Post by: Roxy on January 02, 2006, 04:49:00 PM
Here's my post below (edited slightly from what I posted on aol) showing all of my problems!
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> /blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> /mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' /> _________________________________________________________________
Hi-
I've gotten into quite a mess recently.
I got a new computer because my last one, which was only a couple of years old, just completely died. (I mention that because I just don't know if I had gotten something then.)
Anyway, I have had problems with this computer since I got it. I hate it but fell for the sales pitch by the guy (and I thought I was pretty smart!) This guy was into computer games, so I should have talked with someone who would sell me something for me...but I bought the computer he recommended: It has an AMD Athlon 64 3400+ processor, Windows XP Media Edition (which I hate....and NEVER use and DON'T need!!) It's supposed to have 512 MB of RAM, but there is never more than 300-something available. The computer has been crashing since I got it....several times a day. The page just goes white, or white with pretty stripes on it, and I have to turn the power-strip off and on again. I thought it was just because there was so much crap loaded on it and I kept trying to play with it, and then I thought it was adware and kept running scans. All this, while working and traveling...thinking I should just take it back....and then before I know it - 5 months had gone by. So now I don't know if they'll even take it back.
OK.so...I had problems too, fromt the beginning with the AV (they had Norton preloaded) but then seemed to get that working. Then all of a sudden it wouldn't update. Then it wouldn't let me open the AV. Then my trojan remover wouldn't work. The story could be longer and longer, but here's the scoop now:
No AV, many things that won't open, when I try to run online scans it crashes, etc. I downloaded this "SpeedUpMyPC" thing, which has a crash recovery on it and everytime I try to do something (like order online AV software) as soon as I start typing in my name the crash recovery starts running. It's already done it twice since I've been typing this email. (In other words, something wants to crash my computer so I can't fix it.) I finally got to update my Adaware and ran it in safe-mode and it showed I had a keylogger. I deleted that. But I'm thinking it must still be there....or there are more keyloggers.
Then last night I bought Defender-Pro 15-in-1 (I had wanted to get rid of the resource hogging Norton/Symantec and didn't want McAffee again as I had problems with that years ago.) I knew I needed to download and run it in safemode because something is disabling all my AV and sypware stuff when the computer is on. But the damn thing won't let me complete the download in safe-mode. The other components will, but the AV wants to access it's website for something, and in safe-mode I'm not connected!
So then I downloaded several things last night (I've been up ALL night) and ran them in safe mode. Only 1 would actually take out the sypware it found....all the others (and each anti-spyware found different spyware/trojans) wanted to access their website, or said I'd have to purchase it first!!! AARRGGHH!!!!! So all of these things are still on my computer!
Now, remember, I cannot run any online scans! I have no AV on my computer at all cuz I took out all the Norton to download the Defender (not that the Norton worked anymore anyway....because it didn't. Whatever is on my computer disabled it and it couldn't open in safe-mode either....because it was "damaged" or something like that.)
One of the ones I downloaded was the "E-scan" and when run in safe-mode it said I have 8 viruses and 158 errors. But I have to purchase it in order for it to remove them!!! (Also remember that I can't do that because whatever is on my computer won't let me do that!)
OK, so I go to the Kaspersky site and it says I can download, and actually use, the software on a 30-day trial. So I do that. But it wants to email me the software. When it asks for my name and email address....as soon as I start to put that in the computer tries to crash...everytime. But then my "SpeedUpMyPC" saves it with crash-recovery (it just tried to crash again!) and then I finish entering my info. I hit verify...it says it's emailed it to me...and then I get nothing. I've done it 3 times. Whatever is on my computer is not letting me get the email!
What can I do now?! I need to be able to download an AV to my computer and then go into safe-mode where I can install it, run it, and fix whatever is wrong.
(It just tried to crash again!!) Can someone PLEASE help me! I will keep checking here if this virus, trojan or keylogger will let me (well, I guess there are several...I just don't know what they are!) I'm getting a little freaked and paranoid by all of this!!!
By the way, I need my computer big-time for work tonight, so any immediate responses would be oh-so-appreciated!!! Thanks!
Roxy
Post by: guestolo on January 02, 2006, 04:53:03 PM
Hijackthis 1.99.1
Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A text file will open
copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important
Post by: Roxy on January 02, 2006, 05:04:35 PM
Also, I do have a couple of the logs from the scans I ran last night (spyware and the av "E-scan" if you want to see those.)
Thanks![/color]
Logfile of HijackThis v1.99.1
Scan saved at 4:00:00 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6D8AD7BA-BC2B-4F2D-B8A4-5EE51D1D5CF8}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Post by: guestolo on January 02, 2006, 05:10:45 PM
Quote
Also, I do have a couple of the logs from the scans I ran last night (spyware and the av "E-scan" if you want to see those
Yes, go ahead and post them
Spyware>>Do you mean SpySweeper?
If the logs are long, it may take a few replies to post it all, but please try and post it all
Post by: Roxy on January 02, 2006, 05:54:49 PM
/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' /> Would you like me to go into safe mode and try to run these scans again and then post them right away...before they disappear!!
I did write a couple down -
Defender found "e-surveiller"
Spybot found "coolwwwsearch" (but then crashed before it could finish)
SpySweeper found several things, one of them was something called a "web dialect toolbar" and (yes, I actually wrote this one down....and then decided that was crazy, I'd just copy and save it!) was:
HKLM\software\microsoft\windows\urrentversion\explorer\browserhelperobjects\{c68ae9c0-0909-4ddc-b661-c1afb9f59e53}
Somebody else found something that started:
i386\apps\app19735\src\install\....
but then I decided to save that one too.
And then "E-scan" found a whole bunch of stuff. It said it scanned 99306 files, there were a total of 8 viruses, 0 were disinfected, deleted or renamed (because I'd have to buy it....and I was in safe mode with no internet connection) and it said there were 158 errors. There were a whole bunch of things listed, some it said was adware, some looked like browser hijackers or something, and then a bunch of stuff....but I tried to save it and couldn't as it wouldn't let me.
Any suggestions?
Oh, and I also remember that E-scan said on several things it had listed something like:
Probably password protected
I remember because I wasn't sure what that meant.
Post by: guestolo on January 02, 2006, 05:59:41 PM
Don't run it yet
Can you make a new text file on your desktop please
Right click an empty spot on your desktop and select NEW>>Text Document
Name it escan.txt
This is where you can save the results
Download eScan again, I want to make sure it is right up to date
Mwav.exe (http://\"ftp://ftp.microworldsystems.com/download/tools/mwav.exe\")
There's nothing to install, save it
Don't run it yet
Reboot in safe mode
Run CWShredder.exe and click the FIX button
and let it fix whatever it finds
Double click on Mwav.exe
In eScan
Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
Give this scan time to finish, it's very thorough
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane--- Use "CTRL and the C" keys on your Keyboard to copy all found in the lower pane
Paste that info to escan.txt
****If prompted that a Virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are
Reboot back to Normal mode
Post a fresh hijackthis log and the results from eScan.txt
Post by: Roxy on January 02, 2006, 06:08:09 PM
I will take your advice, do as you suggest, and will post again in a few hours when the scan is done.
