can I be so bold as to ask for help ?

[Throckmorton3rd]

You guys are amazing, you have answered so many of my questions for me I feel embaresed to ask another question:unsure:..Im still very new to the insides of my computer but lately its been slowing down & doing some wiered things, I've been told I have an infected registry (?) I try to keep my machine as kleen as pos by using "spysweeper", "spyware Doctor", but how many anti virus programs do you need??. Anyway my question is this (it was recomended to me to ask you guys) can you look at my HJT log and tell me just how "sick" my machine is, Please... Again..I realy appreciate all your help.

T.

Logfile of HijackThis v1.98.2

Scan saved at 11:33:25 PM, on 25/10/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\PREVX\Prevx Home\PXAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Money\System\Money Express.exe

C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\PREVX\Prevx Home\SAGUI.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Documents and Settings\Ray Peerless\My Documents\Spyware related\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoal.net.au

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoal.net.au

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [OLE] C:\WINDOWS\svchosts.exe

O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: Prevx Home.lnk = C:\Program Files\PREVX\Prevx Home\SAGUI.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm075XXAU

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{E8607F20-093D-47D7-86AA-BCD23672CF79}: NameServer = 203.194.27.57 203.194.56.150

O20 - AppInit_DLLs: PAVWAIT.DLL

Thank you......

[red_house]

A good start would be to get rid of MyWebSearch - http://www.mac-net.com/445088.page

[Synapse]

Other then the MyWebSearch everything looks Ok..

[gamehead200]

Yup, that looks like the only problem!

Sometimes, it takes me an hour to get rid of everything, because I first start off my figuring out what everything is, then removing and testing. If everything goes well, then you're all set! I actually did one by remote assistance on Friday night!

[Drewdatrip]

Get rid of all your spyware apps and run Spybot search and destroy and Lava Soft's Ad-aware. Keep thos guys uptodate and you will be golden.

As for Virus apps, just run one, using many at one timecan casue issues.

I would reccomend te lates Norton Antivirus or if you can get your hands on their corp and biz version, Symantac Anti virus aka SAV

|Drew|

[red_house]

I second Drewdatrip's post but, I would, also, add "SpywareBlaster" from - http://www.javacoolsoftware.com/spywareblaster.html - it sits in the registry and prevents these suckers from installing themselves in the first place. It need to be updated regularly to be effective.

[redder]

Dude! By the looks of that look you don't appear to have an AV, that's just DANGEROUS using XP, you should consider downloading one of the internet, and a FW would be good too, even if you don't know much about managing which programs should have access to the internet or not, you would at least see which ones are connected and then you could block the ones that are obvious viruses or spyware. Try AVG as an Antivirus, its free. And look for a firewall that would suit your needs, personally i like Agnitum Outpost (free), but many people prefer Kerio Personal Firewall (also free).

[Schadenfroh]

the following is best done in safe mode

O4 - HKCU\..\Run: [OLE] C:\WINDOWS\svchosts.exe

that is not the legit windows file, svchost.exe, the S makes the differance. It is the Backdoor.Zinx Trojan.

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm075XXAU

that is the mywebsearch adware, fix it, then delete its folder

check out the prevention section of my Guide To Malware for tips, info, and links to freeware programs, that can help prevent the infection from happening again.