Adware overload on my computer -- I'm new, please help

Status
Not open for further replies.

tinrobert

Posts: 10   +0
I got hit by adware popups just after Christmas. I used Spyware, Adaware and Spy Doctor but the problem persists. Norton Antivirus has found 10 "low-risk" problems but there is no way to erase them in that program. I checked in Windows Explorer and all directories were started on Dec 29! and are not there on my laptop.

The files are (according to Norton):

C:/Program Files/Bulls Eye Network/bin/adv.exe
within windows\System 32\mac80ex.idf

C:/Program Files/Bulls Eye Network/bin/adx.exe
within windows\System 32\mac80ex.idf

C:/Program Files/Bulls Eye Network/bin/bargains.exe
within windows\System 32\mac80ex.idf

Windows/System 32/javexlum.vxd
within windows\System 32\netut80ex.vxd

Windows/System 32/msexreg.exe
within windows\System 32\netut80ex.vxd

Windows/System 32/mqexdlm.srg
within windows\System 32\netut80ex.vxd

Windows/System 32/msbe.dll
within windows\System 32\mac80ex.idf

Windows/System 32/exdl.exe
within windows\System 32\netut80ex.vxd

Windows/System 32/exul.exe
within windows\System 32\netut80ex.vxd

\Windows\wupdsnff.exe


I sent these to Spy Doctor after a malware scan but they haven't yet figured out the problem, only to tell me it is a Bulls Eye

Questions:

As Norton has identified them, how can I get the program to delete or quarantine them (I can only skip them in the next scan according to the message)?
Are there any programs that will remove them?
Can I delete them manually (I'm not too skilled about that except to right click and delete)?

The adware eliminated my capability to do a System Restore and stopped the block capability on Google. I've been using Mozilla to avoid the pop-ups on IE.

Thank you

Tinrobert
 
Welcome to TechSpot.

Probably the best thing to do, is follow the instructions, as layed out by Realblackstuff, in this thread. Pay special attention to the CWShredder part, hopefully that might get rid of it.
 
Thank you for your prompt reply

Trying to reply but get this message. Removed allURLs but still can't get through.

Your Post contains one or more URLs, please remove them before submitting your message again.

Help
 
'Adware overload on my computer -- I'm new, please hel

Managed to find that real (dot) com was in this message (I replaced the period with the word dot) -- I told you I'm new at this.

Anyway,

Followed instructions. Ran Ad- Aware with VX plug-in -- nothing found
Ran CW shredder -- nothing found
Ran Ad-Aware with UNcheck "Scan for negligible risk entries", select "Perform full system scan" -- nothing found

Ran HijackThis -- got the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real (dot) com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

What do I do now? I'm lost!
 
Look here How to post Hijackthis Log-file

You
Based on your HJT-posting, run HJT in safe mode and let it 'fix':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

And next time, READ THE INSTRUCTIONS AND FOLLOW THEM
 
Thank you for the prompt feedback.

I removed the lines from the HJT. Attached is a new HJT scan.

Now, the directories U had this Bullseye and caskback are still in my computer after finding them in Windows Explorer. These were identified by Norton Utilities as "low-risk" and so they were not removed by Norton.

Can they be removed manually by rightclicking?
Any other suggestions, as my computer is booting and loading very slow?

Below is the scan from Norton:

C:/Program Files/BullsEye Network/bin/adv.exe
within windows\System 32\mac80ex.idf

C:/Program Files/BullsEye Network/bin/adx.exe
within windows\System 32\mac80ex.idf

C:/Program Files/Bulls Eye Network/bin/bargains.exe
within windows\System 32\mac80ex.idf

Windows/System 32/javexlum.vxd
within windows\System 32\netut80ex.vxd

Windows/System 32/msexreg.exe
within windows\System 32\netut80ex.vxd

Windows/System 32/mqexdlm.srg
within windows\System 32\netut80ex.vxd

Windows/System 32/msbe.dll
within windows\System 32\mac80ex.idf

Windows/System 32/exdl.exe
within windows\System 32\netut80ex.vxd

Windows/System 32/exul.exe
within windows\System 32\netut80ex.vxd

Each of these directories is plainly visible in System 32 in Windows
explorer and all were created on Dec 29.