Thank you so much for helping me!
Post by: Roxy on January 02, 2006, 06:38:15 PM
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> Oops. I've got a question. After I went into safe mode, I "came back out" to ask you if I should turn off my system restore or not. I know that I've read that viruses could "hide" in there, but I was afraid to shut it off in case I need to go back.
I forgot to ask you before.
/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> I'll wait a about 5 or 10 minutes to see if you see this post to respond and then if I don't hear from you, I'll just go ahead and scan without turning it off....as you didn't mention that anyway.
Let me know, though, if you do see this.
Thanks!
Post by: guestolo on January 02, 2006, 06:41:21 PM
With it off we have nothing to fall back on
Post by: Roxy on January 02, 2006, 06:46:53 PM
thanks for responding quickly. I'm off to safe-mode land.......
Post by: Roxy on January 03, 2006, 02:23:29 AM
Wow...it's 1:05am and I'm finally back.
I ran the CWShredder as you said, but it said I did not have coolwebsearch (or whatever it's called.) I did have it before (I think Spybot found it...or somebody did...and they must have deleted it.) Anyway, because nothing else has changed because it found nothing, I did not run another hijack this scan because it will look the same as it did before.
And I ran the 3 1/2 (or longer) eScan, but I could not copy and paste it as you had wanted me to. I used the CTRL & C too as you suggested. I tried all kinds of things. What I ended up doing was using my UltraSnap to take pictures of it, and paste it into a document. I couldn't paste it the text file that you had wanted me to as it wouldn't paste right. AND...one other thing (this will get even crazier) when that lower pane is showing, only 1/2 of the line (6 lines at a time) shows so I had to snap a shot of the first 1/2 of 6 lines, then move it over and copy the second 1/2 of those 6 lines, and then move down to the next 6 lines and do it again. (I hope you understand what I'm trying to explain.) You will see on the VERY LONG document that I'm going to post, that there is a "1" (those first lines I could get all of in the shot) and then there's "2a", "2b"; "3a", "3b"; etc. Those are the 2 halves of each set of lines. Sorry...it was the best I could do.
I also ran one of the spyidentifier's that I had downloaded last night and will post what I copied and pasted from that scan.
I'll post the CWShredder logfile too.
I'll do that in 3 separate posts on this string...hope that's ok.
Please let me know as soon as you have some advice for me on what to do with this mess!!!
Did you get any info from the first hijack-this log I posted?
OK....scan results/logs to follow........
OK, this is what SpySweeper found.......
12:04 AM: | Start of Session, Tuesday, January 03, 2006 |
12:04 AM: Spy Sweeper started
12:04 AM: Sweep initiated using definitions version 556
12:04 AM: Starting Memory Sweep
12:05 AM: Memory Sweep Complete, Elapsed Time: 00:01:37
12:05 AM: Starting Registry Sweep
12:05 AM: Found Adware: web dialect toolbar
12:05 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae53}\ (1 subtraces) (ID = 146237)
12:05 AM: Found Adware: adcom
12:05 AM: HKCR\clsid\{83ec9074-6cba-43e8-b7e0-6a3809c4a958}\ (12 subtraces) (ID = 861285)
12:05 AM: HKCR\clsid\{93f764ac-24d1-484f-92ea-3c84e31cdf72}\ (12 subtraces) (ID = 861315)
12:05 AM: HKCR\clsid\{d360501e-dc73-4de6-a61c-21925aed7835}\ (12 subtraces) (ID = 861344)
12:05 AM: HKCR\clsid\{f9668ada-fc6b-47f4-8381-de861dba5115}\ (12 subtraces) (ID = 861407)
12:05 AM: HKLM\software\classes\clsid\{83ec9074-6cba-43e8-b7e0-6a3809c4a958}\ (12 subtraces) (ID = 861629)
12:05 AM: HKLM\software\classes\clsid\{93f764ac-24d1-484f-92ea-3c84e31cdf72}\ (12 subtraces) (ID = 861659)
12:05 AM: HKLM\software\classes\clsid\{d360501e-dc73-4de6-a61c-21925aed7835}\ (12 subtraces) (ID = 861688)
12:05 AM: HKLM\software\classes\clsid\{f9668ada-fc6b-47f4-8381-de861dba5115}\ (12 subtraces) (ID = 861751)
12:06 AM: Registry Sweep Complete, Elapsed Time:00:00:12
12:06 AM: Starting Cookie Sweep
12:06 AM: Found Spy Cookie: 2o7.net cookie
12:06 AM: hp_administrator@2o7[1].txt (ID = 1957)
12:06 AM: Found Spy Cookie: adknowledge cookie
12:06 AM: hp_administrator@adknowledge[1].txt (ID = 2072)
12:06 AM: Found Spy Cookie: advertising cookie
12:06 AM: hp_administrator@advertising[2].txt (ID = 2175)
12:06 AM: Found Spy Cookie: apmebf cookie
12:06 AM: hp_administrator@apmebf[2].txt (ID = 2229)
12:06 AM: Found Spy Cookie: ask cookie
12:06 AM: hp_administrator@ask[1].txt (ID = 2245)
12:06 AM: Found Spy Cookie: atlas dmt cookie
12:06 AM: hp_administrator@atdmt[2].txt (ID = 2253)
12:06 AM: Found Spy Cookie: atwola cookie
12:06 AM: hp_administrator@atwola[1].txt (ID = 2255)
12:06 AM: Found Spy Cookie: burstnet cookie
12:06 AM: hp_administrator@burstnet[2].txt (ID = 2336)
12:06 AM: Found Spy Cookie: casalemedia cookie
12:06 AM: hp_administrator@casalemedia[2].txt (ID = 2354)
12:06 AM: Found Spy Cookie: ru4 cookie
12:06 AM: [email protected][2].txt (ID = 3269)
12:06 AM: Found Spy Cookie: qksrv cookie
12:06 AM: hp_administrator@qksrv[2].txt (ID = 3213)
12:06 AM: Found Spy Cookie: questionmarket cookie
12:06 AM: hp_administrator@questionmarket[1].txt (ID = 3217)
12:06 AM: Found Spy Cookie: tribalfusion cookie
12:06 AM: hp_administrator@tribalfusion[2].txt (ID = 3589)
12:06 AM: Cookie Sweep Complete, Elapsed Time: 00:00:11
12:06 AM: Starting File Sweep
12:20 AM: File Sweep Complete, Elapsed Time: 00:14:25
12:20 AM: Full Sweep has completed. Elapsed time 00:16:35
12:20 AM: Traces Found: 119
Post by: guestolo on January 03, 2006, 02:24:26 AM
Can you do the following after you post those logs please
I won't see the outcome till tomorrow
Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper: Do any that applies
Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
==Download and Install
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run this yet,
Download and then Install
Ewido anti-malware 3.5 (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode
Reboot into safe mode
=Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
Remain in safe mode
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Note: As Ewido is running, don't open any other windows
Reboot back to Normal mode
Can you post back the following please
1. Post back a fresh hijackthis log
2. Post the whole contents of the Ewido report
Post by: Roxy on January 03, 2006, 02:45:13 AM
Anyway, I printed out your post and will do as instructed. I'll post again tomorrow (or later today, I should say) after I done that.
