My HijackThis Log- Please help!

Question

I keep getting IE Script errors and also script error: Line 1; Position 0. Computer frequently hangs up and slow. Once on my spyware scan under type it read HIJACK. I don't know what happened to it. Then I noticed some of my settings were changed specifically in my virus, firewall & spyware program. Please help , I really appreciate it.

Here is the Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:44 AM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c12/v16.554/qboax9.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162017664421
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v13.078/qboax8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

1972vet · Answer

It appears that you are running two different firewalls. Running more than one firewall can cause conflicts that might create an unstable environment. It is recommended that you run only one firewall. Please decide which to keep and uninstall the other.

Please uninstall the following software:
MyWay Search Assistant

Click start-->Control panel-->add/remove programs. Scroll down the list to locat the program name and click Remove. Reboot when the uninstall completes.

Your Java application is out of date and causes a slight security risk as a result.
Please follow these steps to remove older version Java components

1. Close any open programs you may have running, especially your web
browser.

2. Click Start-->Control Panel-->Add or Remove Programs.
For those just reading this thread:
Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.

3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.
Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

4. Navigate to and delete:

C:\Program Files\ Java =this folder if found

5. Then go to this page.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"and click the "Download" button to the right.

6. Check the box that says: "Accept License Agreement" the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
Then from your desktop double-click on the executable to install the newest version.

Please run HijackThis again and check the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Close all windows except for HijackThis then click Fix Checked.

Locate and delete the following files/folders indicated in Bold text:
C:\Program Files\ MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

Reboot the computer.

Please perform a scan with F-Secure Online Scanner
Follow the directions in the F-Secure page for proper Installation.
1. Click on the link " F-Secure Online Scanner".
2. You may receive an alert on the address bar at this point to install the ActiveX control.
3. Click on that alert and then click " Insall ActiveX component".
4. Read the license agreement and click " Accept".
5. Click " Custom Scan" and be sure the following are checked:

Scan whole System
Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics

6. When the scan completes, click the " I want to decide item by item" button.7. For each item found, Select " Disinfect" and click " Next".
8. When done, click the " Show Report" button, then copy and paste the entire report into your next reply along with a fresh HijackThis log. Please advise how the computer is running for you now. Thanks!

kwalk205 · Answer

Thanks A bunches 1972VET!

Well here's the update. I followed all instructions to the letter, however I could only locate & fix 1 out of the 4 items you said to locate on the 2nd HiJackThis log which was:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file

** all the others disappeared. Voila!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

**Locate and delete the following files/folders indicated in Bold text:
C:\Program Files\ MyWaySA\SrchAsDe\1.bin\deSrcAs.dll - no where to be found

And when I tried to run "F-Secure Online Scanner" it would not allow me to download. On the user agreement it would only highlight the "reject" button. I'm assumming it was because I have a virus program already on my computer. Should I snooze mine or something so that F- secure can run??

By the way I did revert back to IE6 simply becuase I didn't like its face, I was having these same problems before I went to IE7. Same ole same ole>>

Here is the new HiJack Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:14:38 AM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-5.0.419.0\QOELoader.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\YTBSDK.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAAntiSpyware.exe /scan
O4 - HKLM\..\Run: [capfaem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfaem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-5.0.419.0\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - https://accounting.quickbooks.com/c12/v16.554/qboax9.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162017664421
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c1/v13.078/qboax8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Thank you so much for all your help & knowledge!

Kwalk

1972vet · Answer

Quote:I followed all instructions to the letter, however I could only locate & fix 1 out of the 4 items you said to locate on the 2nd HiJackThis log...MyWaySA\SrchAsDe\1.bin\deSrcAs.dll - no where to be found OK, That's good. It means those items went south when you uninstalled them. Good Work! Quote:when I tried to run 'F-Secure Online Scanner' it would not allow me to download. Did you get the prompt to download the active x? On the user agreement it would only highlight the 'reject' button. That's probably because you didn't download the active x component. If you didn't even get the prompt to download the active x, that may be a different issue entirely. I will wait for your reply to determine how we should proceed next. I'm assumming it was because I have a virus program already on my computer. You could be right...then again it may be something completely innocuous. Should I snooze mine or something so that F- secure can run?? That MAY become necessary, we'll see how you answer my other questions first. Having little experience with the CA eTrust software, this may indeed be interfering. If it is, it would be coming from the HIPS component of their software which would mean this will require some user interaction on your part to either disable this feature or answer 'Yes' to allow the download if indeed you get prompted

kwalk205 · Answer

Ok Great! No I was not prompted to install the activeX. So what happens now? I wonder why?   Thanks, Kwalk

1972vet · Answer

I'd like to get back to the F-Secure scan later but for the time being, let's just bypass the active x issue for now and download a standalone virus scanner and see what we scare up:
Please download:
Dr.Web Cure it.

Please boot into safe mode by doing the following:

Restart your computer
When the first black screen comes up, begin tapping the F8 key repeatedly until you see the "Advanced" log on menu.
Select the first option, to run Windows in Safe Mode.

