IE Closes & Products keep being cked to ignore in scan and slow

**j-escalader72** · 2006-10-31, 15:36

Mr Jak,
The regedit went fine to merge.

For HJT, i copied the following line in the delete NT service filename box; C:\WINDOWS\System32\lqxxpw.exe but says 'Service not found in registry. Make sure you entered the sort name of the service.' I didnt do anything in HJT. It did not reboot...... i did scan for new HJT log.

I have no idea about reinstalling the wireless keyboard.
Ill have to wait for my son to come by for that.

thankyou and heres my log.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:49 AM, on 10/31/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (disabled by BHODemon)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (disabled by BHODemon)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRA~1\BELLSO~1\PropelAC.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [BellSouthSyn] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Synchronize
O4 - HKLM\..\Run: [BellSouthScheduler] C:\Program Files\BellSouth\Application Center\BsnAppCenter.exe /Scheduler
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Alarm Clock Icon.lnk.disabled
O4 - Global Startup: America Online 7.0 Tray Icon.lnk.disabled
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: Google Updater.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk.disabled
O4 - Global Startup: ymetray.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll__BHODemonDisabled (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\Program Files\BellSouth\Communications Suite\BstMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://usmilitary.about.com
O15 - Trusted Zone: http://www.la.ngb.army.mil
O15 - Trusted Zone: http://www.armyonesource.com
O15 - Trusted Zone: http://home.bellsouth.net
O15 - Trusted Zone: http://www.juno.com
O15 - Trusted Zone: www.militaryonesource.com
O15 - Trusted Zone: http://www.hotmail.msn.com
O15 - Trusted Zone: groups.msn.com
O15 - Trusted Zone: www.msnusers.com
O15 - Trusted Zone: http://vil.nai.com
O15 - Trusted Zone: *.nextel.com
O15 - Trusted Zone: http://loginnet.passport.com
O15 - Trusted Zone: http://*.subratam.org
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.3.1.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...29/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**Mr_JAk3** · 2006-10-31, 19:34

Hi again

Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.

You can fix the following leftovers with HijackThis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Ohh that was my bad (too many things at the same time), this is how it should be:

Then, open HijackThis.

Open the Misc Tools section
Delete a file on Reboot
Copy the following line to the filename box and press Open; C:\WINDOWS\System32\lqxxpw.exe
Answer Yes to the reboot prompt

The computer will reboot, if not , restart it yourself.

Then you seem to be clean

The first priority is to visit Windows Update and get your system updated
-> At first, install Win XP Service Pack 2 Update
-> Reboot and get back to the Windows Update
-> Install all remaining important updates
(NOTE: You'll propably have to reboot and get back to the update several times before all of them are installed)

Now you can make your hidden files hidden again.

Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

If everything is running ok, please follow these simple steps in order to keep your computer clean and secure:

Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware
Update it and scan your computer regularly with it.
Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein
So how did I get infected in the first place?
Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe

**j-escalader72** · 2006-11-01, 08:57

Hi Mr Jak,

I am rolling right along.......TY

I did Windows XP updates & Installed SP2 with lil problems.

After i DL'ed & installed MS updates & SP 2, I cked 4 times for any additional updates Each time it revealed more updates to DL & install; i think i finally got them all.

Questions.......
1. Is there anything that is not necessary on my puter?; Ill gladly delete it.
2. What is and do I need Spy Sweeper? Should i delete it?
3. Re: HJT, What does it mean my yahoo is ‘disabled by BHODemon’?
4. What are your feelings about IE 7. If so, when should i DL?
5. What is this??? C:\WINDOWS\system32\dla\tfswctrl.exe ?
....Per my Task manager, tfswctrl.exe is very active (sometimes high) on list..
...Thats when my E Drive (cd/dvd) light is lit and I can not shut down.
6. RE: My Zone Alarm,
....How can i chk to see what business that address is? or how do i know if its my puter looking for security updates ?

I received 2 Security alert saying it had

1. blocked internet access to (net bios) from your computer (TCP Flags: S)
Your computer attempted to access file or printer shares on another computer, located at address '2_.2_4._2.5_1'.
(I Changed the numbers that were listed, but it shows address)
2. Your computer attempted to access file or printer shares on another computer, located at address '2_.2_4._2.5_1'.

If "6_6.1_7.2.1_8" (I Changed the numbers, but it shows IP address) is an address or subnet on your local network, you should add it to your Trusted Zone.
If "6_6.1_7.2.1_8" is not on your local network, it is possible that your computer connected to the Internet as part of a network-based attack. Perform an updated anti-virus sweep of your computer.

Thank you for all assistance......
You & the staff are the

(kings) and

(angels).