Also, here's the results from the eScan below. I hope it's not too confusing!
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Shoot! It won't paste right here either. Can I attach the document to this post? Let me try that:
Well it looks like it. I'll try to send it and we'll see what happens!
/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' /> WELL...looks like the attachment is too big. (It's 8 pages.) I'll try to cut it in half and send it.
OK, that didn't work. I'll try to break it up into 3 parts!!!
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />Be sure to notice, if you didn't already, that the SpySweeper results ended up going into my post that posted to the board before your response! I don't know how it did that, but please note that it's in #11 post.
And I don't normally have that on my computer so it's not a problem at all to disable. I've usually only used SpyBot and Adaware.
I just downloaded a whole bunch of stuff in the past couple of days trying to do scans and see what's going on with my computer. But now I'm here and I just know that you'll help me figure it out!!
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: Roxy on January 03, 2006, 03:09:09 AM
Arrgghh!!!!!!!! It still is saying it's too big!!
Let me see what else I can do....
Well I THINK it went through....(the first of 3 parts) because I didn't get a message telling me that it couldn't. but I don't know where it shows up that I've attached something. Oh well. I'm going to send this post and see if it worked before I do the other two!
/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />
Post by: Roxy on January 03, 2006, 03:22:38 AM
You'll have to let me know how to get these eScan results to you. I don't see an attachment on my post.
If you've got any ideas, then let me know!
More later..............
Post by: Roxy on January 03, 2006, 02:49:48 PM
I ran the cleanup! and holy cow! I thought I WAS cleaning out all of my temp files regularly! That scan said it deleted 4511 files (most looked to be temp files) and it said it freed up almost 1.4 GB! Wow! I'm definitely keeping that on my computer. How often can I run that? (I want to delete/remove a bunch of the other stuff - like all of the AV and spyware scanners that I downloaded recently. I want one AV on my computer and will either use the defender firewall or ZA. I'm hoping you will also help me with all of that after we get my computer fixed and cleaned up.)
OK.....Below is my fresh hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:37:27 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I'll send the Ewido report in another post. (Let me know how you want me to send you the eScan.)
Here is my Ewido report, as requested. I will now wait to hear from you.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:29:49 PM, 1/3/2006
+ Report-Checksum: D294CBD4
+ Scan result:
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc100.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc187.txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc189.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc19.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc190.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc191.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc192.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc194.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc197.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc198.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc199.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc29.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc34.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc35.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc39.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc41.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc52.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc54.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc74.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc80.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc89.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
::Report End
Post by: Roxy on January 03, 2006, 08:59:57 PM
I'm not on the 2nd or 3rd page yet, but I just wanted to bump up as I'm just in limbo on some work stuff until I get my computer fixed. And I'm hoping that you'll be able to respond to my posts from last night and earlier today this evening so that I can start working on whatever you advise me to do, and maybe...hopefully...get this thing fixed tonight.
And you may have been planning to.....I just wanted to remind you about me.
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' /> Kind of like a "please, please, pick me, pick me!"
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Thanks for all of your help!
Post by: guestolo on January 03, 2006, 09:21:41 PM
I want you to hold onto that please
Hold onto Ewido and cleanup!
If you have Ad-Aware SE Personal installed hold onto it also
I think your having other problems with other Firewalls and Virus scanners
Zone Alarm has a good reputation,
In honesty I have never used Defender Pro
What we need you to do next is get you down to only using on AV and one Firewall
This includes the Firewall built into XP
What do you have installed from Panda's
Did you completely uninstall Nortons' ?
You may be getting conflicts from all these running at the same time
Remember, Have only one AV running and one Firewall, then we'll go from there
Disable the others completely or uninstall them please
Post by: Roxy on January 03, 2006, 10:13:37 PM
That certainly wasn't causing the problems I've been experiencing as they were happening before I installed that stuff. I have, for a long time, only run Norton AV (and would occasionally do an online scan) and I've had spybot, Ad-Aware SE and Zone Alarm. But my computer has been crashing and all of the RAM is being used up. Someone had suggested, and I noticed, that Norton and Symantec uses a lot of RAM. Also.....with Norton and ZA....I got the stuff that is on my computer now!......or has recently been deleted from my computer.
I started to download Panda....just 2 days ago because I was trying to find an AV that I could run in safemode that would let me fix whatever it found. But I didn't finish with it, so it only half-installed, I guess.
I think I completely uninstalled.....I used uninstall in add/remove, and tried to delete any files I found with Norton or Symantec.
Did you not find anything in my hijackthis log? You didn't comment.
I still don't know if it's safe to try and run my virus scan. The one scan, eScan (that I can't copy here into the post, and which attachment that I split in FOUR, and it still says is too big) said that I have 8 viruses. But I can't get that to you (unless I can email it) and I have not yet deleted these....whatever they are.
My trojanremover was disabled and didn't work, my Norton's didn't work, etc. My computer keeps "crashing" down to a frozen (can't do anything else but unplug and replug) into a white screen....or a white screen with stripes. Any online scan I attempt doesn't work because my computer freezes up in the middle.
Since I installed SpeedUpMyPC about 1 1/2 weeks ago or so, and figured out how to set the "crash recovery" now when the computer WANTS to crash (to the white, striped screen) this keeps it from getting to that point. So at least I don't have to turn the power strip switch off and on (which can't be good for the wireless router!)
And there is tons of RAM being used. Sometimes that's what crashes it. I see the bar go up and up and then, bam-gone. Sometimes there's no rhyme or reason-it just crashes.
AND....today I just discovered that when I hit the shift key and p, in other words try to type a capital "p" letter, the computer tries to crash.
What is causing all of this? I've run the scans, posted the stuff, and I'm still afraid to download anything, or send any attachments to people because I don't know what I have. The eScan said I have 8 viruses, but I can't fix them with eScan in safe mode and I can't do any online scans.
Right now, I have no AV running. I uninstalled Norton so that I could install Defender Pro (which I then uninstalled when I found I couldn't download it in safe-mode.) I only have ZA, and that doesn't work right either (virus disabled that too?....don't know but it quit letting me update, and it shows things in there I didn't approve, and it is not showing very many programs....but it's let some through that I don't know what they are!)
