Post by: Pureblood on August 26, 2006, 01:21:40 PM
Post by: guestolo on August 26, 2006, 01:27:14 PM
I'm stepping out for a bit, I'll look at it when I return
Post by: Pureblood on August 26, 2006, 01:33:20 PM
Logfile of HijackThis v1.99.1
Scan saved at 2:29:54 PM, on 8/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\1154633319\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154633319\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm090YYUS (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm090YYUS\")
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab\")
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (http://\"http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab\")
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.Email (http://\"http://free.Email\") Removed/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
Also i want to get rid of most of the stuff i don't need. If you don't know what rid means it mean to take away. Look up pittsburgh english on wikipedia. I live in centreal PA don't how to explain stuff with out my accent.
Post by: guestolo on August 26, 2006, 01:36:29 PM
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: Pureblood on August 26, 2006, 01:40:31 PM
Adobe Flash Player 9 ActiveX
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ArcSoft PhotoImpression 4
Digital Camera Driver
HijackThis 1.99.1
HP Deskjet 3740
HP Deskjet printer preloaded drivers
Instant Support
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
J2SE Runtime Environment 5.0 Update 6
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Works 7.0
Mozilla Firefox (1.5)
MUSICMATCH® Jukebox
My Web Search (Zwinky)
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PC-Doctor for Windows
PS2
Pure Networks Port Magic
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealOne Player
RecordNow
RingMaster from Compaq (remove only)
S3Display
S3Gamma2
S3Info2
S3Overlay
Simple Installer - Multilanguage Version
Sonic Update Manager
Viewpoint Media Player
Weblink
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
Post by: Pureblood on August 26, 2006, 04:27:13 PM
Post by: guestolo on August 26, 2006, 04:33:16 PM
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm090YYUS (http://\"http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm090YYUS\")
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab\")
The next ones are optional, don't need to run on startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
with both Quicken and SunJava you can manually check for updates
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Access your add/remove programs and remove the following
If you don't have any other software installed by Symantecs, remove
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
REMOVE
My Web Search (Zwinky)
and
Viewpoint Media Player <-bundled with AOL
Reboot the computer afterwards
Find and delete the following folder
C:\Program Files\MyWebSearch <-folder
I don't use either PC Doctor or AOL Spyware
But I do trust the following, there a free install, you should install them
Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
===================================
Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
Back in Windows, post a fresh hijackthis log
I don't see any AntiVirus software on this computer
If this is the case, to ensure there is nothing else hiding
From my signature below,
Using INTERNET EXPLORER>>Run an online virus scan at Kaspersky's
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- * The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
o Scan Options:
Scan Archives
Scan Mail Bases
* Click OK
* Now under select a target to scan:
Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
Post by: Pureblood on August 26, 2006, 05:00:20 PM
Post by: Pureblood on August 26, 2006, 05:14:15 PM
i can't remove the my web search (zinky). Also what does weblink do?
Post by: guestolo on August 26, 2006, 06:02:46 PM
IT SHOULD be in the list if it is installed
Do everything else I posted
You can uninstall Weblinks if not required
as well as all the AOL crap if you don't want it
It's your computer, you have to decide what you want installed???
Run the AOL Uninstaller (Choose which Products to Remove) from add/remove programs
This is your post concerning AOL
http://www.thetechguide.com/forum/index.ph...c=39275&hl= (http://\"http://www.thetechguide.com/forum/index.php?showtopic=39275&hl=\")
Post by: Pureblood on August 26, 2006, 10:06:20 PM
oh and can u lock it? with out me saying to lock it on that thread i don't want it at the top.
