Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Breakfastatbouv

53 Posts

38424

December 13th, 2004 00:00

Does my computer still have spyware/virus/adware

i have spybot, adaware 6.0 professional and a virus program, i get many internet errors, slow internet even though i have cable, and i get errors with aim and mirc. I cant connect, recieve, or send a file anywhere. I have windows firewall off and use my routers firewall instead. I have deleted many things that came up when spybot and adaware picked up and i still receive these errors. Can someone please help me. I have called dell on this issue and they said theyd help me for $40 for one question and thats b.s. SO id appreciate any help from you guys. Thanks.
 
 
I get none of these problems on my other computer with the same programs.

Message Edited by Breakfastatbouvres1 on 12-12-2004 08:03 PM

Breakfastatbouv

53 Posts

December 13th, 2004 12:00

Thanks a lot, and heres the log
 
 
Logfile of HijackThis v1.98.2
Scan saved at 7:43:34 AM, on 12/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sean  Parker\My Documents\My Shared Folder\Internet Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21941
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] \\DDTYRG21\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] \\DDTYRG21\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.7.cab

DELL-Chris M

Community Manager

 • 

56.9K Posts

December 13th, 2004 12:00

Breakfastatbouvres1,

The HiJackThis program will "identify" what is going on with your system and help the members of this board identify any spyware or virus threats.

(I) Download HiJackThis
* Go here
* Click Save
* Click Desktop
* Click Save
* Close the internet explorer browser window
* Click Start- My Computer or double click the My Computer icon
* Open Local Disk C
* Click File- New- Folder
* Type HJT [press the ENTER key]
* Move the downloaded hijackthis.exe file into the newly created folder, C:\HJT

(II) Run Disk Cleanup
* Click Start- Run and in the Open box type cleanmgr
* Click OK
* Use the drop down menu arrow to select the drive you want to clean. Usually C:
* Click OK
* Insert a check on everything
* Click OK
* Click Yes

(III)
* Double-click HijackThis.exe from within the C:\HJT folder
* Click Scan
* Click Save log
* Click Desktop
* You should now see an open hijackthis log. Copy this log and post it on the Dell Community Forum Virus board as part of your thread. Do NOT attach your log into someone else's thread

Breakfastatbouv

53 Posts

December 14th, 2004 17:00

i have scanned numerous times with spybot and the same file keeps coming up even after i delete it. I took a screenshot of the problem. This link just shows the picture, there is no virus or anything i promise.

http://up1.fastuploads.info/Spybots_results.JPG

whenever i click "fix these problems" on spybot it says the problems have been fixed but then i search again and the same ones keep poping up. I have no idea what these are. Also adaware doesnt see this file, only spybot does.

CRMARSH

9 Posts

December 14th, 2004 19:00

the answer to your question is no .THE 5 DSO EXPLOIT is an error that shows up in that version of SPYBOT SD...CHET  

Breakfastatbouv

53 Posts

December 14th, 2004 20:00

*hanging on tight* :smileyvery-happy:

zbestwun2001

3 Apprentice

 • 

8.8K Posts

December 14th, 2004 20:00

Ok just hang tight

zbestwun2001

3 Apprentice

 • 

8.8K Posts

December 14th, 2004 20:00

Breakfastatbouvres1

I don't like that O10 entry on your log.
But DON'T do a thing until someone with more experience gets back to you and they will.


Hang tight,
Steve

Message Edited by zbestwun2001 on 12-14-2004 02:22 PM

Breakfastatbouv

53 Posts

December 14th, 2004 20:00

So if i have no spyware, virus, or adware, why is my internet still slow and get errors? And how do i fix those exploits?

Breakfastatbouv

53 Posts

December 14th, 2004 20:00

Ok thanks, the 010 is to "xfire" it is a game messaging program similar to aim.

Midnight Star

4.8K Posts

December 15th, 2004 20:00

Breakfastatbouvres,

First, don't rely on your routers firewall ONLY, for the following reason:

A hardware firewall will stop unsolicited packets the same as a software firewall EXCEPT, a software firewall will let you know when a program is trying to access the internet from your computer (solicited), and will give you the option to 'stop' it, a hardware firewall won't do this. So if a worm is trying to spread across your network, unless your hardware router is configured to block specific ports, it'll break loose. A software firewall will actually pop-up a message and say "DONTLETMEOUT.exe" is trying to access the internet - then just deny it.

-----

I'll be getting to your log here shortly.

Mike.

Midnight Star

4.8K Posts

December 15th, 2004 21:00

Breakfastatbouvres,

It looks like the 'xfire_lsp_10650.dll' is missing and that might be causing the problems your experiencing; maybe AdAware or Spybot removed it. If that file came with a game, you might have to reinstall it. Or, if you know where the .dll was originally on your harddrive, just copy it back out from the diskette that installed it. To be sure that HiJackThis is properly reporting this file as missing, try searching for it.

Otherwise, we might try removing that entry and see if the problem clears up...

-----

Let's see if we can fix this using the a new function of SP2. From a command line, enter:

netsh winsock reset catalog

-----

You should see the following message:

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

Reboot your computer.

-----

Post back a new log.

Mike.

Breakfastatbouv

53 Posts

December 15th, 2004 22:00

Ok after searching for that .dll file, it came up that it is in the c:/windows/sytem32 and i did the "netsh winsock reset catalog" in the "run" and i got no message saying succesful  or need to restart computer.

Midnight Star

4.8K Posts

December 15th, 2004 22:00

Breakfastatbouvres,
 
If you do it from run, the command shell will close before you get a chance to see that message. Try entering "cmd.exe" from run, then entering the command.
 
Mike.
 

Breakfastatbouv

53 Posts

December 15th, 2004 22:00

Ok thanks mike, i restarted my computer and ran Hijackthis, and here is the new log, i deleted some things from the previous one, but just the mcafee (i dont use this virus protection program).

 

Logfile of HijackThis v1.98.2
Scan saved at 5:33:21 PM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sean  Parker\My Documents\My Shared Folder\Internet Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21941
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

and also, i have been getting a "zoo" pop up even when im not in internet explorer, this started 2 days ago. It pops up once a day.

Message Edited by Breakfastatbouvres1 on 12-15-2004 06:40 PM

Midnight Star

4.8K Posts

December 15th, 2004 23:00

Breakfastatbouvres,
 
Is your internet connection still running slow?
 
-----
 
About pop-ups...
 
Try running "Disk Cleanup" and allowing it to remove all it finds; especially temporary internet files and all offline content.
 
Are you running a firewall? If not, let's throw one up. When something asks to access the internet, and you give it permission, if you get a pop-up, that might be the culprit.
 
Have you tried running an online virus scan, just to see if something turns up? or AdAware and Spybot?
 
-----
 
Mike.
 

Was this post helpful?

View All

No Events found!

Top