My computer is such a mess....are you picking anything at all up from my scans so far?
Did you see anything in the hijackthis log?
I can disable more stuff, as you suggested, but do you know what's going on? Any ideas?
Thanks!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on January 03, 2006, 10:21:59 PM
The problem may be with all these half installed programs you have
Can you do the following please
Open Hijackthis>>Open Misc tools section>>Open uninstall manager
Click the SAVE LIST button
Save this list to desktop
copy and paste back here the whole contents
Additionally, post back a fresh Hijackthis log
Please don't install anymore virus scanners, this is not helping you at the moment
Post by: Roxy on January 03, 2006, 10:40:42 PM
(And the eScan said 8 viruses. But I don't know what they are.)
Anyway.....
Here's the tools section:
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Advanced Outlook Repair v1.0
Agere Systems PCI Soft Modem
ATI Control Panel
ATI Display Driver
CCleaner (remove only)
Cimaware OfficeFIX 5
CleanUp!
Defender Pro PC Toolbox
DefenderPro AntiSpy
Easy Internet Sign-up
ewido anti-malware
FreeMeter
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 1.99.1
HP Boot Optimizer
hp deskjet 5100
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 4.7
HP Software Update
HP Tunes
HPIZplus450
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
KBD
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
MSN
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
OutlookExtract 1.4.5
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Repair Tool for Outlook Express v.1.5
Security Task Manager 1.6f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpeedUpMyPC
Spybot - Search & Destroy 1.3
SpySubtract
SpywareBlaster v3.4
The Ultimate Troubleshooter
Trojan Remover 6.4.2
UltraSnap Trial 1.8
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
WinTasks
XoftSpy
ZoneAlarm
********************************************************
Here's the most recent hijackthis log....but I don't think anything has changed since I posted the last one. I haven't done anything else yet.
Here it is:
Logfile of HijackThis v1.99.1
Scan saved at 9:39:46 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Let me know what you think! And what I should do next.
Thanks!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on January 03, 2006, 10:46:37 PM
Are you disabling anything from running on startup with any of them?
If so, I need you too reenable them, reboot your computer and post a fresh hijackthis log
This goes the same if your using msconfig too
Post by: Roxy on January 03, 2006, 11:03:22 PM
I had so much stuff running and starting on this computer that it took SO long (longer than any computer I've ever had) to start.....and then all of the RAM was being used and the computer was crashing. So I looked up a couple of those sites (reputable and recommended ones) that told me what to disable and what to keep from starting at start-up.
But I don't know which is what, and I guess I'm not computer savvy enough to know what you're referring to.
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> /unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> P(and this p just caused my computer to want to crash again!).....please let me know what to reenable.
Thanks!
Post by: guestolo on January 03, 2006, 11:17:54 PM
You have too many startup managers
Eg..Not sure which ones you have disabling items
MSCONFIG
The Ultimate Troubleshooter
Hijackthis also shows me bad processes running
Is Wintasks disabling some processes from running
Your making me go at this blind, you know what is problematic on your computer
But I don't see anything bad
Again, you may of disabled the bad things, I don't know, because I can't see them
I'll try another tool
Afterwards, we'll go from there, but this may take longer if I don't see everything on startup
==Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop
Don't run it yet
RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter
In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after
Reboot back to Normal mode
Back in Windows
Post the results of the WindPFind.txt located in the WinPFind folder
Post by: Roxy on January 03, 2006, 11:30:01 PM
First, would you like me to try and copy and paste everything that's in startup so you can see what's starting and what is unchecked? Would that help?
also
While I do appreciate your help more than you'll ever know (so please don't get offended at my next comment)....if I run that scan and it takes a while (as you said) then it will probably be the end of the night for you again, and then I'll have to wait until tomorrow night to "get at it" again.
Is the scan so long that that might happen?
If so, any suggestions (or other experts on this site) who can help me later into the late evening....or who can help me first thing in the am?
I really need to work on this, stay at it, and get it fixed asap. I am the director of a statewide non-profit agency with an at-home office (which this computer is in) and I have to get this done like 2 days ago.
Any thoughts or suggestions? .....and should I try to copy and paste the start-up info (if I can)?
Post by: Roxy on January 04, 2006, 01:32:43 AM
I'm going to try and send it as an attachment. I also used UltraSnap to get the whole "Services" list, so you can see what's checked, what's not, and what's running and what isn't. I'll try to attach that in a separate post.
Last time (the eScan) it didn't work, so we'll see this time.
I don't have any particular way I've stopped or disabled things. And I don't use that one thing you asked me about that's in my add/remove list.
I've used msconfig, and I've also used....can't remember what it's called...maybe that wintasks that you mention. It's where you go in and can set things to auto/manual start, or not start at all. Can't remember what it's called (sorry!)
And I've taken advice from the sites that advise on that stuff: "answersthatwork" etc.
I didn't run the scan because I didn't hear back from you. I'll try to attach this now......
OK...that's frustrating. I went through and copied everything for you and not only can I not copy and paste it here, but I can't attach the documents.....even the really small ones!
Is there some trick to attaching documents to these posts?
Post by: Roxy on January 04, 2006, 07:44:56 PM
I had to do some work last night and today. So in-between that I tried to clean out what I could from my computer. I also downloaded the temp AVG AV, which I think I will purchase. I ran that in safe mode and it said no viruses.
I cleaned out a bunch of temp stuff and went in add/remove and cleaned out what I could. I also went to misconfig and put everything back to normal startup. The other place where I had previously made changes - suggested from some site....CNet or somewhere) was in "services.msc" through the run command.
I went in and disabled what it recommended and put some things on manual or whatever (instead of automatic) on the things that it said I didn't need to have running. *Remember that I did all that because my computer kept crashing and all of the RAM was being used up. I was trying to stop things that I didn't need running from running to free up my RAM to, hopefully, keep my computer from crashing/freezing several times a day.
I did not yet get a chance to run that other scan that you wanted me to run (WinPFind) but if you still need me to, I will.
The RAM (as monitored by my SpeedUpMyPC) is running anywhere between 66% on up to 88%.The CPU usage alternates from 2% to 100%.
AND....EVERY time I type the capital "p" letter, my computer tries to crash (I don't want to type it again because my crash recovery had already came up to prevent my computer from crashing about 3 times typing this post) Now.....isn't that a symptom of some kind of virus??
Here's my most recent HJKthis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 6:31:07 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Let me know your thoughts. And if you see something that I can get rid of, or should be gone (like I'm noticing P (there went my computer again!) I notice panda (NO cap!!!) is on the list. But I thought I deleted that!
I'll check back every so often for your response. Thanks!
Ooops. Came back on to add one other thing.....
