Post by: StormieK on May 06, 2007, 08:35:19 AM
Hope you're doing well, it's been awhile since I was here:)
My computer has run nearly non stop since right after the last time I was here. I've run every program to rid the computer of junk you've told me about and still... the modem runs almost constantly. When I use the 'clean up' tool it shows things like 'spacer 1 2 or 3', click count (which I can't get rid of and that's never been a problem before), adtargetingparams, showgutsads, adtablastviewed, cplparamlist, and paramlist. I don't know how to post an attachment or I'd copy it and show you. Anyway, I restart the computer and they're gone...until I open my outlook express or ANY website.......grrrrrrrrrrrr!!!
Enough talk....my HJT below and THANK YOU! Stormie
Logfile of HijackThis v1.99.1
Scan saved at 7:22:09 AM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Post by: guestolo on May 06, 2007, 10:35:37 AM
Quote
When I use the 'clean up' tool it shows things like 'spacer 1 2 or 3', click count (which I can't get rid of and that's never been a problem before), adtargetingparams, showgutsads, adtablastviewed, cplparamlist, and paramlist. I don't know how to post an attachment or I'd copy it and show you.They sound like cookie issues, I see you never did my recommendation earlier and remove all of Symantec's
Can you try the following
Open CleanUp! again, Click on OPTIONS>>Put a tick in "Write a log file">>OK it and run CleanUP!
The log by default I believe saves to your user profile app. data folder
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Navigate to the following folder
C:\Documents and Settings\<User name>\Application Data
find the CleanUp! log and post the contents
Post by: StormieK on May 06, 2007, 11:23:37 AM
I can't tick "Write a log file" as I don't have any options that say that...under any of the tabs.
Stormie
Post by: guestolo on May 06, 2007, 11:30:47 AM
Can you access your add/remove programs and remove your version
Then you can grab a copy of the newest version from here
http://www.stevengould.org/downloads/cleanup/CleanUp452.exe (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp452.exe\")
Install it then follow the instructions
Be sure to just use the Standard cleanup
Post by: StormieK on May 06, 2007, 11:46:40 AM
CleanUp! started on 05/06/07 10:40:56.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\adtablastviewed[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\showgutsads[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[3].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\adtargetingparams[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\cplparamlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\ClickCount[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\paramlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\adtablastviewed[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\showgutsads[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[3].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\adtargetingparams[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\cplparamlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\ClickCount[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\paramlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\adtablastviewed[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\showgutsads[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[3].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\adtargetingparams[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\cplparamlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\ClickCount[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\paramlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\adtablastviewed[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\showgutsads[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[3].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\adtargetingparams[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\cplparamlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\ClickCount[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\paramlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012007050620070507\index.dat
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\MSHist012007050620070507\C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD626.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFD626.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml.old
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5123M56P\adtablastviewed[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5123M56P\showgutsads[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5123M56P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5123M56P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5123M56P\spacer[3].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\6SE6AW0P\adtargetingparams[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\6SE6AW0P\cplparamlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\6SE6AW0P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\6SE6AW0P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\7WC1ZRJW\ClickCount[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\7WC1ZRJW\paramlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\7WC1ZRJW\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\locals~1\tempor~1\Content.IE5\7WC1ZRJW\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DFD626.tmp currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\adtablastviewed[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\showgutsads[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5123M56P\spacer[3].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\adtargetingparams[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\cplparamlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\6SE6AW0P\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\ClickCount[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\paramlist[1].htm currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[1].gif currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7WC1ZRJW\spacer[2].gif currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\CLEANUP.EXE-0ACAE2A3.pf
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 64.5 KB of disk space from 3 files.
CleanUp! finished on 05/06/07 10:40:57.
Post by: guestolo on May 06, 2007, 11:53:36 AM
I'm unsure if this is because of programs such as Weatherbug?
