-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
Safe. This entry has been identified as safe.

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script
Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
Safe. This entry has been identified as safe.

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
https://support.dell.com/systemprofiler/SysPro.CAB
Safe. This entry has been identified as safe.

O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web
Collaboration Class) - http://63.166.193.103/netagent/objects/emagic.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown
sites should always be fixed. If the name of the ActiveX-Object or the URL
contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
Check if you know this site and fix it if you do not.
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} -
http://www.errornuker.com/products/e...orNukerInstall er.exe
Nasty This entry is possibly nasty.
Should be fixed.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
Safe. This entry has been identified as safe.

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/tech...l/LSSupCtl.cab
Safe. This entry has been identified as safe.

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
Safe. This entry has been identified as safe.

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/S...in/AvSniff.cab
Safe. This entry has been identified as safe.

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yaho...st20040510.cab
Safe. This entry has been identified as safe.

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
- http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
Safe. This entry has been identified as safe.

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
Safe. This entry has been identified as safe.

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...lient/muweb_si te.cab?1119654769274
Safe. This entry has been identified as safe.

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
Safe. This entry has been identified as safe.

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
Safe. This entry has been identified as safe.

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/tech...l/SymAData.cab
Safe. This entry has been identified as safe.

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/tech...ActiveData.cab
Safe. This entry has been identified as safe.

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
http://liveca04.rightnowtech.com/702.../java/RntX.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown
sites should always be fixed. If the name of the ActiveX-Object or the URL
contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
Check if you know this site and fix it if you do not.
O17 -
HKLM\System\CCS\Services\Tcpip\..\{31920486-A7EF-43B5-917B-85B3CF05A59C}:
NameServer = 207.69.188.185 207.69.188.186
Possibly nasty If this Domain does not belong to your ISP, or your firms
network, these entries should be fixed. 'SearchList' entries should be fixed
too.
Do you know the IP or Domain '207.69.188.185 207.69.188.186'? If not, fix
this entry.
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
Unnecessarily These entries shows all services which are not from
Microsoft. Often malware is starting as a systemservice and it's not easy to
detect it.
Unknown service. (ALUSchedulerSvc.exe (file missing))
Unnecessary (deactivated) entry that can be fixed.
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (ccEvtMgr.exe) was identified as a good one.
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (ccProxy.exe) was identified as a good one.
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (ccPwdSvc.exe) was identified as a good one.
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (ccSetMgr.exe) was identified as a good one.
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo
Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe

Unknown These entries shows all services which are not from Microsoft.
Often malware is starting as a systemservice and it's not easy to detect it.
Unknown service. (wmonitor.exe)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program
Files\Norton Internet Security\ISSVC.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (ISSVC.exe) was identified as a good one.
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (LEXBCES.EXE) was identified as a good one.
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (navapsvc.exe) was identified as a good one.
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (NPROTECT.EXE) was identified as a good one.
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation
- C:\WINDOWS\system32\nvsvc32.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
Internet Security\Norton AntiVirus\SAVScan.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (SAVScan.exe) was identified as a good one.
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (SBServ.exe) was identified as a good one.
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (SNDSrvc.exe) was identified as a good one.
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (SPBBCSvc.exe) was identified as a good one.
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
Safe. These entries shows all services which are not from Microsoft. Often
malware is starting as a systemservice and it's not easy to detect it.
This service (NOPDB.EXE) was identified as a good one.
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Safe.
--
StanStan

StanStan wrote:

There are specialty forums where you should post a hijackthis log.
Please don't post them here.

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

--
Rock
MS MVP Windows - Shell/User

In article <9B898E9F-9B23-4A4A-8ED3-EDF97038330A@microsoft.com>,
StanStan@discussions.microsoft.com says...
> Subject: Have results from Hijackthis. Don't understand them!!! 1st half
> From: StanStan <StanStan@discussions.microsoft.com>
> Newsgroups: microsoft.public.windowsxp.general

Post them to a HIJACK forum, this is a Windows XP forum.

Search google for HIJACK FORUM to learn more.

--

spam999free@rrohio.com
remove 999 in order to email me

This post is the first half of the Hijackthis scan results.
I really do not know to handle this to find the items I should remove!
Thanks

StanStan

This should be the newest version. (v1.99.1)
Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is:
6.00.2900.2180!
This should be the newest version. (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\WINDOWS\system32\winlogon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\WINDOWS\system32\services.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\WINDOWS\system32\lsass.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname für Dienste.