When I boot up now, I get a "Runner Error" message that says:
Runner filename (updates from HP.exe) lacks a '-' (the app id separator)
Do you....or does anyone know what that means?
Also, does anyone recognize the problem of everytime I type the letter p in upper case, my computer tries to crash as a virus symptom?......or has that been encountered before by anyone?
Thank you!
Post by: guestolo on January 04, 2006, 11:22:46 PM
It won't take near as long
Do the following please
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop\")
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer into safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Click START SCAN
This could take some time as it will scan your drive
Close out after
Reboot back to Normal mode
Back in Windows
Post the results of the WindPFind.txt located in the WinPFind folder
Also, post a fresh hijackthis log
Post by: Roxy on January 05, 2006, 01:41:57 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> And please, I know a little bit about computers but would never pretend to be an expert. So if there is anything that you think I shouldn't have on my computer, please tell me.
When you said I had too many start-up managers, I don't even know which ones were start-up managers. This computer also came preloaded with so much stuff....it might have been something on here when I bought it, or I may have mistakenly downloaded something I don't need.
Just tell me if I should take it off....I can handle it!
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> I'll post the stuff you requested when it's done.
thanks.
Post by: Roxy on January 05, 2006, 02:28:15 AM
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
PECompact2 10/19/2005 3:01:06 AM 16109567 C:\WINDOWS\LPT$VPN.901
qoologic 10/19/2005 3:01:06 AM 16109567 C:\WINDOWS\LPT$VPN.901
SAHAgent 10/19/2005 3:01:06 AM 16109567 C:\WINDOWS\LPT$VPN.901
UPX! 1/10/2005 3:17:24 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 10/19/2005 3:01:06 AM 16109567 C:\WINDOWS\VPTNFILE.901
qoologic 10/19/2005 3:01:06 AM 16109567 C:\WINDOWS\VPTNFILE.901
SAHAgent 10/19/2005 3:01:06 AM 16109567 C:\WINDOWS\VPTNFILE.901
UPX! 2/18/2005 5:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 5:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
PEC2 8/9/2004 10:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 2/26/2005 12:01:40 PM 174080 C:\WINDOWS\SYSTEM32\ExMenu.dll
UPX! 2/26/2005 12:01:38 PM 113152 C:\WINDOWS\SYSTEM32\ExPMenu.dll
UPX! 2/26/2005 12:01:40 PM 202240 C:\WINDOWS\SYSTEM32\ExTab.dll
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 11/10/2005 9:17:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/10/2005 9:17:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 5:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/9/2004 10:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 8/12/2005 12:55:12 PM 278528 C:\WINDOWS\SYSTEM32\trjscan.trb
aspack 8/12/2005 12:55:14 PM 348672 C:\WINDOWS\SYSTEM32\trupd.trb
winsync 8/9/2004 10:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
UPX! 1/4/2006 3:19:18 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 1/4/2006 3:19:18 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 1/4/2006 3:19:18 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 1/4/2006 3:19:18 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/5/2006 12:56:04 AM S 2048 C:\WINDOWS\bootstat.dat
1/4/2006 6:13:32 PM H 31767 C:\WINDOWS\system32\vsconfig.xml
1/5/2006 12:55:50 AM H 8192 C:\WINDOWS\system32\config\default.LOG
1/5/2006 12:56:28 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/5/2006 12:56:08 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
1/5/2006 12:57:58 AM H 94208 C:\WINDOWS\system32\config\software.LOG
1/5/2006 12:56:26 AM H 962560 C:\WINDOWS\system32\config\system.LOG
12/10/2005 8:51:06 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
1/5/2006 12:54:30 AM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/9/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 9/20/2004 9:20:44 AM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/9/2004 10:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation7/27/2004 5:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 5/25/2005 12:35:02 PM 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 8/9/2004 10:00:00 PM 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Realtek Semiconductor Corp. 9/20/2004 9:20:44 AM 16121856 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\ALSNDMGR.CPL
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/27/2005 8:41:38 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
5/25/2005 12:52:48 PM 1819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
1/4/2006 6:14:10 PM 805 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpeedUpMyPC.lnk
5/25/2005 1:17:20 PM 810 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
7/22/2005 11:51:22 AM 1870 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
12/19/2005 12:24:26 PM 775 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinTasks.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/27/2005 12:30:22 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/25/2005 12:59:44 PM 1886 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
1/27/2005 8:41:38 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
1/27/2005 12:30:22 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP view : c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
= :
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP view : c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP view : c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPBootOp "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
LSBWatcher c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ehTray C:\WINDOWS\ehome\ehtray.exe
DeviceDiscovery C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
CompleteSecurityUpdate "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
Complete Security "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
AVG7_CC C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Ashampoo PopUpBlocker C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 181
NoCDBurning 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/5/2006 1:09:07 AM
********************************************************************************
Here's the new hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 1:21:54 AM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on January 05, 2006, 05:47:57 PM
Give this site time to load
Jotti's Online Malware scan (http://\"http://virusscan.jotti.org/\")
Use the browse button and navigate to this file on your hard disk
C:\WINDOWS\SYSTEM32\ExMenu.dll<--this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please, just the scanner results
Do the same for these ones too
C:\WINDOWS\SYSTEM32\ExPMenu.dll
C:\WINDOWS\SYSTEM32\ExTab.dll
You may have to
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Post by: Roxy on January 05, 2006, 05:54:11 PM
Post by: Roxy on January 05, 2006, 06:12:07 PM
File: ExMenu.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 dc1771f3a59641b0f0bfb774b0730bd1
Packers detected: UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
******************************************
File: ExPMenu.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 640da7a6c1da1d2a525d98c8ff32e46a
Packers detected: UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
*****************************
ExTab.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 6363a268deb0a5310904b6041173ce30
Packers detected: UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
**********************************************
Any other files that I should scan? This is all puzzling, isn't it?
You know, when I type the cap "p" letter, and the computer tries to crash (and crash recovery "saves" it from crashing all the way) the box says "terminating suspicious processes", but it doesn't say what those suspicious processes are!
And remember that I posted this message that I get on my computer in a previous email:
When I boot up now, I get a "Runner Error" message that says:
Runner filename (updates from HP.exe) lacks a '-' (the app id separator)
Post by: guestolo on January 05, 2006, 06:32:04 PM
Could you do the following please
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Panda Process Protection Service
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for this one too
Symantec Network Drivers Service
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer and post a fresh hijackthis log
Post by: Roxy on January 05, 2006, 06:50:36 PM
Here's the new hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:43:25 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
*****************************************
I see stuff from SpySubtract and Defender in there still....I thought I removed that stuff? And, I don't know if this makes a difference or not, but I use IE to get to my AOL email....I never loaded my AOL software on here because of the junk loaded on this computer (that I don't use) and all the memory that was being eaten up. So I have to go through IE all the time.....pull up IE, type AOL email, go to my email, etc.
