Please help w/ HiJack Log

Hi

Sorry that is a startup list not a hijackthis log.
-------------------
Important: Create a folder on the C: drive called C:\HJT.
When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.

DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.

Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.

TomCoyote (of http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Spyware Classroom Teaching Assistant at TomCoyotes)
ChrisRLG (Spyware Classroom Teaching Assistant at TomCoyotes)
Yellowhammer (In Training at TomCoyotes)
therock247uk (In Training at TomCoyotes)
irelynmisses (In Training at TomCoyotes)

You could also go to one of the more specalist forums where more experts will be able to help.
http://tomcoyote.org/forums/index.php
http://forums.spywareinfo.com/index.php
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi (Home of Spybot S&D)
http://boards.cexx.org/index.php
Do read the sites FAQ before posting, and advise your problem and what steps you have already done to try to cure your problem.

I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.

Thank you Chris for your reply....  a while back this computer had a virus that kept the Processor @ 100% for periods of time... by reading MANY post from knowledgeable dudes like yourself.... I think I got it out & then installed Norton....  from that point on I "surfed" the net VERY cauiously..... unlike REAL Surfing...

Again thank you for your kind reply in correcting my "log"...  I didn't realize there was a dif in the start up & this "log"

Anyway, below is the result of your direction...  I hope it's correct!

~~Mh

Logfile of HijackThis v1.95.0
Scan saved at 11:09:32 PM, on 2/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\EzButton\CPLBTS88.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\WINDOWS\System32\MAPISP32.EXE
C:\Program Files\AdventPoint Online\dialer.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\System32\WinSysRM.exe
C:\Documents and Settings\KkMH96\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.adventpoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.searchalot.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.adventpoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.searchalot.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.adventpoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=AdventPoint Online
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://rd.yahoo.com/customize/sbcy/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.searchalot.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CPLBTS88] C:\PROGRA~1\EzButton\CPLBTS88.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [WinSysAppMon] C:\WINDOWS\System32\WinSysRM.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - Global Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra 'Tools' menuitem: Free Software Downloads (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Broken Internet access because of LSP provider 'winsysam.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/166d52a3eb3907a4ef06/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.2458333333
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

The version of hijackthis you are using is very old.

You should re download the latest version, it shows more and fixes things better.

You should also put it in a proper folder, backups are saved to that folder so that you can use the restore function if required.
----------------------------
A post of a hijackthis log for the experts to advise - use one of these links to get a copy.
HijackThis From Here 
http://www.aluriasoftware.com/tools/hijackthis.zip
http://www.mjc1.com/mirror/hjt/

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.

DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.

Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.

TomCoyote (of http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Spyware Classroom Teaching Assistant at TomCoyotes)
ChrisRLG (Spyware Classroom Teaching Assistant at TomCoyotes)
Yellowhammer (In Training at TomCoyotes)
therock247uk (In Training at TomCoyotes)
irelynmisses (In Training at TomCoyotes)

You could also go to one of the more specalist forums where more experts will be able to help.
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi (Home of Spybot S&D)
http://boards.cexx.org/index.php
Do read the sites FAQ before posting, and advise your problem and what steps you have already done to try to cure your problem.

I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.

ChrisRLG,  Hello again.... sorry for not getting back sooner... pesty thing called work cuts into my time .....

Anyway, did as directed.... downloaded newer verison.... Unzipped the HJT file into a separate folder(previously I had the zipped file in the folder & was opening & running from that folder) Know JUST the HJT file is in the folder.

Opened HJT, did the fixed checked thing, it created a bunch of "back up" files in the HJT folder, ran scan again, saved the log, notepad opened, Ctl-A (select All) & copied, then clt-v below.

Again, thanks for being patient.... You must get tired of repeating yourself all the time...

Thanks,~Mh

Logfile of HijackThis v1.97.7
Scan saved at 9:44:23 PM, on 2/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\HJT\HijackThis.exe
C:\Program Files\AdventPoint Online\dialer.exe
C:\PROGRA~1\INTERN~1\iexplore.exe

O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Hi

You have not posted the full log, is that just the lines missed from the last one.
If so please re-scan with hijackthis and post a new complete log.

And no - most of my speaches are in a clipboard, cut and paste. Always like helping people get thier machines clean, and then keep them clean.