C:\WINDOWS\System32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
Safe. running process. (ccProxy.exe)
Part of a Symantec Application


C:\WINDOWS\Explorer.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Safe. running process. (ccSetMgr.exe)



C:\Program Files\Norton Internet Security\ISSVC.exe
Safe. running process. (ISSVC.exe)
Norton Internet Security 2005


C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Safe. running process. (SNDSrvc.exe)
Part of a Symantec Application


C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Safe. running process. (SPBBCSvc.exe)
Norton Internet Security 2005


C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. running process. (ccEvtMgr.exe)
Event logging application


C:\WINDOWS\system32\LEXBCES.EXE
Safe. running process. (LEXBCES.EXE)
Lexmark LexBce Service


C:\WINDOWS\system32\LEXPPS.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\WINDOWS\system32\spoolsv.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
Unknown running process. (wmonitor.exe)

This is a unknown process.

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
Safe. running process. (navapsvc.exe)
Norton AntiVirus application that provides auto-protection of the system.

Possibly nasty! According to our database this process runs normally in
c:\programme\norton antivirus\! Check if you know this process and arrange a
viruscheck where required.
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
Safe. running process. (NPROTECT.EXE)
Norton Software

Possibly nasty! According to our database this process runs normally in
c:\programme\norton internet security professional\norton
antivirus\advtools\! Check if you know this process and arrange a viruscheck
where required.
C:\WINDOWS\system32\nvsvc32.exe
Safe. running process. (nvsvc32.exe)
NVIDIA graphics card driver
Not dangerous, but unnecessary.

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
Safe. running process. (NOPDB.EXE)


Possibly nasty! According to our database this process runs normally in
c:\programme\norton~1\speedd~1\! Check if you know this process and arrange a
viruscheck where required.
C:\WINDOWS\System32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Safe. running process. (symlcsvc.exe)



C:\WINDOWS\system32\RUNDLL32.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\WINDOWS\TPPALDR.EXE
Safe. running process. (TPPALDR.EXE)



C:\WINDOWS\system32\rundll32.exe
Safe. running process. (rundll32.exe)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so
that they can be used by specific programs or by Windows.


C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\WINDOWS\system32\devldr32.exe
Safe. running process. (devldr32.exe)



C:\Program Files\QuickTime\qttask.exe
Safe. running process. (qttask.exe)
Part of QuickTime


C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Safe. running process. (gcasServ.exe)
Microsoft Antispyware


C:\Program Files\Dell Support\DSAgnt.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
C:\Program Files\Billeo\billeo.exe
Unknown running process. (billeo.exe)

This is a unknown process.

C:\Program Files\Advanced Searchbar\Free Weather\weather.exe
Safe. running process. (weather.exe)
Weatherbug provides current outdoor temperature in the System Tray, also
weather alerts. Available via Start -> Programs
Not dangerous, but unnecessary.

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Safe. running process. (gcasDtServ.exe)
Microsoft AntiSpyware


C:\Program Files\PowerQuest\DataKeeper 5.0\DataKeeper.exe
Safe. running process. (DataKeeper.exe)
PowerQuest DataKeeper


C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
Safe. running process. (MailWasher.exe)
Mail Washer

Possibly nasty! According to our database this process runs normally in
c:\program files\firetrust\mailwasher pro\! Check if you know this process
and arrange a viruscheck where required.
C:\WINDOWS\system32\sol.exe
Unknown running process. (sol.exe)

This is a unknown process.

C:\Program Files\Outlook Express\msimn.exe
Safe. running process. (msimn.exe)
Outlook Express


C:\Program Files\Internet Explorer\iexplore.exe
Safe. running process. (iexplore.exe)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu
verwenden. (z.B. Firefox)


C:\Documents and Settings\spk\Desktop\MYs\My
DOWNLOADS\HIJACKTHIS\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so
angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis
run in an own folder it will create backups!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.net
Safe. This page has been identified as safe.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink.net/partner/mor...on/search.html
Nasty This entry should be fixed by HijackThis!
This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...//www.yahoo.co m/search/ie.html
Safe. This page has been identified as safe.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.earthlink.net/partner/mor...on/search.html
Nasty This entry should be fixed by HijackThis!
This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...//www.yahoo.co m/search/ie.html
Safe. This page has been identified as safe.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/cust...//www.yahoo.co m
Safe. This page has been identified as safe.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/cust...//www.yahoo.co m
Safe. This page has been identified as safe.