Just fyi.
Post by: guestolo on January 05, 2006, 06:53:00 PM
Open Hijackthis>>Open Misc tools section>>Open Uninstall manager
Click the SAVE LIST button, save this new list and post a fresh hijackthis log
Additionally, can you do the following
LiUtilities SpeedupmyPC can do the following
Automatically terminate suspicious processes
Can you disable this utility, I want to see the bad processes, if any
Post by: Roxy on January 05, 2006, 07:00:59 PM
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
ATI Control Panel
ATI Display Driver
AVG Anti-Virus 7.1
CleanUp!
ewido anti-malware
FreeMeter
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 1.99.1
HP Boot Optimizer
hp deskjet 5100
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 4.7
HP Software Update
HP Tunes
HPIZplus450
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
KBD
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
MSN
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpeedUpMyPC
Spybot - Search & Destroy 1.3
Trojan Remover 6.4.2
UltraSnap Trial 1.8
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
ZoneAlarm
********************************************
Logfile of HijackThis v1.99.1
Scan saved at 5:59:21 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on January 05, 2006, 07:16:16 PM
Nothing seems to get installed or uninstalled properly
Are you using Add/Remove programs or a utility?
I missed an entry related to Symantecs
What trial version of Norton's did you have installed?
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Can you access your Add/Remove programs
Remove Spybot 1.3
Reboot the computer if prompted
Back in Windows
Download and Install Spybot 1.4 from
HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
Post a fresh hijackthis log, see if I missed anything, or anything new appears
Post by: Roxy on January 05, 2006, 07:30:57 PM
I'm telling you....I've had this computer since the end of July...and never had so many problems with a computer! And I don't need all of the "media" stuff either....any of that I can take off of here? I only would use stuff for pictures, and CD's/DVD's (for writing or recording music.) No tv's, or tivo, or movies, etc.
I will do as you instructed and post back. Yes, I can get to add/remove. (And the last couple of times I tried to use Spybot, it would usually find a couple of things but then near the end it would freeze and say that something was not able to be accessed because of something or other....?)
But I'll see if it works this time.
And I'll post back with a new log.
Oh....I had Norton Internet Security....it came preinstalled.
Post by: Roxy on January 05, 2006, 07:56:29 PM
Logfile of HijackThis v1.99.1
Scan saved at 6:53:36 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on January 05, 2006, 08:33:28 PM
Can you do the following
Go to START>>RUN>>In the open field
type in msconfig
Click the Launch System Restore button
Click on Create a New Restore point
Name it and click Create
When that's done
Go to START>>RUN>>type in the following and hit OK
sc delete PavPrSrv
I have to assume you had a newer trial version of Norton Internet Security installed
Can you try the following link to uninstall it completely, as it seems Add/REmove programs didn't remove it altogether
Click here (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2004101207033236&nsf=nip.nsf&view=es_full&dtype=&prod=&ver=&osv=&osv_lvl=&seg=\")
Make sure you reboot afterwards
We may have to deal with Panda's later too
Back to This
Quote
I downloaded this "SpeedUpMyPC" thing, which has a crash recovery on it and everytime I try to do something (like order online AV software) as soon as I start typing in my name the crash recovery starts running. It's already done it twice since I've been typing this email. (In other words, something wants to crash my computer so I can't fix it.)
If you didn't pay for this, can I have you Uninstall it please from Add/Remove programs
Or disable it completely, it's refraining us from seeing everything
Also, if you didn't pay for FreeMeter
Remove it too, they may not be malicious, but something is definitely conflicting and we have to narrow it down
Make sure to restart the computer afterwards
Back in Windows, Can I have you do the following
Download and UNZIP this free registry cleaner
RegSeeker 1.45
http://www.hoverdesk.net/freeware.htm (http://\"http://www.hoverdesk.net/freeware.htm\")
Before running this
Run a Scan only with hijackthis and fix checked this entry please, with all other windows closed
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
Open the RegSeeker Folder and double click on RegSeeker.exe
Click on "Clean the registry" in the left menu
Hit OK
Let it finish scanning and then ensure Backup before deletion is checked
Choose "Select all"
Delete all selected
Reboot your computer again
Post a new hijackthis log, let's see if any bad processes are found
Post by: Roxy on January 05, 2006, 08:46:08 PM
One of the reasons I installed it is because of it's "crash recovery".
My computer monitor, several times a day, just all of a sudden would go all white. Or it would be white with colored stripes on it. None of the keys worked, ctrl-alt-del didn't work, I'd have to turn the power plug off...and then back on...and then my computer would completely reboot. So now, with this, the box comes up that keeps it from crashing all the way to that point.
But also, in the past few days I got that thing happening where when I type the cap letter p, the computer tries to crash too.
So hopefully we'll get this fixed or else I'll need to put that back in so I can use the computer for work.
I'll unload/uninstall it now though, and hopefully you'll be able to see anything that it may be hiding.
I am so thankful for your help!!!
I'll be back......
Post by: Roxy on January 05, 2006, 09:44:54 PM
I did everything you said. Comments:
I hope that by typing pavprsrv with smaller case letters is ok because I tried to type it in the upper case and my computer tried to crash. Even though it was "saved" the run window would go away. So I did it in lower case (don't know if that worked or not.)
After I uninstalled all the Norton stuff, I had to go in and look for files, and in the "common file" I found a panda file....so I deleted that.
I uninstalled freemeter and speedupmypc.
I ran the regseeker and it came up with 0 items.
When I ran hijackthis again, I see that there in a line in it for "wintasks"...that is part of the LIUtilities. Should I delete that?
And didn't you already have me delete the "pttask" at boot file (or am I remembering it incorrectly) because that's back in there.
Also, what is that MDM.EXE file? It's in my tasks manager but it didn't use to be. Is that something from one of the new things that I have on my computer?
New log below:
Logfile of HijackThis v1.99.1
Scan saved at 8:35:27 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on January 05, 2006, 10:37:11 PM
I did see Wintasks in your add/remove programs earlier, but it's not there now
Recheck add/remove programs and uninstall it from there if found
Then have hijackthis fixchecked this entry with all other windows closed
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
Reboot your computer
Back in windows, can you let me know what version of Panda's you tried to install
The exact version please
Eg...Panda Platinum 2005
Not sure what you mean by this
Quote
And didn't you already have me delete the "pttask" at boot file (or am I remembering it incorrectly) because that's back in there.Are you receiving help elsewhere also?
Post by: Roxy on January 05, 2006, 10:57:42 PM
But I noticed that I typed "pttask".....I meant that to be a "q". I just went back and looked and it's in a prior post of yours to me (#34). I'll paste it right below:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
You were telling me to uncheck this, but it looks like it's still there in the most recent hijackthis log.