Post by: Pureblood on August 26, 2006, 11:03:03 PM
Post by: Pureblood on August 27, 2006, 09:25:29 AM
Scan saved at 10:19:34 AM, on 8/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\AOL\1154633319\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154633319\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (http://\"http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab\")
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - <a href="http://free.Email Removed/tryaolfree/cdt175/aolcdt175.cab" target="_blank" rel="nofollow">http://free.Email Removed/tryaolfree/cdt175/aolcdt175.cab</a>
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
AOL Uninstaller (Choose which Products to Remove)
Digital Camera Driver
HijackThis 1.99.1
HP Deskjet 3740
HP Deskjet printer preloaded drivers
Instant Support
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
J2SE Runtime Environment 5.0 Update 6
KBD
Microsoft .NET Framework (English) v1.0.3705
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Works 7.0
Mozilla Firefox (1.5)
MUSICMATCH® Jukebox
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PC-Doctor for Windows
PS2
Pure Networks Port Magic
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealOne Player
RecordNow
RingMaster from Compaq (remove only)
S3Display
S3Gamma2
S3Info2
S3Overlay
Simple Installer - Multilanguage Version
Sonic Update Manager
Viewpoint Media Player
Weblink
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
There has to be something wrong with uninstall list because have aim installed and can run it. Same thing with limewire, adaware se personal addition. And spybot search and destroy. And crap cleaner. Did u ever here of anything like that?
Post by: guestolo on August 27, 2006, 10:05:33 AM
Can you run it and post the results
Also, Open Spybot, click on HELP in the top menu bar
Click on ABOUT
Let me know Latest detection date and version no.
Open Ad-Aware
Click on DETAILS under Intialization status
Let me know Ref. number and and Internal build
Also, Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
Post by: Pureblood on August 27, 2006, 03:32:17 PM
Here is a list of installed programs. The Kaspersky scan is running now. I will post the results and another hijack this log right away.
INSTALLED SOFTWARE (48) - FAMILYROOM - 8/27/2006 4:28:51 PM
Adobe Acrobat 5.0 Ver: 5.0
Adobe Flash Player 9 ActiveX Ver: 9
AOL Uninstaller (Choose which Products to Remove)
Digital Camera Driver Ver: 1.00.0000 Installed: 8/8/2006
HijackThis 1.99.1 Ver: 1.99.1
HP Deskjet 3740 Ver: 1.00.0000 Installed: 8/3/2006
HP Deskjet printer preloaded drivers Ver: 1.00.0200 Installed: 4/9/2003
HpSdpAppCoreApp Ver: 2.00.0000 Installed: 4/9/2003
Instant Support
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
J2SE Runtime Environment 5.0 Update 6 Ver: 1.5.0.60 Installed: 8/17/2006
Kaspersky Online Scanner Ver: 5.0.83.0
KBD
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework (English) v1.0.3705 Ver: 1.0.3705 Installed: 4/9/2003
Microsoft Money 2003 Ver: 11.0.50 Installed: 4/9/2003
Microsoft Money 2003 System Pack Ver: 11.0.80 Installed: 4/9/2003
Microsoft Works 7.0 Ver: 07.02.0620 Installed: 4/9/2003
Mozilla Firefox (1.5) Ver: 1.5 (en-US)
MUSICMATCH® Jukebox
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PC-Doctor for Windows
PS2
Pure Networks Port Magic Ver: 1.2.1393.0
Python 2.2 combined Win32 extensions
Python 2.2.1 Ver: 2.2.1
Quicken 2003 New User Edition Ver: 12.00.0000 Installed: 4/9/2003
Quicken 2003 New User Edition Ver: 12.00.0000 Installed: 4/9/2003
QuickTime
RealOne Player
RecordNow Ver: 5.0 Installed: 4/9/2003
RingMaster from Compaq (remove only)
S3Display
S3Gamma2
S3Info2
S3Overlay
Simple Installer - Multilanguage Version
Sonic Update Manager Ver: 2.80 Installed: 4/9/2003
Viewpoint Media Player
WebFldrs XP Ver: 9.50.6513 Installed: 4/9/2003
Weblink
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979 Ver: 20021114.125755
Windows XP Hotfix (SP2) Q329909 Ver: 20021107.233949
Windows XP Hotfix (SP2) Q331958 Ver: 20021029.122936
Windows XP Hotfix (SP2) Q811789 Ver: 20030113.170849
I thought i removed that veiwpoint player yesterday. Now it is back again. Same with aol it wont go away
Post by: Pureblood on August 27, 2006, 06:57:44 PM
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 27, 2006 7:54:29 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/08/2006
Kaspersky Anti-Virus database records: 218755
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 70259
Number of viruses found: 18
Number of infected objects: 41 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:04:40
Infected Object Name / Virus Name / Last Action