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/cust...//www.yahoo.co m
Safe. This page has been identified as safe.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
"C:\Program Files\Outlook Express\msimn.exe"
Safe.

R3 - Default URLSearchHook is missing
Nasty This entry was classified from our visitors as bad.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O2 - BHO: EarthLink ScamBlocker V2 -
{15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink
TotalAccess\Toolbar\EScamBlk.dll
Unknown Entries found in this registry zone are potentially nasty. This
application ([15F4D456-5BAA-4076-8486-EECB38CD3E57] - Result: ) has been
checked. Hit rate: -1 %
Unknown application.
O2 - BHO: Windows Proxy support DLL -
{2DC9D850-144D-11E1-B3C9-10805E499D93} - C:\WINDOWS\system32\winprox.dll
Unknown Entries found in this registry zone are potentially nasty. This
application ([2DC9D850-144D-11E1-B3C9-10805E499D93] - Result: ) has been
checked. Hit rate: -1 %
Unknown application.
O2 - BHO: Idea2 SidebarBrowserMonitor Class -
{45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop
Sidebar\sbhelp.dll
Safe. Entries found in this registry zone are potentially nasty. This
application ([45AD732C-2CE2-4666-B366-B2214AD57A49] - Result:
45AD732C-2CE2-4666-B366-B2214AD57A49) has been checked. Hit rate: 99 %

O2 - BHO: EarthLink PopUp Blocker V2 -
{512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink
TotalAccess\Toolbar\ElnkPuB.dll
Unknown Entries found in this registry zone are potentially nasty. This
application ([512ACF1B-64D9-4928-B382-A80556F28DB4] - Result: ) has been
checked. Hit rate: -1 %
Unknown application.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O2 - BHO: Earthlink Protection BHO -
{9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink
TotalAccess\Toolbar\ProtctIE.dll
Unknown Entries found in this registry zone are potentially nasty. This
application ([9579D574-D4D8-4335-9560-FE8641A013BD] - Result: ) has been
checked. Hit rate: -1 %
Unknown application.
O2 - BHO: Norton Internet Security -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This
application ([9ECB9560-04F9-4bbc-943D-298DDF1699E1] - Result:
9ECB9560-04F9-4bbc-943D-298DDF1699E1) has been checked. Hit rate: 99 %

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This
application ([BDF3E430-B101-42AD-A544-FADC6B084872] - Result:
BDF3E430-B101-42AD-A544-FADC6B084872) has been checked. Hit rate: 99 %

O2 - BHO: Uninstall Legacy Earthlink Toolbar -
{E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink
TotalAccess\Toolbar\uninsttb.dll
Unknown Entries found in this registry zone are potentially nasty. This
application ([E713904C-DF05-4C79-BBAD-02DB923253BE] - Result: ) has been
checked. Hit rate: -1 %
Unknown application.
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} -
C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
Unknown Entries found in this registry zone are potentially nasty. This
application ([C7768536-96F8-4001-B1A2-90EE21279187] - Result: ) has been
checked. If the name is made up of random letters, found in the folder
'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate:
-1 %
If you do not know that application, fix it.
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This
application ([0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7] - Result:
0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7) has been checked. If the name is made
up of random letters, found in the folder 'Application Data' and the kind is
'Unknown' , it should be fixed. Hit rate: 99 %

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This
application ([42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6] - Result:
42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6) has been checked. If the name is made
up of random letters, found in the folder 'Application Data' and the kind is
'Unknown' , it should be fixed. Hit rate: 99 %

O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program
Files\Billeo\billeo.dll
Unknown Entries found in this registry zone are potentially nasty. This
application ([6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111] - Result: ) has been
checked. If the name is made up of random letters, found in the folder
'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate:
-1 %
If you do not know that application, fix it.
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
Safe. Part of NVidia
Hit rate: 99 % (result)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Safe. Application that allows a users to have 32 virtual desktops, get a
desktop larger than the viewable area of the monitor, divide the display
across more than one monitor, manage applications, and many more features.
Hit rate: 99 % (result)

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Safe. Part of NVidia
Hit rate: 99 % (result)

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
Safe. Installed with DataStors (and some other manufacturers) USB 2.0
based external DVD, CD-ROM and CD-RW drives. System tray icon allowing the
user to disconnect the external drive without an error message being
displayed
Hit rate: 58 % (result)