I don't know what version of Panda that I had (HEY!!! I just typed the cap letter P and my computer didn't crash!! What do you know! We're getting there!)
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />Anyway, I deleted all of the Panda stuff so I don't know how I'd go back and find that. It was whatever the trial version is on the website. So I guess it would be the most recent....2005?....because I just downloaded it this past week. Are there still traces of it?
I did uninstall wintasks from add/remove, but then I saw it in the hijackthis log. I almost checked that one too, but I don't want to make ANY moves on my own...only the ones you tell me to make!
I will go fixcheck that one entry and reboot. And I'll go to the Panda site and see what the download is and post it back here in a few minutes. Anything else that I should, or need to do? Or do we need to get this Panda out of here now?
Post by: Roxy on January 05, 2006, 11:15:57 PM
(2nd post....I'm just telling you so that you know there's another one from to read before this one....after your last post.)
I didn't yet take fixcheck that wintasks line.....did you want me to also fixcheck the qttask one again too at the same time?
Also, I went to the Panda software site and I do believe that it was the 2006 version...not 2005. But I can't remember for sure if it was the Panda Platinum Internet Security, or the Titanium Antivirus & Antispyware. Does that make a difference for trying to get it out?
I did do a search for *Pand* and it came up with 3 references:
One is a file entitled "Panda Software" and it's in the recycle bin. (I did go in there to try and see which one it is but all I could get ws that the the product name was "PandaSheild", the filename was PavPrSrv.exe, and the version was 1.3.0.0. Don't know if that helps or not.
Also, there were two other files:
PANDA.HTM
PANDA.TXT
They are both in C:\WINDOWS\I386\COMPDATA
each one is 1 KB in size.
Do you want me to delete those?
Post by: guestolo on January 06, 2006, 03:06:03 PM
I can't find uninstall instructions for version 2006
But can we run a registry fix regardless, see it it helps at all
First, can you do the following
Download: Registry Search Tool from this link
http://billsway.com/vbspage/ (http://\"http://billsway.com/vbspage/\")
Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run
In the open field copy and paste the below in bold then hit OK
panda
Wait for the results and post them back here
Do the same for this next one too please
pav
Don't remove anything out of the registry yet, let me see these first
Post by: Roxy on January 06, 2006, 07:11:07 PM
I cana't get to that page to download it. Your link is not working for me, and it doesn't work when I cut and paste it into my browser. I also tried to just go to the main site, or home page, but it won't let me do that either. It's nothing with my computer....I can get to other sites. Just not that one.
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> Any other way I can get to it?
Post by: guestolo on January 06, 2006, 07:37:45 PM
Can you download from below RegSrch.zip
UNZIP the contents so you have RegSrch.vbs extracted, then follow the directions I posted
Post by: Roxy on January 06, 2006, 08:17:39 PM
I'll now do the 2nd one and come back and post that in a minute.
********************************************************
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "panda" 1/6/2006 7:11:19 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Google\NavClient\1.1\History]
"Panda Platinum free av download"=hex:05,eb,bd,43
[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="*panda*"
Done with this one. It said if found 133. Below:
*****************************************
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "pav" 1/6/2006 7:15:18 PM
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]
@="HPPAVILIONPROTECT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]
"Content Type"="application/vnd.HPPAVILIONPROTECT.md-launch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell\open]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-launch]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-launch]
"Extension"=".HPPAVILIONPROTECT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-test]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\CPC\wallpaper]
"Brand"="PAV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPD\HardwareDescription]
"PCName"="PAVILION"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPD\HardwareDescription]
"HPTag"="PAVILION"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\DLNG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\DLNG]
"Locale_Key_Path"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\HPOOBE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\HPOOBE]
"PC_Type"="Pavilion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]
"Locale_Key-001"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]
"Locale_Key-002"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"18"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"19"="http://redirect.paviliondownload.com/search/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"22"="http://redirect.paviliondownload.com/email/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"39"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"40"="http://redirect.paviliondownload.com/search/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"43"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"49"="http://redirect.paviliondownload.com/search/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"50"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"51"="http://redirect.paviliondownload.com/email/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000\Control]
"ActiveService"="PavProc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Enum]
"0"="Root\\LEGACY_PAVPROC\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000\Control]
"ActiveService"="PavProc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Enum]
"0"="Root\\LEGACY_PAVPROC\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI]
"Manufacturer"="HP Pavilion 061"
[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI]
"BS"="HP Pavilion 061 PY029AA-ABA A1129N MXK5260403 NA570 0ny1114RE101ALBAC00"
[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI\BSP]
"HPTag"="HP Pavilion"
[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI\BSP]
"PCName"="HP PAVILION"
[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"
Post by: guestolo on January 06, 2006, 09:46:58 PM
Afterwards, Can you download WinsockXP Fix from the following link
http://www.spychecker.com/program/winsockxpfix.html (http://\"http://www.spychecker.com/program/winsockxpfix.html\")
Save this too your desktop
I don't think you will need it, but I want you too have it just in case
Download from below Clean.zip and unzip the contents to your desktop
So you have Clean.reg extracted
Don't use it yet
RESTART into Safe mode
Double click on clean.reg and allow to add/merge to the registry
Reboot back to Normal mode
Find and delete the following files or folders recommended by Panda's
FOLDERS
C:\Program Files\Panda Software
C:\Program Files\Common Files\Panda Software or
C:\Program Files\Common Files\Panda Software\PavShld if the previous one can't be deleted.
C:\Program Files\InstallShield Installation Information\{E91563B4-D9EC-11D5-A2BB-00606771B69D}
FILES
%windir%\system32\drivers\shlddrv.sys
%windir%\system32\drivers\pavproc.sys
%windir%\system32\drivers\pavdrv51.sys
%windir%\system32\drivers\pcontnt.sys
%windir%\system32\drivers\Netflt.sys
%windir%\system32\drivers\cpoint.sys
%windir%\system32\Pavipc.dll
%windir%\system32\SYSTOOLS.dll
%windir%\system32\PavSProt.dll
%windir%\system32\PavSkre.dll
%windir% represents C:\WINDOWS
Let me know how things are running after that
Post back one final hijackthis log
NOTE, if you do happen to lose internet connection after doing the above
Run WinsockXP fix
Run the FIX part of it and reboot when prompted
Only run this tool if you need it please
Post by: Roxy on January 07, 2006, 12:34:29 AM
Am just now able to do this. I'm getting ready to go into safe-mode. I don't know if you're still on here or not, but when I finish I will post it and then I'll check tomorrow for your response (from either tonight or tomorrow when you see it.)
Thanks!
Post by: Roxy on January 07, 2006, 01:15:53 AM
I didn't find all of the folders and files you listed (just 1 of the folders and 2 of the files.)
I'll go back now, reboot, run another hijack this log and post it here.
