] C:\Program

Files\Webroot\Washer\WashIdx.exe "Suzanne Brantley"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Internet Answering Machine.lnk =

C:\Program Files\CallWave\IAM.exe

O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}

(Support.com Configuration Class) -
http://accelerator.bellsouth.net/sdccommon/download/tgctlc
m.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}

(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director
/sw.cab

O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}

(MSSecurityAdvisor Class) -
http://download.microsoft.com/download/0/5/c/05c905f4-
dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1082489726484

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/Av
Sniff.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}

(EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-
0-3-9.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bi
n/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.tr
endmicro.com/housecall/xscan53.cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C}

(CWDL_DownLoadControl Class) -
http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D}

(DoomCln Object) -
http://www.microsoft.com/security/controls/DoomCln.CAB

O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C}

(Downloader Class) -
https://www.stopzilla.com/_download/Auto_Installer/dwnldr.
cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/sw
flash.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}

(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab

O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}

(CRegistryDownload Class) -
http://download.paltalk.com/download/0.x/regdload.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN

Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O19 - User stylesheet: C:\WINDOWS\sstyle.css
O19 - User stylesheet: C:\WINDOWS\sstyle.css (HKLM)





.

 

[Guest]

Hi Suzanne---

I suggest you post your HJT log here. I think you have a browser helper object that needs to be removed. Let the experts there, help you!! See ya--

www.zerosrealm.com