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
Safe. Part of Norton AntiVirus 2003. Auto-protect and E-mail check will
not function without this
Hit rate: 99 % (result)

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
Safe. O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
Hit rate: 99 % (result)

O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Safe.
Hit rate: 79 % (result)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
Safe. System Tray access to Apple's "Quick Time" viewer from version 5
onwards
Hit rate: 94 % (result)
Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [Propel Accelerator] C:\Program Files\JOIEXPRESS
SAVE\JoiExpress\trayctl.exe /STARTUPLAUNCH
Unknown
Hit rate: 8 % (result)
Unknown application.
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
Safe. Part of NVidia
Hit rate: 65 % (result)

O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton
SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE
CfgWiz
Safe. Part of Norton SystemWorks
Hit rate: 99 % (result)

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe"
/startup
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O4 - Startup: DataKeeper.lnk = C:\Program Files\PowerQuest\DataKeeper
5.0\DataKeeper.exe
Safe. PowerQuest DataKeeper
Hit rate: 90 % (result)

O4 - Startup: weather.lnk = C:\Program Files\Advanced Searchbar\Free
Weather\weather.exe
Safe. Weatherbug provides current outdoor temperature in the System Tray,
also weather alerts. Available via Start -> Programs
Hit rate: 3 % (result)
Not dangerous, but unnecessary.
O4 - Global Startup: billeo.lnk = C:\Program Files\Billeo\billeo.exe
Unknown
Hit rate: 13 % (result)
Unknown application.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
Probably safe. Fix this entry if you did not activate the 'Lock homepage
from changes' option in some kind of anti-spyware tool.
To be fixed if not done intentionally.
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
Safe. The entry &Add animation to IncrediMail Style Box has been
identified as safe.
If the entry '&Add animation to IncrediMail Style Box ' is not needed
anymore, it should be fixed.
O8 - Extra context menu item: &ieSpell Options - res://C:\Program
Files\ieSpell\iespell.dll/SPELLOPTION.HTM
Safe. The entry &ieSpell Options has been identified as safe.
If the entry '&ieSpell Options ' is not needed anymore, it should be
fixed.
O8 - Extra context menu item: Check &Spelling - res://C:\Program
Files\ieSpell\iespell.dll/SPELLCHECK.HTM
Safe. The entry Check &Spelling has been identified as safe.
If the entry 'Check &Spelling ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Download all by Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
Safe. The entry Download all by Free Download Manager has been identified
as safe.
If the entry 'Download all by Free Download Manager ' is not needed
anymore, it should be fixed.
O8 - Extra context menu item: Download by Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
Safe. The entry Download by Free Download Manager has been identified as
safe.
If the entry 'Download by Free Download Manager ' is not needed anymore,
it should be fixed.
O8 - Extra context menu item: Download selected by Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
Safe. The entry Download selected by Free Download Manager has been
identified as safe.
If the entry 'Download selected by Free Download Manager ' is not needed
anymore, it should be fixed.
O8 - Extra context menu item: Download web site by Free Download Manager -
file://C:\Program Files\Free Download Manager\dlpage.htm
Safe. The entry Download web site by Free Download Manager has been
identified as safe.
If the entry 'Download web site by Free Download Manager ' is not needed
anymore, it should be fixed.
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
Safe. The entry Easy-WebPrint Add To Print List has been identified as safe.
If the entry 'Easy-WebPrint Add To Print List ' is not needed anymore, it
should be fixed.
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
Safe. The entry Easy-WebPrint High Speed Print has been identified as safe.
If the entry 'Easy-WebPrint High Speed Print ' is not needed anymore, it
should be fixed.
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Safe. The entry Easy-WebPrint Preview has been identified as safe.
If the entry 'Easy-WebPrint Preview ' is not needed anymore, it should be
fixed.
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Safe. The entry Easy-WebPrint Print has been identified as safe.
If the entry 'Easy-WebPrint Print ' is not needed anymore, it should be
fixed.
O8 - Extra context menu item: Subscribe in Desktop Sidebar -
res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
Safe. The entry Subscribe in Desktop Sidebar has been identified as safe.
If the entry 'Subscribe in Desktop Sidebar ' is not needed anymore, it
should be fixed.
O9 - Extra button: Subscribe in Desktop Sidebar -
{09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop
Sidebar\sbhelp.dll
Safe. The entry Subscribe in Desktop Sidebar has been identified as safe.
If the entry 'Subscribe in Desktop Sidebar ' is not needed anymore, it
should be fixed.
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar -
{09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop
Sidebar\sbhelp.dll
Safe. The entry Subscribe in Desktop Sidebar has been identified as safe.
If the entry 'Subscribe in Desktop Sidebar ' is not needed anymore, it
should be fixed.
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} -
C:\Program Files\ieSpell\iespell.dll
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O9 - Extra 'Tools' menuitem: ieSpell -
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll

Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see,
why the entry was classified in such a way.
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} -
C:\Program Files\ieSpell\iespell.dll
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be
fixed.
To be fixed if the entry '' is unknown.
O9 - Extra 'Tools' menuitem: ieSpell Options -
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll

Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be
fixed.
To be fixed if the entry 'ieSpell Options ' is unknown.
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} -
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be
fixed.
To be fixed if the entry 'MktBrowser ' is unknown.
O9 - Extra 'Tools' menuitem: MarketBrowser -
{17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be
fixed.
To be fixed if the entry 'MarketBrowser ' is unknown.
O9 - Extra button: eBay - Homepage -
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program
Files\IrfanView\Ebay\Ebay.htm
Safe. The entry eBay has been identified as safe.
If the entry 'eBay ' is not needed anymore, it should be fixed.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
Safe. The entry Messenger has been identified as safe.
If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
Safe. The entry Windows Messenger has been identified as safe.
If the entry 'Windows Messenger ' is not needed anymore, it should be
fixed.
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} -
C:\Program Files\Billeo\billeo.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be
fixed.
To be fixed if the entry 'Billeo ' is unknown.
O15 - Trusted Zone: http://www.stevesforums.com
Safe. If you did not add these pages to your trusted pages, they should be
fixed.

O16 - DPF: DigiChat Applet -
http://host6.digichat.com/DigiChat/D.../Client_IE.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown
sites should always be fixed. If the name of the ActiveX-Object or the URL
contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
Check if you know this site and fix it if you do not.
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue)
- http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
Safe. This entry has been identified as safe.
> --
> StanStan

In article <78CA66BF-81C2-47F5-9D3E-FA8BC1CDA398@microsoft.com>,
StanStan@discussions.microsoft.com says...
> This post is the first half of the Hijackthis scan results.
> I really do not know to handle this to find the items I should remove!
> Thanks

Post them to a HIJACK forum on the net, not to Usenet groups that are
not designed for HIJack Logs.

--

spam999free@rrohio.com
remove 999 in order to email me

In article <#dvhxYzDGHA.2040@TK2MSFTNGP14.phx.gbl>, ilovepcbutts1
@withapassion.com says...
> Subject: Re: Have results from Hijackthis. Don't understand them!!! 1st half
> From: Leythos <ilovepcbutts1@withapassion.com>
> Newsgroups: microsoft.public.windowsxp.general

NNTP-Posting-Host: ppp-69-237-53-123.dsl.bkfd14.pacbell.net
69.237.53.123

Please note that PCBUTTS1 is the poster of the above message (the BS
part) using my NickName "Leythos". He posts from the above host, which
you can validate in the Usenet headers, since Microsoft deletes his
posts from their servers due to his lack of ethics, his theft of others
code, and his violations of their Usenet standards.

PCBUTTS1 does not post help unless he can cut/paste it or pilfer it from
another person.


--

spam999free@rrohio.com
remove 999 in order to email me

Thanks. I did not know what to do with the scan results.
Now I have some idea as to where to go
--
StanStan


"Rock" wrote:

> StanStan wrote:
>
> There are specialty forums where you should post a hijackthis log.
> Please don't post them here.
>
> Forums to Interpret HijackThis Logs:
>
> http://www.spywareinfo.com/forums/
> http://forum.aumha.org/viewforum.php?f=30
> http://forums.tomcoyote.org/
> http://www.wilderssecurity.com/
>
> --
> Rock
> MS MVP Windows - Shell/User
>
>

