hi all, i'm a newbie and this is my first post here
additional infos - i'm desperate and you might need to use the step-by-step-for-dummies way to explain several computer things to me --yeah, i'm that dummy here

here's the thing

when i click on my music file that's using Winamp, it freezes..then i had to close My Computer window by using the Task Manager.
eventually, i found 8 svchost.exe running in the process..4 System, 2 Local service, 2 Network service.
did try to find that thru goggle and found out that some of the svchost.exe can perform as spyware, recommend using Spyeraser to remove it. so I downloaded and did some scanning.
it found some Zonemap/domains..in my registry but couldn't fix it - trial session only

so i decided to remove this Spyeraser from my computer using the Add-or-Remove from control panel. Turned out, i couldn't open it...at all.

story continues...

tried to find some spyware removal from the net and downloaded Adaware and SuperantiSpyware.
ran a full scan -took so long- and turned out, No Threats - thought i saw it scanned thru that zonemap/domains things

I read that Zonemap/domains are supposed to be spyware.

fyi I'm been using ZoneAlarms and Spybot for more than 6 months, used to get hacked before and got my computer formatted, not using any online messenger except Skype -no random chatting-, LAN connection using reuter at home -just the 2 of us.

I'm not using wireless network, but just yesterday detected the available BBuser and got an alert from ZoneAlarm about hijacking possibility.

so, what's wrong ?
Any help will be highly appreciated.
Thanks in advance.

I wouldn't worry about those entries. Zonemap/Domains is related to this key in the registry:

HKEY_CURRENT_USER / SOFTWARE / MICROSOFT / WINDOWS/ CURRENT VERSION / INTERNET SETTINGS / ZONEMAP / DOMAINS

The sites that are listed here are blocked and are most likely placed there by a protection program such as SpywareBlaster or SpyBot. Leave those alone.

I would say that if SuperAntiSpyware didn't find anything, you're OK. If you like you can get a Hijack This Log for us to look at and we can see if there is anything needing attention.

1. Let's get a Hijack This log to analyze.
   • Create a new folder on your desktop and name it HJT.
   • Please follow this link to get Hijack This.
   • Save Hijack This to your newly created folder.
   • Run Hijack This.
   • Click Scan and save log file.
   • Copy the log to this thread.
2. Let's get an Uninstall List from HijackThis:
   • Open HijackThis, click Config, click Misc Tools
   • Click "Open Uninstall Manager"
   • Click "Save List" (generates uninstall_list.txt)
   • Click Save, copy and paste the results in your next post.

Thanks Scott for the detailing instructions..

here's the log file :

C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NMJ_Util.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yu \Desktop\hijackthis1991.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


and the uninstall list

?ETorrent
?l?b?g?}?[?u?? '????'
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0 - Japanese
Adobe Stock Photos 1.0
Agere Systems HDA Modem
ArchiCAD 10 R1 INT
Atomica Deluxe 2.52
AutoCAD 2006 - English
Autodesk DWF Viewer
Bejeweled 2 Deluxe 1.0
Big Money Deluxe 1.22
BJ ?‰?X?^ ?v???“?^
Bonnie's Bookstore Deluxe 1.0
BUFFALO IP?Y’e?†?[?e?B???e?B
Chicken Attack (remove only)
C-Major Audio
DivX Codec 3.1alpha release
DivX Player
DivX Pro Codec Adware
Dynomite Deluxe 2.71
Feeding Frenzy 2 1.0
ffdshow (remove only)
gigabeat P Series Manual
Hidden Expedition Titanic (remove only)
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Huffyuv AVI lossless video codec (Remove Only)
Intel(R) Graphics Media Accelerator Driver for Mobile
J2SE Runtime Environment 5.0 Update 6
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office XP Professional
Morgan Stream Switcher
Mozilla Firefox (1.5.0.10)
Mystery Case Files - Ravenhearst (remove only)
NTI Backup NOW! 3
NTI CD & DVD-Maker Gold
Picasa 2
Pizza Frenzy 1.0
PowerDVD
PowerISO
PowerQuest PartitionMagic 8.0
QuickTime
RealPlayer
SketchUp 4.0
Skype 2.5
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Typer Shark Deluxe 1.02
WIBU-KEY Setup (WIBU-KEY Remove)
Winamp (remove only)
WinASO Registry Optimizer 2.8
Windows Media Format Runtime
Windows Media Player 10
WinPatrol 2007 Restore/Remove First
WinRAR archiver
WinZip
XviD Video Codec 24062003-1 (Koepi's developer build)
Yahoo! Toolbar
ZoneAlarm Security Suite

The header for the Hijack This Log is missing along with a few running processes. Looks like it got cut off. Go ahead and run a new one for me and post it here.

As for the uninstall list, do you see anything in there that you don't recognize? There are several entries with cryllic characters in them:

?ETorrent
?l?b?g?}?[?u?? '????'
BJ ?‰?X?^ ?v???“?^
BUFFALO IP?Y’e?†?[?e?B???e?B


Can you tell me if they are listed that way when you view them in your add/remove programs list? Can you let me know what those characters are?

sorry Scott..
here's the header for the log :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NMJ_Util.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe

as for those 'strange' characters appeared on this screen, guess that's

- Utorrent
- the 2nd one is from online game website -netmarble- ,maybe flash player, as in japanese
- BJ is driver for canon bubble jet, as in japanese
- Buffalo is driver for LAN utility, also in japanese

thanks in advance

Still missing part of it. Should look similar to this:

Logfile of HijackThis v1.99.1
Scan saved at 11:09:37 PM, on 07/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Just post the header in your next reply. In the meantime, I'll get this log reviewed and see what I can find.

dang....missed that part too..
sorry

Logfile of HijackThis v1.99.1
Scan saved at 8:13:14 AM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NMJ_Util.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yu \Desktop\hijackthis1991.exe