C:\a.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\a.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2508b774daea75a835e6a7f23154c2c1_925d8183-3ae8-4d61-86f4-3fdeb0643764 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\26477b0700a04b8f0d17980de385c238_925d8183-3ae8-4d61-86f4-3fdeb0643764 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3025934c4f8da04ad4d8e5fd27244a57_925d8183-3ae8-4d61-86f4-3fdeb0643764 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_925d8183-3ae8-4d61-86f4-3fdeb0643764 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6252f954e8a96779dc57418f512f2e22_925d8183-3ae8-4d61-86f4-3fdeb0643764 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\710a940c670344f0edde13da798b8bf3_925d8183-3ae8-4d61-86f4-3fdeb0643764 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bb828e7d94b2431db5b2f828727e7583_925d8183-3ae8-4d61-86f4-3fdeb0643764 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\PowerPoint to Flash 1.6.7.1.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\All Users\Documents\My Music\PowerPoint to Flash 1.6.7.1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\backups\backup-20060826-180611-102.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\Documents and Settings\Owner\Desktop\backups\backup-20060826-180611-757.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\AVP4CF.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\AVP4D0.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\AVP5D9.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\iinstall.exe Infected: Trojan-Downloader.Win32.IstBar.mz skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I302RD1S\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I302RD1S\popup[1].php/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I302RD1S\popup[1].php GZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Shared\LimeWire Pro 4.9.28.zip/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\Documents and Settings\Owner\Shared\LimeWire Pro 4.9.28.zip ZIP: infected - 1 skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\hp\region\EN_US-ie.reg Infected: Trojan.WinREG.StartPage skipped
C:\n.exe Infected: Trojan-Downloader.Win32.Small.cdy skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Sprint DSL virtual assistant\log\mpbtn.log Object is locked skipped
C:\Program Files\winupdates\winupdates.exe Infected: Worm.Win32.VB.an skipped
C:\s.tmp Infected: Worm.Win32.VB.an skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP16\A0001435.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003380.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003381.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003472.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003473.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003474.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003476.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003477.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003478.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003479.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003480.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003481.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003482.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003483.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003486.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003490.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003491.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003492.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003494.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003495.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003496.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\A0003497.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP32\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\sync-src-1.00.tbz Infected: Net-Worm.Win32.Doomjuice.a skipped
Scan process completed.
oh Should i delete those entrys then post a fresh hijack this log?
Post by: guestolo on August 27, 2006, 07:10:55 PM
Post by: Pureblood on August 27, 2006, 07:15:52 PM
Post by: guestolo on August 27, 2006, 07:21:13 PM
Do the following, this should help out
It will require a few other tools, make sure to use them
Download and save [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to the desktop
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to, click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Save it to the same folder you made earlier (c:\BFU).
==Download, install, and update Ewido anti-spyware (http://\"http://www.ewido.net/en/download/\")[list=1]
- Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Close Ewido. Do not run it yet.
Don't run a scan yet
CleanUp! attempts to delete files from various temporary directories (including download directories/caches),
as well as emptying the Recycle Bins.
If you make a habit of saving files that you wish to keep in any of these places, they will be deleted when CleanUp! is run.
Please move them too a different location before we run this tool if the above is true
Note: It is generally considered poor practice to use temporary folders or the Recycle Bin to store files you intend to keep.