Hey ChrisRLG,

Sorry 'bout that.... but, that was the entire log after I ran the scan & checked all the boxes & ran fix checked.

This made a back up of everything in the HJT folder.   Then I ran scan again & the result was only what you saw on the last post.  So, what I did this evening was "restore" all these items & run scan again.... save log... this saved the notepad in HJT folder & then I "ctrl-A", ctrl-C & ctrl-V .... what you see below..

I truly hope this helps....

Thank you again!

~Mh

 

Logfile of HijackThis v1.97.7
Scan saved at 8:53:05 PM, on 2/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\EzButton\CPLBTS88.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.adventpoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchalot.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchalot.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adventpoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchalot.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.adventpoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = AdventPoint Online
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcy/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CPLBTS88] C:\PROGRA~1\EzButton\CPLBTS88.EXE
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [WinSysAppMon] C:\WINDOWS\System32\WinSysRM.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - Global Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'winsysam.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/166d52a3eb3907a4ef06/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.2458333333
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked.

All the R0/R1 lines (Including any without file/site names) - except one home and search page that you would like to keep.
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/166d52a3eb3907a4ef06/netzip/RdxIE601.cab

The following activeX controls will reinstall when(and if) you revisit that website, UNLESS you know they are from a safe source, check to remove.
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

Then Reboot to safe mode (F8 on boot) and delete the following files/folders:-

Folder > C:\Program Files\Common Files\CMEII\
File > > C:\WINDOWS\System32\stcloader.exe

Then Reboot and post a fresh log for me to check.

You have two other lines in your log that you may have info on, to help me decide if bad or good, as they are unknown to me or my tools
O4 - HKLM\..\Run: [WinSysAppMon] C:\WINDOWS\System32\WinSysRM.exe
O10 - Broken Internet access because of LSP provider 'winsysam.dll' missing

The last line By The Way should NEVER be fixed with hijackthis, we have special programs to do that if required.
Do you know of these line or a program with thaat name.
This I was able to find on the net but refers to a file WinSysRM.DLL which is not exactly the same so may not be the same program, here is a link to its website, it talks about a program 'home and family'.
http://www.webbalanced.com/TechSupportFAQ.htm#_Toc9925457

Hi Chris.....  Bro it's friday thank God.. Long week today!  Anyway did everything as you lined it out.  The only thing I could not do is delete the FILE>>  C:\Windows\System32\stcloader.exe  IT DID NOT EXIST.....  I even did a search of the complete C: drive for "stcloader" ; "stc".... *.exe..... even made sure I was displaying ALL hidden files & folders.  nod-da..

And yup, your correct the O4 line w/ WinSysRM is for a program from webbalanced.com for an internet filter called Home & Family.  Otherwise below is "new" log after re-boot.....

Gotta go try to solve another hic-up.....  I use MS Outlook 97 for my email, calender, tasks, notes etc.... and strangely... I can recieve emails into Outlook but I can't get any out.... but I can send out thru outlook express w/the same settings..... frustrating  ..... pet peeve.. but I like to use one program for it all... instead of having several programs open & switching between them all.... 

I'll never be able to repay you for your kindness.....  THANK YOU!

~~Mh

Logfile of HijackThis v1.97.7
Scan saved at 7:59:40 PM, on 2/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\EzButton\CPLBTS88.EXE
C:\WINDOWS\System32\WinSysRM.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CPLBTS88] C:\PROGRA~1\EzButton\CPLBTS88.EXE
O4 - HKLM\..\Run: [WinSysAppMon] C:\WINDOWS\System32\WinSysRM.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - Global Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O9 - Extra 'Tools' menuitem: Search the Internet (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'winsysam.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37877.2458333333
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Hi ChrisRLG,

Thank you for checking into the log.... I have  & will again go to your site & do as suggested...

Suppected that the OUTLOOK  I was using was too OLD... and it was "97" does not support some sort of security/authentication... what I figured.  Well as this old "apple" dude gets used to using a PC ...all this stuff is strange... never had any problems w/ the pods etc...  forced to use a PC w/ work

Thank you again!

~Mh

 

Your log is now clean.

Follow the link below to my site, malware section, and install spywareblaster and spywareguard from the links.

Also ie-spyad from here
With all those active you will be safer, do update them periodically.