Hi I have the javascript problem
This is the log from Hijackthis, please will someone advise me on what to selete.
Thanks

Logfile of HijackThis v1.97.7
Scan saved at 19:02:37, on 15/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\My Downloads\WinZip\WZQKPICK.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.e xe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVLTMAIN.EXE
C:\MYDOWN~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - Global Startup: WinZip Quick Pick.lnk = C:\My Downloads\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DAF58B-CE62-4F4C-908A-CD9E4967E6A7}: NameServer = 80.189.92.2 80.189.94.2

Looks pretty clean to me. The biggest threat is C:\Program Files\eDonkey2000\edonkey2000.exe (as is any peer to peer service), although I don't see it listed in the registry, only as a running service.

I would try deleting this:
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DAF58B-CE62-4F4C-908A-CD9E4967E6A7}: NameServer = 80.189.92.2 80.189.94.2

and possibly these:
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll

first, i wanna say, i am no expert. take my advice with a grain of salt.

i don't really know what your problem is, but i can give some advice for what i see.

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEwhat is this?


C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Iomega\AutoDisk\ADService.exewhat is this?


C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exedo you really need this to start?


C:\My Downloads\WinZip\WZQKPICK.EXE
C:\MYDOWN~1\WINZIP\winzip32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\My Downloads\WinZip\WZQKPICK.EXEyou don't need winzip starting with the cpu, it'll come on when you need it.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R3 - Default URLSearchHook is missingYou really don't need these. the about blank page suggests a browser hacker though. google BHODemon, and use that.


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupThis is for your video card. DO _N_O_T_ DELETE THIS! you need it.

first, i wanna say, i am no expert. take my advice with a grain of salt.

i don't really know what your problem is, but i can give some advice for what i see.
what is this?


what is this?


do you really need this to start?


you don't need winzip starting with the cpu, it'll come on when you need it.


You really don't need these. the about blank page suggests a browser hacker though. google BHODemon, and use that.


This is for your video card. DO _N_O_T_ DELETE THIS! you need it.
I would suggest you try Google ,
you will find "CDANTSRV.EXE" is 'C-Dilla Ltd / Macrovision'
"\Ulead Systems\DVD\ULCDRSvr.exe" is probably related to above

you find "Iomega" is his Zip drive

"R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R3 - Default URLSearchHook is missing"
that only suggest it hasn't been set or deleted

Do a little research please before suggesting to people to delete or turn-off things without knowing what they are , Ok . :)

Good advice Grandad

Ndraper, you have wintools

C:\WINDOWS\system32\winlogon.exe

you need to get rid of it and edonkey!

the last link in the first post here (http://forums.windrivers.com/showthread.php?t=57348) has a link to removing wintools.

You should read the rest of the post so that you know how to deal with future spyware.

You sure about the wintools Noo? C:\WINDOWS\system32\winlogon.exe is a valid windows system file. I thought it was bad only when not in the system32 directory.

http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm

http://www.liutilities.com/products/wintaskspro/processlibrary/winlogin/

hmmm where is my coffee?

The bad one is winlogin.exe

Well first off GET A BETTER AV god... get Kaspersky its the bests HANDS DOWN. i use kav to test hexing Servers. and Tds-3 is very good for scaning. use google to get them trial

I would suggest you try Google ,
you will find "CDANTSRV.EXE" is 'C-Dilla Ltd / Macrovision'
"\Ulead Systems\DVD\ULCDRSvr.exe" is probably related to above

you find "Iomega" is his Zip drive

Do a little research please before suggesting to people to delete or turn-off things without knowing what they are , Ok . :)

(i erased the middle part, with the start pages)

i never told him to delete those, i said i didn't know what it was,
and said it so that he would look into it, in the event that he didn't
know what it was either.

i'm not mad though, like many people who get oversensitive about
being rebuked, but yea, i could have checked further into
that myself. that is why at the top, i posted that i am not an
expert.

also, my zip drive doesn't show up on my hijack log, and it works fine,
that's why i ask if he needs them there.

(i erased the middle part, with the start pages)

i never told him to delete those, i said i didn't know what it was,
and said it so that he would look into it, in the event that he didn't
know what it was either.

i'm not mad though, like many people who get oversensitive about
being rebuked, but yea, i could have checked further into
that myself. that is why at the top, i posted that i am not an
expert.

also, my zip drive doesn't show up on my hijack log, and it works fine,
that's why i ask if he needs them there.
I understand that . :)

The whole thing is to be careful of what and how you may say or tell somebody to do , many that come here may be a first time PC buyer or user and have no idea of what or how to do something .

I'm no expert either :( and I and others have been asked to be more careful .
so your not the first :D or will be the last one .

Your more than welcome to help around here if you wish to . :thumbs2:

Like they say The more the merry . :thumbs:

I have removed the panda titanium antivirus software, but still am not sure what to delete as I had mixed messages.
Here is the most recent log.
Thanks

Logfile of HijackThis v1.97.7
Scan saved at 20:47:06, on 18/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\My Downloads\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Downloads\Apps\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\My Downloads\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DAF58B-CE62-4F4C-908A-CD9E4967E6A7}: NameServer = 80.189.92.2 80.189.94.2

O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DAF58B-CE62-4F4C-908A-CD9E4967E6A7}: NameServer = 80.189.92.2 80.189.94.2

Is the only one I would get rid of....everything else looks fine.

O17 - HKLM\System\CCS\Services\Tcpip\..\{B7DAF58B-CE62-4F4C-908A-CD9E4967E6A7}: NameServer = 80.189.92.2 80.189.94.2

on an ip lookup, 80.189.92.2 and 80.189.94.2 appears to come from
http://brightview.com/home/index.html . Ndraper, do you know who they are? are they your email company or something?

Yes they are my ISP.

OK, it looks like you are clean...

I cleaned up an XP machine today which also showed clean in hijack this, spybot etc... then I logged in as Administrator instead of the sole user with admin rights -wooohooooo - whole bunch more stuff under the Administrator profile...

This is why you should ALWAYS do this stuff in safe mode, since you get logged in as Administrator.