Print and/or save the rest of these instructions to a text file saved to desktop
This is very important, as I need you too reboot into safe mode without internet connection
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Access your add/remove programs and remove
Viewpoint Media Player
Remain in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer
NOTE: The first time you run CleanUp! it may prompt to run in Demonstration mode
Deny this, we want to run the actual cleanup!!
Run this twice please
==Go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png) and select alcanshorty.bfu
- Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
- Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
- Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- Restart back into Normal Mode.
Post back all the following
1. Post a fresh hijackthis log
2. Post the Whole Report from Ewido's
Post by: Pureblood on August 27, 2006, 07:40:15 PM
Post by: guestolo on August 27, 2006, 07:45:36 PM
Quote
Should i most def save the instrctions or just use my laptop?
If the laptop is a different computer than the infected computer than go ahead
But if it's the same computer with problems
I need you in safe mode without internet connection
Post by: Pureblood on August 27, 2006, 07:46:36 PM
Post by: Pureblood on August 27, 2006, 08:12:10 PM
BFU is done running it did exactly what you said.
Ewido is scanning now.
oh and on that online virus scan thing i tihnk i screwed up. Should i of did something after i saved the log? I just exited since u wanted me to restart the comp in safe mode.
Post by: Pureblood on August 27, 2006, 09:14:45 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:11:45 PM, on 8/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\AOL\1154633319\ee\AOLSoftware.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154633319\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortEmail Removedexe" -Run
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (http://\"http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab\")
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.Email (http://\"http://free.Email\") Removed/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
Here is the Ewido Scan thing:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:06:03 PM 8/27/2006
+ Scan result:
C:\n.exe -> Downloader.Small.cdy : Cleaned with backup (quarantined).
C:\hp\region\EN_US-ie.reg -> Hijacker.StartPage : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.249:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.250:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.287:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gsw0lebd.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
D:\sync-src-1.00.tbz -> Worm.Doomjuice.a : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\My Music\PowerPoint to Flash 1.6.7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Shared\LimeWire Pro 4.9.28.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
::Report end
I think that is everthing requested. Were you satisfied with the spy bot and adaware things i gave you?
Post by: guestolo on August 28, 2006, 12:05:52 AM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus8.hpwis.com/ (http://\"http://srch-qus8.hpwis.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus8.hpwis.com/ (http://\"http://qus8.hpwis.com/\")
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Find and delete this file
C:\WINDOWS\system32\f3PSSavr.scr <-this file
Post one last hijackthis log and let me know how things are running please
Post by: Pureblood on August 28, 2006, 09:12:49 AM
Logfile of HijackThis v1.99.1
Scan saved at 10:10:40 AM, on 8/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (http://\"http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab\")
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.Email (http://\"http://free.Email\") Removed/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
I delted that file you told me. The comp is running alot better then it was. Now i need to upgrade my ram. Only 128.00mb. LOL. I finnaly got aol unistalled by having to go to the program files. I unstalled a bunch junk i do not need. Now i am going to defragment my hard drive. Thank you. If there is anything else you need me to do. I will.
Post by: guestolo on August 28, 2006, 10:25:05 PM
Create a New restore point
Name it and click create
When that's done
Open MyComputer
Right click on Local Disk C:
Select Properties>>Disk CleanUp
Let if finish calculating
Select the More Options tab
and click Cleanup under System Restore
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
Also clean any other drives or partitions you have
I wish you would install more RAM on this thing
128 mb with Windows XP is just barely enough
I don't see an AV installed on this computer
You should have one actively running
But with only that much Ram I see you might deter from it
Would you like a free suggestion for AV, I'll let you know how to set it up so it won't run in the background
But please keep it updated and scan any files you download
If you install more Ram, can you please have this AV running on startup
Is your Firewall enabled?
Why so far behind on Windows Updates?
