hijackthis log...i need help!!!

My IE has been going insane, i need a spyware pro to let me know what to delete from my hijackthis log so i can finally have a working explorer!! i'm goin insane. someone help lucyyyyyyyyyyyyyyyyy.......


Logfile of HijackThis v1.98.2
Scan saved at 1:07:46 AM, on 14/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Alexis\LOCALS~1\Temp\Temporary Directory 1 for hijackthis
[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hippy.com/php/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} -
C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
- C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -
quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no
file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910
-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: JT's Blocks -
http://download.games.yahoo.com/games/clients/y/blt0_x.cab
O16 - DPF: Tornado 21 -
http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Checkers -
http://download.games.yahoo.com/games/clients/y/kt0_x.cab
O16 - DPF: Yahoo! Gin -
http://download.games.yahoo.com/games/clients/y/nt0_x.cab
O16 - DPF: Yahoo! Graffiti -
http://download.games.yahoo.com/games/clients/y/grt3_x.cab
O16 - DPF: Yahoo! Literati -
http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spelldown -
http://download.games.yahoo.com/games/clients/y/sdt0_x.cab
O16 - DPF: Yahoo! Toki Toki Boom -
http://download.games.yahoo.com/games/clients/y/vth_x.cab
O16 - DPF: Yahoo! Word Racer -
http://download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate
Control) - http://www.fmn-
media.com/campaigns/winpl/sites/pops/A001/DNLCertificate.ocx
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -
http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
O16 - DPF: {217234FC-041F-4F27-84AB-8329440C4DED} (Yahoo! Photos Easy
Upload Tool Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3ca.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} -
http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_XP.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
Player) - http://81.216.10.59/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/
QuickTimeInstaller.exe
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} -
http://www.andlotsmore.com/factory/058343ca.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/12156dd1cdee1446cc02/netzip/RdxIE601.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0
_0_0_1.ocx
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} -
http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://64.224.182.95/AxisCamControl.ocx
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player
Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader
Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam
Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl
Class) - http://companion.logitech.com/companion/bin/imvid.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload
Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

 

well teh svc hosts are torjans but deleting them won't get rid of them. im 99 percnet sure spoolsv is junk too cuz i always end task it on my comp with no problems but im no spyware expert.....consider this post a *bump*

 

follow the following suggestions:

http://www.hipforums.com/forums/showthread.php?p=334279#post334279

4th time i've linked back to that post i think......

 

i already ran all that and i havent had a pop up since 1901. The only thing i don't have from the post you made in that thread, was the browser, which i'll consider getting. I know hijackthis gives you the opportunity to delete things that spy bot and adaware don't...I run those daily, None of those will help my current problem though, i just need someone who knows which files to delete off that list i posted....grrr im gonna kill my computer!! CHRIIIIISSSSS i know you're smart. help meeeee!!!

 

seriously. GET FIREFOX. and all your problems drift away...

it imports all your favorites, it's delicious.

 

just a side note: spoolsv has to do with printing, and is NOT spyware.

Just a note on svchost:

Description:
svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

it is NOT spyware either. a virus a little bit ago did exploit it though. that may be where you got that idea. i'll keep reading your list, nothing jumps out just yet.

 

didn't see anything specific. what do you mean "ie going insane"?

 

Hehe sorry I didn't see this thread earlier. Have you run AdAware yet? that should get rid of any spyware crap, and quarantine the stuff that it can't get rid of... Make sure you have SP2 installed, lots of fixes there. If it's anything more than that a up to date virus scan would help... ummm and definatley never use IE!! I could pass a virus through the browser just by having somebody click a link. Use FireFox, tabbed browsing is glorious and no popups!

/This has been a paid advertisement for the Mozilla Corp.

 

O yea, and as far as all the processes that you have posted there, I'm not familiar with a bulk of it. Would need to sit down at your computer or give me remote access

 

I see you have Spybot S&D, it's a good idea to enable 'Tea-Timer' (part of Spybot S&D) as this provides real-time continuous scanning. Another useful scanner with real-time scan capability is Webroot's SpySweeper, I also use Ad-Aware, Bit Defender, Norton Anti-virus and as a Fire Wall I use Zone Alarm.

You may be able to start a thread at the following forum, this also may help.
http://forums.spywareinfo.com/

Make sure you get authoritative advice before deleting programs listed on your log.

BR
ZS

 

spyware blaster is pretty good,

just type in the name to google and download it. update it too