*****************************************
Logfile of HijackThis v1.99.1
Scan saved at 12:09:49 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: Roxy on January 07, 2006, 01:29:40 AM
I can tell you that my computer is running SO much better. The CPU and RAM are good, the speed is much better (it's not hanging anymore) it's not constantly crashing, and no more crashes from the "P".
Let me know how the logs look and if there is anything else that I need to do.
And...if everything looks fine now....what the heck was going on? What all was it that was causing problems?
Also, if there's nothing else to fix (and I'm not trying to jump the gun here or anything) before we're "done" I'd like to ask you just a couple of questions about a couple of the scanning programs.
Thanks!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />**********************************
Logfile of HijackThis v1.99.1
Scan saved at 12:21:03 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab (http://\"http://support.f-secure.com/ols/fscax.cab\")
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on January 07, 2006, 01:47:51 AM
Then ask away after you do the following
If your happy with the way everything is running
I'm not sure what got cleaned out before you posted here, but could you do the following
We should clear all your restore points to ensure you don't restore any nasties that may be residing in the
restore folders
Go to START>>RUN>>In the open field
type in msconfig
Click the Launch System Restore button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
Back in Windows, Go back and take the check out of Turn off system restore
This will reenable the System Restore feature and creates a new restore point
After that is done, one last step
With all the programs you installed lately
It may be wise to run a Disk Defrag on your system,
I like running this in safe mode so minimum is running
Before running it, run that tool you downloaded earlier>>Windows CleanUp!
Then
Go to START>>Programs>>Accessories>>System Tools>>Disk Defragment
Click on the Defragment button
Let this finish, it could take some time if you have not run it for awhile
Return to Normal Windows when it's done
NOTE: After running CleanUp!>>It also clears your prefetch folder
So startup may be a bit slower at first, but it will increase on next bootup
For added protections
You should install this free tool
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"
Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Do that after every update
I'm on my way to bed soon, but that should keep you busy for a bit
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I'll talk to you soon
Post by: Roxy on January 07, 2006, 08:26:05 PM
Wow....all done with all of that stuff now. My computer is running great! So....you didn't ask me to post anymore logs and I'm assuming that you don't need to any then, correct?
If so, here are my questions:
What all should I be getting rid of that I recently installed and what should I keep?
Here is the stuff I have now, that I'm assuming I should keep...but let me know:
AVG for AV software - running all the time
ZA for firewall - running all the time
Spywareblaster -running all the time
Spybot (how often should I run this scan?)
Adaware SE (should I still keep this, and how often should I run this scan?)
I also had TrojanRemover (by Nigel Thomas, I think his name is)...should I keep this (I need to renew the registration # and update it. I just didn't do it, and decided to wait until we were done to ask you about it. Should I?)
Then...
How often is ok to run Cleanup!?
And should I keep ewido, CWshredder, MWAV, Jottiscan.....others?
And...is it still ok to use the tools-options to delete temp files, cookies, off-line junk, and history? I was doing that almost daily but...it didn't seem to help after noticing how many were in there to be deleted with Cleanup!
I'm hoping that is all the questions that I have, but I'll let you know if I remember anything else I wanted to ask you!
Is there anything else I should know about or do to keep this from happening again? AND....(aside from knowing that there was a lot of adware, and spyware, and that coolwebsearch that was found and deleted before I came here) what was in, or wrong with, my computer??!! It was a mess!
But I can happily say now that it is running awesome and I thank you for that! I will definitely be sending a little $ to help support you and this site. (I know I would come back and use your expertise if I ever had problems again....so you can use all the support you can get to keep this site going!)
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />I look forward to hearing from you to help me finalize all of this by answering the above questions.
Post by: guestolo on January 07, 2006, 11:44:24 PM
Quote
what was in, or wrong with, my computer??!! It was a mess!I still believe that with all the Malware removal tools and extra AV's you installed, there was a lot of conflicts
This is a perfect example why a person should only run One AV and One software Firewall on their system
It's not your fault completely, because many wouldnt' install properly
This could of been from malware or interference with other programs you had on your computer
In addition, I'm not very keen on Resource monitors and such
I hate the idea of a piece of software too monitor my resources, when itself must use resources in the meantime
What I would keep
It's optional to keep CleanUp! and Ewido's
I would keep both however,
Run CleanUp! once a week
Run Ewido once a month<<make sure to check for updates before running a scan
Spybot and Ad-Aware SE
Keep them both, check for updates every couple of weeks and run scans if an update is present
Make sure to Immunize with Spybot
Update both beforehand
SpywareBlaster, again, hold onto this please and update and enable as instructed earlier
TrojanRemover, I've never used it myself
If you didn't pay for it, you may opt to remove it
Manually delete CWshredder, WinsockXP Fix, RegSrch.vbs, MWAV, Jottiscan results, WPFind.zip and the WPFind folder
Hijackthis>>Hold onto it for a couple of weeks, if everything is still running smooth
Remove Hijackthis 1.99.1 from add/remove programs and then manually delete C:\HJT <-this folder
RegSeeker, another tool you may want to hang onto, if you don't want it please manually delete it
If you still have Windows set to show hidden files and folder, you can go back and rehide them
Quote
And...is it still ok to use the tools-options to delete temp files, cookies, off-line junk, and history? I was doing that almost daily but...it didn't seem to help after noticing how many were in there to be deleted with Cleanup!Yes,that's ok, but I would still hold onto CleanUp! and run once in awhile
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> AVG for AV software - running all the time
ZA for firewall - running all the time
Don't go surfing without an Active AV and Firewall running
AVG and ZoneAlarm both have a good reputation, I would opt to hold onto them both
I think we have your computer running a bit better
The next to you run into problems, don't hestitate to post here first before installing too many programs that are unneeded
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: Roxy on January 08, 2006, 10:18:19 AM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> I bought this thing in late July and started having problems the first week. It was loaded with SO MUCH JUNK that I started trying to delete the stuff because the computer was very sluggish....and started crashing every so often from the get-go. I should have brought it back but just thought if I got some of the junk, programs and games out of it, it would be fine.
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> Then, it started getting worse and I started looking for online help, and various scans to find out what was wrong. I do understand now that some of that stuff I did to try and fix it just made the problem worse! And probably the fact that I was getting help from several different sources didn't help. (It is nice, however, to know that programs weren't installing properly so that it wasn't entirely my fault!)
/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> Anyway, I did make note of everything that you told me to keep and delete, and will be very religious about doing updates and scans.
/sleep.gif\' class=\'bbc_emoticon\' alt=\'-_-\' /> I am thankful that I found this site and got all of the help from you that I did......thank you so much! And I will most certainly come back here if I encounter any other problems at all....and before I install a bunch of stuff!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />questolo, thank you again, and take care!
Post by: guestolo on January 08, 2006, 11:28:06 AM
It was a battle, but we won
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> Since everything is running better I'll lock this topic
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />