Cannot access certain websites

November 21, 2005 at 21:20:18
Specs: Windows XP - SP2, Pentium 4 - 3.0gHz

Here is my problem ...

Up until about a week ago, I had no problems with my internet connection. But last week a problem started that is both frustrating and worrying me. I cannot get access to 'Google - Images' directly; I cannot get into my 'hotmail' at all (from home); and it just seems like random websites are blocked. Other websites that I visited regularly before are blocked.

Now for my bigger problem and fear. This problem is not isolated; it effects more than one computer on my network (the problem appears only on random computers as well). And lastly (possibly the cause of my problem), the start of these problems seems to coincide with me connecting a laptop to my network that was infected with the 'W32.Chod.D' worm. My question is, is the virus the casue of my problems (having no evidence of its infection of any computer), and if so, how do I fix the problems.


See More: Cannot access certain websites

Report •


#1
November 21, 2005 at 23:38:36

yes it can be the result of virus or spyware infection.

You need to find proper spyware removal and antivirus programs.
there are more than 350 spyware removers in the market: some of them are really bad and made to deceive you, others are quite good. Some of them are free of charge, some - are not.
Read reviews:
here is the list of good antispyware programs and here is the list of bad programs called corrupt antispyware.


Report •

#2
November 22, 2005 at 05:24:09

That was one detail I left out ...

I have Norton SystemWorks 2004, (Full Version, All Updates Installed) since I can remember buying it and installing it last year.

But I know what you are saying, anti-virus is important, but I have it installed on every machine on my network.

Thanks, but that probably isn't the problem. Any additional advice or things I can check on ?


Report •

#3
November 22, 2005 at 17:14:56

indy5, From these scans we can tell alot more about what is going on with your computer.

Run this free online scan (more virus oriented) from Panda

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it after you run Ewido.

(More spyware oriented)Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into Safe Mode and run Ewido

When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.

Please reboot into normal mode and post the Ewido log and the Panda log.


Report •

Related Solutions

#4
November 22, 2005 at 20:10:15

jabuck, I will run the software you recommended and post it here (within about a day)

Report •

#5
November 23, 2005 at 09:20:59

jabuck, I ran the Panda scan and the Ewido scan. Here are the results:

Panda:

Adware:Adware/IST.ISTBar
Not desinfected
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\Cache\FF986A84d01
Adware:Adware/IST.ISTBar
Not desinfected
C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\BYWFBPCX\toolbar2[1].htm

Ewido:
---- ewido security suite - Scan report ----


+ Created on: 05:22:41, 11/23/2005
+ Report-Checksum: 5060B996

+ Scan result:

HKLM\SOFTWARE\Microsoft\MSXML60\Setup\6.00.3858.0\\Uninstall -> Spyware.VX2 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.27:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.28:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.29:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.32:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.33:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.34:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.40:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.41:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.42:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.54:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.92:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.99:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.100:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.101:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.102:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.104:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.105:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.117:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.119:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.123:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.124:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.125:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.126:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.136:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.137:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.138:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.139:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.140:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.141:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.145:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.146:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.147:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.148:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.150:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.151:C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@news.com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@sel.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@weborama[1].txt -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\9GGJ1TG5\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\TEMP\+++ My Linewire Downloads +++\apps\Emulators (Xbox, PS2, DC, N64, GBA, GB, MAME etc..).zip/Emulator (Xbox,PS2,DC,N64,GBA,GB,MAME.zip/Xbox/xbox_emulator.0.34.exe -> Trojan.XEmu.A : Cleaned with backup


---- ::Report End ----

Hope this means something, because I can't figure it out.


Report •

#6
November 23, 2005 at 16:00:02

Go to start>control panel>add/remove programs>scroll dow the list and look for an entry like or similar to:

istbar

and remove it if found.

Download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.


Report •

#7
November 23, 2005 at 20:29:18

Ok, there is no 'istbar' that I can see on the Add/Remove programs list.

Hijack This Results:

Logfile of HijackThis v1.99.1
Scan saved at 23:20:05, on 11/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /scheduler
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bginfo.lnk = C:\Program Files\Sysinternals\Bginfo.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127856930296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsus---a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Radmin Communication Server (rcomsrv) - Unknown owner - C:\WINDOWS\system32\rcomsrv30\rcomsrv.exe" /service (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

----
Hope this helps ...


Report •

#8
November 23, 2005 at 21:35:00

The log looks clean.

Download ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.

Next while still in safe mode navigate to this file and move it ti the recycle bin:

C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\Cache\FF986A84d01

Run ewido to see if istbar is still shows up.


Report •

#9
November 24, 2005 at 13:07:48

Ok, it seems like most things are working fine - or at least better now (my system used to hang for long periods of time on startup [msg#142954] but it seems to be quicker now) I can access a few more sites then I used to. I still cannot access some webpages, I cannot figure out why.

I could not find 'C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\ihmv6k3c.default\Cache\FF986A84d01' anywhere on my computer.

jabuck, I have to Thank You for your time. Usually I can find and fix problems on my own, but usually the problem is a little more obvious then this.

I am planning on formatting and reinstalling windows. But, I am gunna do it differently next time. I am going to run under resticted user privledges, try to use firefox only and just make sure I have all of the anti-virus and anti-spyware tools mentioned here.
I have 10 or so copies of Ubuntu Linux here, maybe I'll use that instead... I don't know...


Report •


Ask Question