Thank you very much for your help. (Did I load the HJT right this time?

Tinrobert
 
Your HJT-log looks clean.

BUT, you are "infected" with BargainBuddy.

What you could do first, is boot into safe mode.
Press Ctrl/Alt/Del and in Taskmanager try to STOP whatever process (all those .exe files) from your list is in there.

Delete those .vxd and .idf files if you can
Next, delete the BullsEye Network directory with EVERY file and subdirectory in it.

More info can be found here: (scroll down to Manual Removal)
http://www.pestpatrol.com/PestInfo/B/BargainBuddy.asp
or here:
http://sarc.com/avcenter/venc/data/adware.bargainbuddy.html

See how you get on with this.
 
Thank you for your help. Here's what happened:
I erased the .vxd and .ifd files in Search and in Windows Explorer.
Spybot removed BargainBuddy

Reboot took a long time. There are 45 processes running at one time.
Word had a problem with normal.dot

Then I ran another Norton Antivirus scan. Found that the following "low-risk" files originally in the .vxd and .idf directories I erased, which are:

Windows/System 32/exdl.exe
Windows/System 32/msexreg.exe
Windows/System 32/mqexdlm.srg
Windows/System 32/javexlum.vxd
Windows/System 32/exul.exe

are now in c:\system volume\information_restore{8513C62E-889D-4878-AFC3-816F635DOFOE}\RP4\A0003133.VXD

(can't decifer my handwriting if it is systemvolume or system volume - sorry)

Also, Norton found \windows\wrpdsnff.exe

Also, Pest Patrol found the following (I didn't buy it so I couldn't remove it):
c:\documents and settings\(my name)\application data\sskewrd.dll

I can't find these files in a Search. Can't locate system volume and can't get into documents and settings. Spybot, Spyware Doctor, and Ad-Aware don't find anything.

Is it hopeless?

Tinrobert
 
Not yet. Switch off System Restore. Then delete all your restore points.

Follow the instructions in my big post to show ALL files, incl. system-and hidden-files.
Boot into safe mode, in Task Manager try to STOP the wrpdsnff.exe process
Then run HJT to "fix" wrpdsnff.exe and sskewrd.dll if they show up.
Then delete them.

You may have to deregister that DLL file first.
In a Command-prompt window type in:
cd \windows\System32 and press Enter
regsvr32 /u c:\documents and settings\(my name)\application data\sskewrd.dll
and press enter
Then delete it.
 
Adware overload on my computer -- I'm new

realblackstuff

Thank your for your efforts, but nothing worked.

Nothing was found in regsvr32 u
Task manager in safe mode did not show the wrpdsnff.exe
Ran a HJT and did not find wrpdsnff.exe and sskewrd.dll

I've attached the HJT scan, maybe you can see something unusual.

Thanks again,

Tinrobert
 
Here are couple things you can try. First download Microsoft® Windows AntiSpyware (Beta) from Microsoft's website and try see if that will remove all those for you. If not. Go in safe mode and delete them out. Do make a restore point just incase if you delete the wrong thing. Hope that helps
 
Adware overload on my computer -- I'm new

jfoofoo,

Thank you for your post. I downloaded Microsoft® Windows AntiSpyware (Beta) and guess what? It worked :giddy: Seems to have gotten rid of files that Norton Antivirus picked up but couldn't delete.

realblackstuff

OK, took your advise and deleted Microsoft® Windows AntiSpyware (Beta) before any new damage happened.

Question,

Boot up and program loading take a very lnog time. I haave 46 processes running at one time. Is that the problem? What about the antivirus and antispy software immunization -- is that the problem? Went through disk cleanup and defrag. Any other suggestions?

Cheers
 
tinrobert,
you did not attach your HJT-log in your previous post.
Without that I have very little to go on.
Make a fresh one and post it as attachment.
 
Adware overload on my computer -- I'm new

realblackstuff

OK ran another scan. Problem I'm finding now is I have 45 processes running and it takes several minutes to boot up or to start Mozilla and other files. Is that the problem? What about the antivirus and antispy software immunization programs I'm running (Norton Antivirus, Spy Doctor, Pestpatrol) -- is that the problem? Went through disk cleanup and defrag. Any other suggestions?

Thank you realblackstuff
 
There is nothing wrong with your HJT-log.

My suggestion would be to run HJT and have it 'fix':
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
This indexing uses a fair bit of resources.

Also, please fill in your "User Profile", top left on this page, so we can see what hardware you have.

I think you have a low-spec PC, something like an early Dell Dimension, with not enough memoryand too much crap installed on that PC.
Do you really need all those programs to startup as soon as you switch on?
I'm referring to that list of all the O4 Run/Startup programs. This is utter nonsense.
 
realblackstuff,

Thanks again for your prompt reply.

Looked at the O4 Run/Start programs and don't know why they are there. Didn't do it personally or on purpose. Which other O4's can I remove?

I do have a Dell Dimenstion, which I purchased about 2 years ago:

Dimension® 4300 Series,Pentium® 4 Processor at 1.7GHz
Memory: FREE Upgrade! 256MB SDRAM
Keyboard: Dell® Enhanced Quiet Key Keyboard
Monitor: 17 in (15.9 in viewable,.27dp) E771 Monitor
Video Card: 64MB NVIDIA GeForce2 MX Graphics Card with TV-Out
Hard Drive: 40GB Ultra ATA/100 7200RPM Hard Drive
Floppy Drive: 3.5 in Floppy Drive
Operating System: Microsoft® Windows® XP Home Edition¹²
Mouse: MS IntelliMouse®
Network Card: 10/100 PCI Fast Ethernet NIC
Modem: 56K PCI Data Fax Modem for Windows
DVD ROM or CD-ROM Drive: 16x/10x/40x CD-RW Drive with Roxio's Easy CD Creator®
Sound Card: Integrated Audio
Speakers: Harman Kardon Speakers
Bundled Software: Microsoft® Works Suite 2002 with Money 2002 Standard
Norton Antivirus®: Norton Antivirus® 2002, 90-day introductory offer
Digital Music: Dell Jukebox powered by MusicMatch 6.0 for XP
Digital Imaging Software: Image Expert®2000 for XP,Dell Edition

Thanks again,

tinrobert
 
C:\Program Files\Outlook Express\msimn.exe
Stop using it. Install Thunderbird from www.mozilla.org
It will copy all of your OE-messages into the program. Works similar, but a lot safer!
Then UNinstall OE.

UNinstall your Googlebar, it is outdated. If you really want it, install the latest version.

Go to http://startup.iamnotageek.com/search.php
and type in/copy-paste the following programs (just programname.exe) in the Searchbox, then click 'GO':

C:\Program Files\Microsoft Works\WkDetect.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

You will find that they all have a Rating of N=not needed or U=user decides.
They all use up resources for nothing. You can STOP them all by either changing a setting,
or block them, using MSConfig. That website tells you HOW in a number of cases.

To be uninstalled/replaced:
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

'Fix' these with Hijackthis if you never use them:
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

After this you should have a Lean Mean Bloatreduced Machine
 
Adware overload on my computer -- I'm new

realblackstuff,

Tried my best. Can't get a HJT in .txt form, only comes up as .log so I've cut and pasted below.

Still no luck with speed. Can I get HJT to fix any of those O4 items that were found to be an N or U? The jamnotageek site points to software that is for sale in order to disable the items.

Still have 44 tasks running, 7 of which are svchost.exe.

Thanks again,

Tinrobert

HJT

Logfile of HijackThis v1.99.0
Scan saved at 7:09:28 PM, on 1/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
realblackstuff said:
You will find that they all have a Rating of N=not needed or U=user decides.
They all use up resources for nothing. You can STOP them all by either changing a setting,
or block them, using MSConfig. That website tells you HOW in a number of cases.
You can STOP them all by either changing a setting,

Take the finger out! Go into those programs, look into settings/tools/options or wherever, stop them from checking for automatic updates etc.

Ever heard of renaming files?

Also, when HJT makes its log, it asks where to save it. Just overtype hjt.txt or something.
You are on your own now, I have explained all there is to explain.
 
Status
Not open for further replies.
Back