When you are at the logon prompt, log in as an Administrator
Once in safe mode, continue with the instructions below:

Run a scan with Dr.Web CureIt:

Double-click the drweb-cureit.exe file and Allow it to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, just to the left of the files found you'll see an icon with a Red check mark. click that icon next to the files found then click the icon right below and select Move incurable.
When the scan completes, click file-->save report list from the menu at the top.
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web CureIt.
Reboot back to your Normal User Mode

To scan your computer with the most up-to-date Dr.Web virus signature data base next time you scan, you should download a new Dr.Web CureIt! package. To do this, press the "Update" link on the first utility screen, which leads to the ftp-server where the latest version of CureIt! is located. Download the utility anew and run it again. Be sure to delete the out dated version each time.

Please post back the contents of the log generated during the scan along with a fresh HijackThis log. Thanks!

kwalk205 · Answer

1972 Vet where are you???   I know, I know it's been a couple of weeks and everything ran smoothly for a while, but all of a sudden... I get this:   Script Error Line 1 Position 1

1972vet · Answer

Your log looks fine however, working through a fix solution with the HijackThis forums is akin to reading a book. When you start a thread for your HijackThis log then fail to complete the posted instructions, it's like putting the book down before you finish it. Nobody knows how it turns out.

Many things can happen over time especially when malware has seated itself on your hard drive but it does appear in your case that things turned out ok...I suggest though, you should endeavor to stay with your hjt log and complete the instructions given by the expert who claims it until you're given the okeedokee.

The reasons are many. The volunteers on these various forums help untold numbers of users who DO work with them to completion. When one of us finishes up posting instructions for one member, we then go on to who knows how many more dozens of other users logs...not just here at Dell, but all over the web.

In many of the forums, when a user doesn't respond in a few days, the forum mod will close and lock the thread so it's pretty much a standard practice to just move on when a thread appears to be abandoned. I said all that for your benefit so you can keep an eye on the threads you create...

Now, on to your current issue. The xPopup is a simple alternative to pop-up windows. It uses dynamically created iFrames. There are a couple different types, timed and interval...you've undoubtedly seen them and like the normal pop up window, they too are annoying so the fact that you got the error means the intended pop up didn't work. That's a good thing imho. However, if you want to try a solution you might try this:
Go to IE Tools, Internet Options, Advanced and under the Browsing section:
Add a check next to 'Disable script debugging'
Remove the check next to 'Display a notification about every script error'.
Click on Apply and OK.

The stack overflow error from your description sounds more like a web page error and not a problem on your end. To research and troubleshoot the issue, you can read This article.

kwalk205 · Answer

Thank you so much for being understanding with me and for giving me the ups on the importance of keeping with your thread. BUT, Both buttons you are speaking about are already checked or unchecked. It seems like it ignores me. Also it is slow and always hanging up. Pages do not load fully or take forever. Is there something else that could be wrong? Is it too late for me to go back and pick up on your instructions where I left off? Like downloading the other anti-virus prog since the first wouldn't work??:robotindifferent:   Thanks, KWalk

1972vet · Answer

When was your last cleanup and defrag?

kwalk205 · Answer

As a matter of fact, it was a few days ago. I've been trying to do some research on this ''stack overflow' error. This is very ironic. For the first time today it happened on my laptop??? On my desktop it is at line 95. And lo' and behold on my laptop it pops up at line 105. The only thing they have in comom is they get networked from time to time. As a matter of right before it happened on my laptop. I read that it could mean there is something wrong with the registry?? Do you know anything about this? O no- a doozie.   Thanks, Kwalk

1972vet · Answer

Click start-->My Computer
then right-click on your local C: drive and select Properties. Click the Tools tab then click the Check Now... button. Put a check in both boxes "Automatically fix file system errors" and "Scan for and attempt recovery of bad sectors", then click the Start button. Answer "Yes" to the pop up window that asks "Do you want to schedule this disk check to occur the next time you restart the computer?" Apply it and OK it, then close everything down and reboot the system.

Allow the scans to complete. Upon completion the computer will reboot on it's own. When the computer comes back up, please do the following:

Click start-->Run
then copy and paste the following in the run box then click "OK":
sfc /scannow

Have your Windows XP installation CD handy to insert when prompted. Allow the scan to complete. When it finished, the progress bar will just disappear. Reboot at that time and post back to let us know if you are still having issues. Thanks!

kwalk205 · Answer

Unfortunately I don't have the disk. Dell pre-installed it on my computer as well as my laptop. What to do now?   Kwalk

kwalk205 · Answer

Ok, I did everything except sfc /scannow because I don't have the disk. It read that 'The file is clean'. I'll wait to hear from you as to whether or not it's safe to go any further without having the disk.   Thank you once again for all of your time, Kwalk

1972vet · Answer

Try the operation anyway...let us know if you get prompted to insert your Windows Installation CD. If you do, for the time being, just click cancel and post back to let us know that you eithere WERE or WERE NOT prompted. If you get the prompt to insert the CD, it's a good indication that Windows found some file/s that are either missing or corrupted. If that is the case, there are a couple different work arounds we can explore.

kwalk205 · Answer

ok. I did not get the prompt to insert the cd, but it is doing the same thing. I am getting stack overflow error at line 95. Keeps telling me that a script is trying to run that could cause computer to run very slowly, 'do you want to abort?' I answered yes each time. This occurred after my firewall alerted me that something 'binary'??? from java script was trying to gain access and I allowed it permission. Although the last time it came up I didn't get a message about java needing access. I got a new script error at line 0, position 0. (as if:smileymad: )   Thanks again, kwalk   Did I mention ' Thank You?'

Virus & Spyware

My HijackThis Log- Please help!

Was this post helpful?