Post by: Pureblood on August 29, 2006, 08:56:09 AM
2. Disk clean up wont open. It opened once but then it frooze i waited 5 mins and it still didn't move. So i closed it and tried to open it again and it didn't work. Don't know why.
3. Is ram hard to install. And would ram make the computer faster. How much should i get? I see that it is farely cheap at staples but i hate haveing to try to install it. My birthday in a month so i guess i could ask for that. I have everything else i want. Then i will upgrae my laptops ram 1gb. Desktop don't need that (one i am fixing now) because that is my sisters and i can berely use it. But i like it.
4. I don't have any anti virus program installed. On my dell my subscription about to expire to. I just never really ran one on here.
5.Yes i would like a suggestion for an AV. Please.
6. No firewall on this comp. I figured my routers firewall would be good. I guess i can download zonealarm if you recommend it.
7.I guess i never had windows updates running to install it. Plus when i redid my computer it probably erased tham all. I can update it now.
Post by: Pureblood on August 29, 2006, 09:54:00 AM
Post by: Pureblood on August 29, 2006, 02:27:59 PM
Post by: guestolo on August 29, 2006, 10:44:07 PM
Are you the only user on this computer?
Are you full control administrator?
RAM is fairly easy to install
Google the procedure, I can't install it for you on my end
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> You have to get your right memory module and with the computer totally shutdown and unplugged
And possibly the use of an anti-static band
Open the back of the computer and carefully snap the module(s) into place
What point is Disk Cleanup freezing at?
with only that much Ram installed on the computer I would hold off on ZoneAlarm
It can be a resource hog
A hardware firewall is good
If you install SP2 and all other latest high priority updates the XP firewall will be enable by default
Are you planning on install more Ram fairly soon?
Post by: Pureblood on August 29, 2006, 10:55:56 PM
Are you the only user on this computer?
Are you full control administrator?
RAM is fairly easy to install
Google the procedure, I can't install it for you on my end
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> You have to get your right memory module and with the computer totally shutdown and unplugged
And possibly the use of an anti-static band
Open the back of the computer and carefully snap the module(s) into place
What point is Disk Cleanup freezing at?
with only that much Ram installed on the computer I would hold off on ZoneAlarm
It can be a resource hog
A hardware firewall is good
If you install SP2 and all other latest high priority updates the XP firewall will be enable by default
Are you planning on install more Ram fairly soon?[/quote]
My sister uses this computer but we use same name. Yes i am the administrator. Disk clean up freezes while it analzes the drive. Before i can clean anything. I want to install ram before Nov. So yeah probably. Do you think 512mb. would be enough?
Post by: guestolo on August 29, 2006, 11:01:53 PM
If it's Disk Defrag, try in safe mode
Another 512mb would do a great deal on your computer, and it's fairly cheap now too
Post by: Pureblood on August 30, 2006, 02:27:59 PM
Post by: Pureblood on August 30, 2006, 09:14:25 PM
Post by: guestolo on August 30, 2006, 09:32:08 PM
Quote
If i get more ram would i have to take out the old? I read somewhere that you can't mismatch the ram. I definitly want to upgrade.
That's is definitely not always the case, you can add to existing memory in most cases
Post by: Pureblood on August 31, 2006, 06:19:06 AM
Post by: guestolo on August 31, 2006, 08:25:47 AM
ONLY install one
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")
Ensure it is up to date and run a full system scan
I would also
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
You can help determine what RAM you must purchase by using the following link
http://www.memoryx.com/ (http://\"http://www.memoryx.com/\")
Just manually search for it, you don't need to install the tool
Or the store you buy it from should be able to help you out
Let them know make and model of computer
I assume you uninstalled Earthlink total access, right?
Post by: Pureblood on August 31, 2006, 03:37:18 PM
Post by: guestolo on August 31, 2006, 07:46:43 PM
Up to you however
Post by: Pureblood on August 31, 2006, 07:51:22 PM
Post by: guestolo on September 02, 2006, 07:58:31 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />