Possible Browser Hijacking

I am new here and not very knowledgable about these problems. However, I did have a browser hijacking in the past and think I may have not completely cleared things. Most recently, my ISP connection dialogue box pops up every time I reboot and also what is seemingly at random times. I am not set for autoconnection and there is no actual dialing but I can't find what might be making this happen. Additionally, my browser is getting slower and slower and has long pauses when I try to navigate from one function to another. For example, if I click on my Favorites button or Back list there is often a wait of 15 to 30 seconds before the list appears.

I have run Adaware and SpyBot S&D per the instructions I found on this forum (at https://www.wilderssecurity.com/showthread.php?t=159130)

I'm posting a copy of my Hijack This log in hopes that someone here can help.

Thank you.

Logfile of HijackThis v1.97.7
Scan saved at 8:02:16 AM, on 4/28/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT95.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\EBRR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\3100B\FLATBED.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PROPELAC.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAM FILES\ISP50\BIN\PPSHARED.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\MY DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCONNECT.EXE
C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\WNCSMSERVER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldnet.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\PROGRAM FILES\ISP50\BIN\BANDOBJECT.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [PP3100b] C:\WINDOWS\twain_32\paprport\3100b\flatbed.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\SYSTEM\PPCRunOnce.exe
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PEOPLEPC ACCELERATED\PROPELAC.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SAgent95ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent95.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Dell Home (HKCU)
O9 - Extra button: Netnews (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37956.4350462963
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
O16 - DPF: {D4BC3B10-F024-4EF7-A62C-A298A11B51B5} - http://www.directxtras.com/speaksforitself/download/mstts_Mike.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab

 

Hi Seeks2Know,

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL

O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\PROGRAM FILES\ISP50\BIN\BANDOBJECT.DLL

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab

Then reboot and delete:
C:\PROGRAM FILES\MYWEBSEARCH <= entire folder

Regards,

Pieter

 

Thank you, Pieter. I followed your instructions but when I re-booted I still get the dialup dialogue box. In fact, when I click on cancel it closes then comes up again. The second cancel seems to do the trick at least for the moment. Any other suggestions?

 

In HijackThis click Config > Misc Tools > Generate Startuplist.
This will produce a text file, please post that.

Regards,

Pieter

 

Pieter, Thank you again for your help. The text file is at the end of this message. In the meantime, I have discovered an issue that may or may not be related. I have a sort of a " ghost" folder (my term - I don't know the real name for it) in my c:\Windows\ Temporary Internet Files folder named Content.ie5

When I open Windows Explorer it appears in the list on the left but when I highlight Temporary Internet Files it does not appear in the section on the right. When I highlight Content.ie5 on the left pane, several sub folders (currently 4) and 2individual files (desktop.ini and index.dat) appear in the list on the right. The subfolders have names like SJQT20XB, P5CBBQS8, SA2JSNIE & 43D4YJMD. When I first discovered this Content.ie5 folder it had 32 sub folders plus the 2 individual files and each of the subfolders had 2 to 4 THOUSAND files in it. They appeared to be regular temporary internet files - some old, some current.

I emptied the files from IE Tools which deleted the files in the regular Temporary Internet Files folder but didn't appear to have any effect on the Content.ie5 folder. When attempting to delete the Content.ie5 folder, and/or any of the subfolders to the recycle bin (I'm running Norton System Works 2003), I got a message saying they were system folders and did I really want to delete them. I said yes and it looked as if everything was deleted. I re-booted and confirmed that I could still run without all those files. (whew!) However...... I have now discovered that whenever I open Windows Explorer and look in the Temporary Internet Files folder, my "friend" Content.ie5 is back again but now with only 4 subfolders and the 2 individual files. I tried deleting everything separately but with the same result. Each time I re-open the Temporary Internet Files folder there are 4 more NEW (different names) subfolders. It seems that something is generating new folders and names. The new folders don't have the thousands of files though. They only have one each and the name of each is desktop.ini. I have tried deleting individual files first and then folders as well as emptying the recycle bin and then re-booting but each time I get the same result.

I also discovered, by accident, that if I right click on any file in the lists in Windows Explorer that my ISP dial up dialogue box appears and I have to click on Cancel at least 2 times before I get the correct dialogue box.

Additionally, if I do a file search for index.dat in Windows Explorer it does not find the one in the Content.ie5 folder - it does find 2 files of that name one in c:\WINDOWS\Application Data\Microsoft\Internet Explorer\UserData and one in c:\WINDOWS\Cookies. In the case of desktop.ini it finds 9 files but not the one in Content.ie5. A search for Content.ie5 results in "0 files found & Search complete. No results to display".