**j-escalader72** · 2006-11-01, 10:49

Mr Jak,
I am totally confused about the updates for JAVA.
Do i need that update or program?...
I cant figure out which JAVA and how to do the DL?
Something about file size and checking my remaining space or something..... Please help or direct me where to go for this JAVE stuff assistance...
Their page is too confusing for my head.
Thank you so very much,
Jay Escalader

**Mr_JAk3** · 2006-11-01, 11:15

Hi again

If you want, you can download the latest Java (5.0 update 9)

Go to --> Java Runtime Environment (JRE) 5.0 Update 9.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it

Here is information about tfswctrl.exe, LINK
Have you checked for Hewlett Packard homepage for driver updates ?

You can scan your computer with SpySweeper regularly if it is the paid version. If not,you may remove it.

You can download IE 7.0 but I recommend that you use eg FireFox for browsing.

If you're interested in IP adresses, you can find info from here -> DNSstuff
Just copy the adress to the "IPWHOIS Lookup" box and hit "WHOIS"-button.
Don't allow unknown programs to connect the internet or act as servers.

Hope this helps

**j-escalader72** · 2006-11-01, 21:38

Mr Jak,

TY for your great instructions....
I have updated all MS win XP, downloaded & updated JAVA, and Hid my System Files.....all went smoothly.

Prior to my doing a resettting of System Restore, I decided to do scans of Adaware, Spybot S&D, & AVG.

Spybot S&D scan had 13 bugs and I'm unsure what to do about them.
I usually allow it to fix everything but curious if these are needed.
So what should i do with the following results???

Also, in the future, How will i know whether to fix, delete, or ignore cause its needed for my computer operating?

Thank you in advance for all assistance.
Jay Escalader

--- Spybot S&D Search result list ---
WildTangent: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\Program Files\WildTangent\Apps\DRM0302Java.jar...

WildTangent: Program directory (Directory, nothing done)
C:\WINDOWS\wt\

WildTangent: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}

WildTangent: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}

WildTangent: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA

WildTangent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Logger.LogSession

WildTangent: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Logger.LogSession.1

WildTangent: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}

WildTangent: Library (File, nothing done)
C:\WINDOWS\wt\webdriver.dll

WildTangent: Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\

WildTangent: Program directory (Directory, nothing done)
C:\WINDOWS\wt\updater\

WildTangent: Program directory (Directory, nothing done)
C:\WINDOWS\wt\webdriver\

Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

**Mr_JAk3** · 2006-11-02, 11:13

Hi again, nice to hear that everything went smoothly

Then the Spybot log, just checkmark the entries and hit the "Fix selected problems"-button.

Remember that HijackThis creates backups so the cleaning can be reversed if needed...

Also, in the future, How will i know whether to fix, delete, or ignore cause its needed for my computer operating?

Are you speaking from Spybot or generally ?
If the scanners find malware you should clean/quarantine it.
(make sure that backups are created)

If you think that findings are false positives, you need to do some research or eg ask on the forums

**j-escalader72** · 2006-11-04, 13:27

Mr Jak,

Help me!!

I have been experiencing many problems the past few days. I cannot turn off computer without unplugging. I have a frozen ‘my desktop’ screen with no icons or start button and can not proceed to shut down or anything else. I have to unplug computer for a few sec to clear screen and restart.

Possibly, there is a conflict since my DL & installing of XP SP2, Zone alarm, AVG and updates of all my programs. Now, my ‘E’ (CD) drive stays lit almost all the time. I cant shut down my computer unless I unplug. I did have Spybot S&D fix those selected selected problems.

I apologize for any delay in responding to you but I could not get online.
I am so frustrated cause I feel I am digging a bigger hole.
Please HELP me........ and Thank you in advance for any & all assistance.

Ms Jay

**Mr_JAk3** · 2006-11-04, 21:12

Ok, hmm...

Maybe it is best to run a oner more scanner just in case.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

Follow the Instruction Here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

**j-escalader72** · 2006-11-05, 00:56

I just noticed you posted a reply for my next work.

?? I assume you mean for me to close all windows and open IE browser window to DL and do an F-Secure Online Scanner. Ill do that a lil later.

I wanted to show you that i got some bugs again and can't figure out how it happened since i am trying to use only Firefox, DL'ed ZoneAlarm firewall & AVG...... WHY ???? i thought i was gonna be more secure.... so frustrating for me.

Thank you..... Ill do the new scan a lil later cause i need to get out & eat Dinner.
Jan Escalader

___________________________________________________________
---SPYBOT S&D Report generated: 2006-11-04 16:59 ---

WildTangent: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\WINDOWS\wt\webdriver\wtdmmpi.jar...

TelekomBill.Fake: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\cmpid

TelekomBill.Fake: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\h

TelekomBill.Fake: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\kyrpa

TelekomBill.Fake: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\worg

Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)

Thread: IE Closes & Products keep being cked to ignore in scan and slow

Thread Tools

Display

Posting Permissions