hi,
before we start i have read everything at top of this forum about what to do before posting hijack logs,and thanks very good information for newbies......ive posted this hijack log as i keep getting screen lockin-up(freezing)not sure what to do now as have done all scans in safeboot too plz can someone look at this...question can you have too many spyware,security programs installed as you will see i have a few.


Logfile of HijackThis v1.99.1
Scan saved at 17:59:44, on 29/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\GhostSecuritySuite\gss.exe
C:\Program Files\GhostSecuritySuite\gss.exe
C:\PROGRA~1\softwin\bitdefender9\bdmcon.exe
C:\progra~1\softwin\bitdefender9\bdnagent.exe
C:\progra~1\softwin\bitdefender9\bdswitch.exe
C:\Program Files\HijackRemote\HijackRemote.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Documents and Settings\david\Start Menu\Programs\Startup\Adobe Gamma Loader.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\AOL\1132495472\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1132495472\ee\AOLServiceHost.exe
c:\program files\common files\aol\1132495472\ee\services\antiSpywareApp\ve r2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1132495472\ee\AOLServiceHost.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GhostSecuritySuite] "C:\Program Files\GhostSecuritySuite\gss.exe" -minimize
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\bitdefender9\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\bitdefender9\bdnagent.exe "
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\bitdefender9\bdswitch.exe "
O4 - HKCU\..\Run: [HijackThisRemote] C:\Program Files\HijackRemote\HijackRemote.exe
O4 - Startup: Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://www.softpedia.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1118661856937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1119345270859
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - America Online, Inc. - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

More than one real-time (RT) moniitor application may not get along well with each other. 'AOL Spyware Protection Service' may be incompatible with TrojanHunter 4.2 Guard.




Furthemore, the following item:

[GHOSTSECURITYSUITE]

is an unfamilar possibly obscure tool that may also be a source of conflict or excessive resource use. Such added tools could result in system freezes.




Disable all but one RT monitor and any extraneous (uncommon) badware tools, and see if things improve. Add back one at a time and see what happens over an elapsed time frame.

Now even more confused can you explain please......according to my log what should be done?thanks

Certain applications actively protect your PC from Malware. If two or more such tools are running, they may conflict with each other. 'AOL Spyware Protection Service' may be incompatible with TrojanHunter 4.2 Guard. Try disabling one while the other is running.



Disable Trojan Hunter Guard:

• Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
• Right click it and select settings. Uncheck "Load at startup" and "Enabled"

Disable all the above when trying to run badware/malware scans since their protection features may not allow certain fixes to be performed (see below).

Consider uninstalling or disabling [GHOSTSECURITYSUITE] unless you know exactly what function it is performing - there is almost no information in Google on this one. It could also be a source of interference.



Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

REBOOT.


Please do an online scan (scan only tool) with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

NOTE:
I see you have loaded HijackRemote. It is a very new tool with serious credibility problems in the eyes of 'expert' reviewers - you cannot trust it to reliably and expertly clean your PC of ALL problems:

A report by wng_z3r0 (Malware Removal University Teacher)
http://spyware-free.us/2006/01/hijackremote.html#links

Why was the help so mediocre? Was it the tool's fault, the helper's, or both?

So: Why did this good idea apparently fail so badly?

hi,done everything you said:

Trojan hunter4.2-uninstalled
Ghostsecuritysuite-disabled temporary-more info you might find interesting on this here:
http://www.ghostsecurity.com/gsshelp/

Ewido log attached
Kaspersky online scanner log attached

hijackremote:i have read your report on this and thanks,interesting to compare results and advice given here(Which for those reading this post,D-A-L is totally reliable+not automated but hands on professional,and very much appreciated.)

look forward to your reply

Attachments do present a little wierd (please post in future):

N u m b e r o f v i r u s e s f o u n d : 1
N u m b e r o f i n f e c t e d o b j e c t s : 4
N u m b e r o f s u s p i c i o u s o b j e c t s : 0
D u r a t i o n o f t h e s c a n p r o c e s s : 4 0 7 3 s e c

I n f e c t e d O b j e c t N a m e - V i r u s N a m e
C : \ D o c u m e n t s a n d S e t t i n g s \ d a v i d \ M y D o c u m e n t s \ P r o g r a m s \ c r a c k - i n f . e x e / s t r e a m / d a t a 0 0 0 1

I n f e c t e d : T r o j a n - C l i c k e r . W i n 3 2 . V B . l a
C : \ D o c u m e n t s a n d S e t t i n g s \ d a v i d \ M y D o c u m e n t s \ P r o g r a m s \ c r a c k - i n f . e x e / s t r e a m

I n f e c t e d : T r o j a n - C l i c k e r . W i n 3 2 . V B . l a
C : \ D o c u m e n t s a n d S e t t i n g s \ d a v i d \ M y D o c u m e n t s \ P r o g r a m s \ c r a c k - i n f . e x e

I n f e c t e d : T r o j a n - C l i c k e r . W i n 3 2 . V B . l a
C : \ D o c u m e n t s a n d S e t t i n g s \ d a v i d \ S t a r t M e n u \ P r o g r a m s \ S t a r t u p \ A d o b e G a m m a L o a d e r . e x e

I n f e c t e d : T r o j a n - C l i c k e r . W i n 3 2 . V B . l a

HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



In SAFE MODE DELETE:

C : \ D o c u m e n t s a n d S e t t i n g s \ d a v i d \ M y D o c u m e n t s \ P r o g r a m s \ c r a c k - i n f . e x e



POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.



Ghostsecuritysuite link:

Appears to have SOME credibility (WildersSecurity) but is nevertheless relatively unknown given a lack of info returned by Google. Then there may be compatibility issues with other running tools. Appears to be a registry defender - other tools may also do the same.

hi, done what you said also loads of scans in safeboot seems to be running fine thanks