In the FYI department... I don't know if it could be related to all of this or not but I did previously have a virus/worm named W32.Opaserv(win.ini). Norton Antivirus discovered it and identified four incidents of it in separate System Backup folders but couldn't delete them for some reason so I deleted them manually and emptied them from the recycle bin. The next scan with updated definitions showed no sign of it or any others.

I hope this isn't too much detail. I am trying to give you enough information to work with.

Here's the startup text file:
StartupList report, 4/29/2004, 12:20:10 PM
StartupList version: 1.52
Started from : C:\WINDOWS\DESKTOP\MY DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT95.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\EBRR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\3100B\FLATBED.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\QUICKENW\QAGENT.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\ISP50\BIN\PPSHARED.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\QUICK VIEW PLUS\PROGRAM\QVP32.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\DESKTOP\MY DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
TCASUTIEXE = TCAUDIAG -off
LoadQM = loadqm.exe
MotiveMonitor = C:\Program Files\Motive\motmon.exe
PP3100b = C:\WINDOWS\twain_32\paprport\3100b\flatbed.exe
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
RxMon = C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
MadExe = C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
Iomega Startup Options = C:\Program Files\Iomega\Common\ImgStart.exe
Iomega Drive Icons = C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
QAGENT = C:\QUICKENW\QAGENT.EXE
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
Bart Station = C:\Program Files\ISP50\hta\station.sbrt
PPCRunonce = C:\WINDOWS\SYSTEM\PPCRunOnce.exe
Speed racer = C:\Program Files\Creative\PlayCenter\CTSRReg.exe
AudioHQ = C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
QD FastAndSafe = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
devldr16.exe = C:\WINDOWS\SYSTEM\devldr16.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
SchedulingAgent = mstask.exe
CSINJECT.EXE = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE
SAgent95ExePath = C:\Program Files\Common Files\EPSON\EBAPI\SAgent95.exe
GhostStartService = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PPWebCap = C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 28/4/2004, 7:38:3

[Rename]
NUL=c:\windows\favorites\at&t\at&t worldnet service favorites\leisure\music and cd guide.url
NUL=c:\windows\favorites\links\free aol & unlimited internet.url
NUL=c:\windows\favorites\free aol & unlimited internet.url
NUL=d:\hival_e\downloads\bbsetuphom.exe
NUL=c:\windows\cookies\default@ehg-peoplepc.hitbox[1].txt
NUL=c:\windows\cookies\default@hitbox[1].txt

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL - {0F660F64-F4C9-477F-8529-44181B717472}
CCHelper - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL - {0CF0B8EE-6596-11D5-A98E-0003470BB48E}
NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Norton SystemWorks One Button Checkup.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Sol Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SOL.OCX
CODEBASE = http://mirror.worldwinner.com/games/v40/sol/sol.cab

[DepHlp Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DEPHLP.OCX
CODEBASE = http://www.worldwinner.com/games/shared/dephlp.cab

[Brxpdf5 Control]
InProcServer32 = C:\WINDOWS\SYSTEM\BRXPDF5.OCX
CODEBASE = http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab

[ContentAuditX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONTEN~1.OCX
CODEBASE = http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37956.4350462963

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[dldisplay Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\GHDLCTL.DLL
CODEBASE = http://www.gamehouse.com/ghdlctl.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe

[DmiReader Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SYSPROFLCD.DLL
CODEBASE = http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB

[EPSImageControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\EPSCONTROL.DLL
CODEBASE = http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

[SpeechControl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SPEECH~1.DLL
CODEBASE = http://www.directxtras.com/speaksforitself/download/speechplugin.cab

[{D4BC3B10-F024-4EF7-A62C-A298A11B51B5}]
CODEBASE = http://www.directxtras.com/speaksforitself/download/mstts_Mike.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SYMADATA.DLL
CODEBASE = http://www.symantec.com/techsupp/activedata/SymAData.dll

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ACTIVEDATA.DLL
CODEBASE = http://www.symantec.com/techsupp/activedata/ActiveData.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
End of report, 10,994 bytes
Report generated in 0.314 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Just checking to be sure this message didn't get lost in cyber-space.

 

Hi Seeks2Know

Most of the experts live in different time zones(fast asleep now) so it could take a few hours to get a response.


snowbound

 

Thanks, Snowbound! I guess I just got a bit spoiled with the rapid responses. I am new here and don't know yet just what to expect in the way of responses. My last response to the original inquiry was yesterday and I was afraid my thread had gotten lost in cyberspace.