"Leythos" <void@nowhere.lan> wrote in message
news:KR_tf.95118$lh.27703@tornado.ohiordc.rr.com.. .
> In article <#dvhxYzDGHA.2040@TK2MSFTNGP14.phx.gbl>, ilovepcbutts1
> @withapassion.com says...
>> Subject: Re: Have results from Hijackthis. Don't understand them!!! 1st
>> half
>> From: Leythos <ilovepcbutts1@withapassion.com>
>> Newsgroups: microsoft.public.windowsxp.general
>
> NNTP-Posting-Host: ppp-69-237-53-123.dsl.bkfd14.pacbell.net
> 69.237.53.123
>
> Please note that PCBUTTS1 is the poster of the above message (the BS
> part) using my NickName "Leythos". He posts from the above host, which
> you can validate in the Usenet headers, since Microsoft deletes his
> posts from their servers due to his lack of ethics, his theft of others
> code, and his violations of their Usenet standards.
>
> PCBUTTS1 does not post help unless he can cut/paste it or pilfer it from
> another person.
>
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me

It should also be noted that unless you post to a PCBUTTS forged post, it
will not show in your local newsgroup store when you access a post like this
one replying to PCBUTTS, because it was already removed. PCBUTTS has been
banned from this and I don't know what other newsgroup servers, but
definitely this one. He is a liar, plagarizer, and theif of intellecual
properity. I can't believe JPL allows this person to sully their reputation
by allowing and not disavowing any relationship to anyone employed;
consulting or pretending to be a viable alias posting as PCBUTTS.
--
Michael Stevens MS-MVP XP
xpnews@bogusmichaelstevenstech.com
http://www.michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://www.michaelstevenstech.com/ou...snewreader.htm

In article <eBvEAG5DGHA.208@tk2msftngp13.phx.gbl>,
mstevens@bogusmvps.org says...
>
> "Leythos" <void@nowhere.lan> wrote in message
> news:KR_tf.95118$lh.27703@tornado.ohiordc.rr.com.. .
> > In article <#dvhxYzDGHA.2040@TK2MSFTNGP14.phx.gbl>, ilovepcbutts1
> > @withapassion.com says...
> >> Subject: Re: Have results from Hijackthis. Don't understand them!!! 1st
> >> half
> >> From: Leythos <ilovepcbutts1@withapassion.com>
> >> Newsgroups: microsoft.public.windowsxp.general
> >
> > NNTP-Posting-Host: ppp-69-237-53-123.dsl.bkfd14.pacbell.net
> > 69.237.53.123
> >
> > Please note that PCBUTTS1 is the poster of the above message (the BS
> > part) using my NickName "Leythos". He posts from the above host, which
> > you can validate in the Usenet headers, since Microsoft deletes his
> > posts from their servers due to his lack of ethics, his theft of others
> > code, and his violations of their Usenet standards.
> >
> > PCBUTTS1 does not post help unless he can cut/paste it or pilfer it from
> > another person.
> >
>
> It should also be noted that unless you post to a PCBUTTS forged post, it
> will not show in your local newsgroup store when you access a post like this
> one replying to PCBUTTS, because it was already removed. PCBUTTS has been
> banned from this and I don't know what other newsgroup servers, but
> definitely this one. He is a liar, plagarizer, and theif of intellecual
> properity. I can't believe JPL allows this person to sully their reputation
> by allowing and not disavowing any relationship to anyone employed;
> consulting or pretending to be a viable alias posting as PCBUTTS.

Since Usenet servers around the world don't have to honor Cancel
requests, it means that deleting the posts from the MS Usenet server
don't delete them from the rest of the servers in the World. So, since I
don't post through the MS Usenet servers, I use my local Usenet
provider, his posts as well as any others, are carried for X amount of
time, even when deleted from MS Usenet servers - not to mention Google
Groups.

I've wondered about his Contracting company, not just JPL, Lockheed, and
how they allow a supposed IT person to get away with posts from their
networks - I know that we never allow Usenet access from customers
locations (business or government) when we setup firewalls.

--

spam999free@rrohio.com
remove 999 in order to email me

Thanks
I will do just that.
Stan
--
StanStan


"Leythos" wrote:

> In article <9B898E9F-9B23-4A4A-8ED3-EDF97038330A@microsoft.com>,
> StanStan@discussions.microsoft.com says...
> > Subject: Have results from Hijackthis. Don't understand them!!! 1st half
> > From: StanStan <StanStan@discussions.microsoft.com>
> > Newsgroups: microsoft.public.windowsxp.general
>
> Post them to a HIJACK forum, this is a Windows XP forum.
>
> Search google for HIJACK FORUM to learn more.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
>