ran spybot and adaware... here is my log from hijack this... any help is appreciated:
Logfile of HijackThis v1.97.7
Scan saved at 5:48:06 AM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\PAL\KLP\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\MSMGT.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\jfglsuco.exe
C:\Program Files\syslaunch.exe
C:\WINDOWS\System32\fkgqrdze.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Alset\HelpExpress\Keith Jr\HXIUL.EXE
C:\Program Files\Alset\HelpExpress\Keith Jr\Client\HelpExp.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Alset\HelpExpress\Keith Jr\Client\PrintMonitor.exe
C:\WINDOWS\emsw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Keith Jr\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimumonline.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\System32\PAL\KLP\ieguard.dll
O2 - BHO: (no name) - {4A3930E7-CF6C-33C6-CFDA-CC7BFB8C5FF4} - C:\WINDOWS\system32\zpydhkqf.dll
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: (no name) - {559020EC-548B-47EF-A65C-3A7378464184} - C:\WINDOWS\System32\fduser.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [klp] C:\WINDOWS\System32\PAL\KLP\explorer.exe
O4 - HKLM\..\Run: [GLSetIT32] C:\windows\system32\system.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe
O4 - HKLM\..\Run: [gdhrgpkt] C:\WINDOWS\jfglsuco.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [WinFavorites] C:\Program Files\WinFavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [mfdiufcz] C:\WINDOWS\System32\fkgqrdze.exe
O4 - HKLM\..\RunServices: [GLSetIT32] C:\windows\system32\system.exe
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\Keith Jr\HXIUL.EXE
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Keith Jr\Client\HelpExp.exe
O4 - HKCU\..\Run: [emsw.exe] C:\WINDOWS\emsw.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Forbes] C:\Program Files\Forbes\ForbesAlerts.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E85A3822-B5E1-410D-B4F6-0683C06018E0}: NameServer = 152.163.241.134

ALSO---I HAVE 41 PROCESSES WHAT IS THE USUAL AMOUNT?

also anyone w/ info on eblaster from spectorasoft?

hey baymen96,

i gotta ask: did you update and let spybot or ad-aware actually fix any of the problems it detected? sorry, i'm not trying to be a wise guy. please reply.

AOSCLAY

My sentiments exactly; the more info we get; the more we can help!
The more updates you do; the less problems we all end up with.[and you do have a number of probs in this log.]

Also; please download Process Explorer from Sysinternals: you'll need it for this one.
[i think they are up to v8.10]
http://www.sysinternals.com/ntw2k/utilities.shtml
(Aosclay -PE is for shutting down Winfavorites and anything else) -only had a quick look- you take it- it looks like a goodie. Mind if I have a look later?

hey ICEBLUE,

i'll be happy to help baymen96 sort this out, but i would appreciate it if he would try and fix everything he possibly could first. 8 BHOs...I recognize some of them, and i think an updated spybot can clean some of this up.

i'll be happy to take care of the rest. feel free to kick in here. i'm a so-so log reader, and there's stuff in this log i can't identify. we have a couple of good log readers here, but i'm not one of them.

i will admit my mediocrity. :)

AOSCLAY

hey baymen96,

since you haven't responded, i will assume you went elsewhere, or have been busy.

either way, you have a very messy HJT log with a lot to be fixed and dealt with. if you are still around, i would like to help you out, but if you've gone elsewhere, i don't want to waste my time.

reply, stating that you've updated your anti-spyware software, run it, and let it fix problems, if you still want help.

oh, by the way, it looks like you have some variant of the OptixPro Trojan. This is not your only problem.

reply if you want help.

AOSCLAY

look up if you have any Activex Objects in your browser...
they can cuase many problems...
tools > internet options > Temporery internet files > defenitions > objects ….and then remove the objects that are fishy …
It saves tons of problems...

i'm going to do this one for personal education purposes if we don't hear back from baymen96 is a few days.

AOSCLAY

yep, good idea, aosclay.
Sometimes they quietly monitor events waiting for results to try out, and sometimes you see their post in another forum...getting a fix anywhere they can....hmmm....

As an academic exercise, it's an interesting log...lots of bits and pieces...

I'm currently trying to figure out with HXDL and EMSW work hand in hand. Whether or not they do, would you also happen to know where people end up getting these two? I know they're bundled in a lot of software out there, but if you haven't bought any of this software or downloaded it, where else might they come from? EMSW.exe also seems to be causing problems with allowing people to scan from their printero ver a wireless network. any help would be great, thanks.