 

Hi Seeks2Know,

Can you find this file:
C:\WINDOWS\SYSTEM\PPCRunOnce.exe
rightclick it and check under Properties > version tab what you can find out about it's origin.

Regards,

Pieter

 

Thanks again for your help. Yes, I did find that file.

Info from the General Tab:
Size: 24.0 KB (24,576 bytes)
Size on Disk: 32.0 KB (32,768 bytes)
Created: Tuesday, November 25, 2003, 1:53.28 PM
Modified: Tuesday, November 25, 2003, 1:53.28 PM
Accessed: Today, April 30, 2004
Attributes: only Archive is checked

Info from Version Tab:
File Version: 5.5.3.3
Description: PPCRunonce Module
Copyright: Copyright 2003 PeoplePC

Here is the info listed under "Other version information"

Comments I
Company Name (
File Version Description 5, 5, 3, 3
Internal Name PPCRunonce
Language English (United States)
Legal Trademarks I
OLESelfRegister (
Original Filename PPCRunonce.EXE
Private Build Description $
Product Name PPCRunonce Module
Product Version 5, 0, 0, 0
Special Build Description $

 

That sounds like it could be a cause for the behaviour and it does not look vital to me.

Have it fixed and reboot. If it turns out you need it after all: in HijackThis click Config > Backups
Select the one you want to restore and cllick the Restore button

Regards,

Pieter

 

Thanks once again! I fixed that file and did not need to restore it. However, I am still getting the ISP dialogue box poppoing up at inappropriate times and the "Content.ie5" folder is still reappearing everytime I reopen Windows Explorer. The only new thing of note is that yesterday as I was opening Windows Explorere I got a message from NAV alerting me that there was "virus like activity" and that Windows Explorer was attempting to write to the boot sector. I selected "exclude" and haven't gotten any further such notices. I did a full scan with NAV plus an online scan with House Call. Both show no infections. I re-ran Adaware and SpyBot S&D, rebooted and then ran HighJack This. Here is the latest log.

Logfile of HijackThis v1.97.7
Scan saved at 11:49:19 PM, on 4/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT95.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\EBRR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\3100B\FLATBED.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\QUICKENW\QAGENT.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\ISP50\BIN\PPSHARED.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\QUICK VIEW PLUS\PROGRAM\QVP32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\MY DOWNLOADS\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {0F660F64-F4C9-477F-8529-44181B717472} - C:\PROGRAM FILES\AT&T\WNCLIENT\PROGRAMS\CSMBHO.DLL
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [PP3100b] C:\WINDOWS\twain_32\paprport\3100b\flatbed.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [MadExe] C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\QDCSFS.exe /scheduler
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SAgent95ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent95.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\SCANSOFT\PAPERP~1\PPWebCap.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AnyWho (HKLM)
O9 - Extra button: Dell Home (HKCU)
O9 - Extra button: Netnews (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://mirror.worldwinner.com/games/v40/sol/sol.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://www.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37956.4350462963
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell.com/us/en/systemprofiler/SysProfLCD.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
O16 - DPF: {D4BC3B10-F024-4EF7-A62C-A298A11B51B5} - http://www.directxtras.com/speaksforitself/download/mstts_Mike.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab

 

Addendum: I just tried to open a PDF file and got a message that the Adobe Reader file is damaged and can't be repaired. Could this all be related? I still feel something not so good is lurching around my files even though the virus scanners see nothing.
On the Good News side of things, I have far fewer hangs and delays in navigating around my computer so there is some progress and I am grateful for it!

 

Addendum #2: Now my IE Browser window has started randomly minimizing itself. Is there something else I need to do? I installed Zone Alert but I don't know what most of the programs are so it is a hit and miss until I learn more about what is ok and what is bad. Am I still in the right forum? I really don't know much about any of this stuff. 8-(
Thank you again for all of your help.
Seeks2Know

 

I don't wish to appear impatient but I'm still waiting for a response to my inquiry dated 5/1. Based on the other posts there doesn't seem to usually be that much of a turnaround time. Is there a problem with my posts?
Trying to learn my way around here.....
Seeks2Know

 

There is no problem with your posting except you probably bumped it just when someone was working his way back.

Anyway, your log is clean.
First thing I would try in your case is to repair IE.

You can start a thread about your firewall settings in the Other firewalls forum : https://www.wilderssecurity.com/forumdisplay.php?f=31

Regards,

Pieter