Can you do the following
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: StormieK on May 06, 2007, 12:02:32 PM
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
Agere Systems PCI Soft Modem
Alien Skin Eye Candy 5 Impact
Alien Skin Xenofex 2.0
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Color Cop v5.3
Compaq Connections
Compaq Organize
Easy Internet Sign-up
ewido anti-malware
Eye Candy 4000
Filters Unlimited 2.0.3
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 1.99.1
Homestead SiteBuilder LPX
HP Deskjet 3740
HP Software Update
Intel® Extreme Graphics Driver
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.9.37
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Works
MSN
MSRedist
namesuppressed Plaid Lite
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Paint Shop Pro 7
PC-Doctor for Windows
picture-shark 1.0
Plugin Galaxy 1.0
PS2
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Sonic Express Labeler
Sonic RecordNow!
SPBBC
SpySubtract
SpywareBlaster v3.4
SymNet
The Font Thing
Ulead ArtTexture.Plugin 1.0
Ulead FantasyWarp.Plugin 1.0
Ulead Particle.Plugin 1.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Vizros Plug-ins 4.1
WeatherBug
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Xenofex 1.0
Yaldex Colored ScrollBars 1.2
Post by: guestolo on May 06, 2007, 12:16:37 PM
How attached are you to Weatherbug?
Please see this link
http://fravia.com/weatherbug.htm (http://\"http://fravia.com/weatherbug.htm\")
I would opt to uninstall it, up to you, but if you do, close All browser windows ahead of time and then uninstall it
I'm a bit confused by the uninstall list, I see Symantec's installed on your computer
But McAfee's in your hijackthis log, did you just uninstall McAfee's?
If so, post a fresh hijackthis log
Post by: StormieK on May 06, 2007, 12:30:10 PM
I can't remember exactly what you said in your last post but no, I didn't uninstall anything but Weatherbug just now. As far as I know I still have McAfee.
Post by: guestolo on May 06, 2007, 12:34:50 PM
I think there may be a problem with these 2 and that would definitely cause system slowdowns and conflicts
Which antivirus do you see if your system tray>>by the clock?
Can you post a fresh hijackthis log please, I just want a double check
Also, can you do the following
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
ALLOW this script to run if prompted by your AntiVirus
Post by: StormieK on May 06, 2007, 12:48:54 PM
I have a little M in the tray that say McAfee Security Center.
Installed Programs Report;
INSTALLED SOFTWARE (238) - STORMIE - 5/6/2007 11:40:50 AM
Ad-Aware SE Personal Ver: 1.06
Adobe Flash Player 9 ActiveX Ver: 9
Adobe Photoshop Album 2.0 Starter Edition Ver: 2.00.100 Installed: 9/3/2005
Adobe Reader 7.0.9 Ver: 7.0.9 Installed: 1/15/2007
Agere Systems PCI Soft Modem
Alien Skin Eye Candy 5 Impact
Alien Skin Xenofex 2.0
AVG Anti-Spyware 7.5
BufferChm Ver: 60.0.155.000 Installed: 3/19/2007
CameraDrivers Ver: 6.0.0.204 Installed: 3/19/2007
CameraUserGuides Ver: 6.0.0.204 Installed: 3/19/2007
CleanUp!
Color Cop v5.3
Compaq Connections
Compaq Organize
CP_AtenaShokunin1Config Ver: 60.0.155.000 Installed: 3/19/2007
CP_CalendarTemplates1 Ver: 60.0.155.000 Installed: 3/19/2007
cp_OnlineProjectsConfig Ver: 60.0.155.000 Installed: 3/19/2007
CP_Package_Basic1 Ver: 60.0.155.000 Installed: 3/19/2007
CP_Panorama1Config Ver: 60.0.155.000 Installed: 3/19/2007
cp_PosterPrintConfig Ver: 60.0.155.000 Installed: 3/19/2007
CueTour Ver: 60.0.155.000 Installed: 3/19/2007
Destinations Ver: 60.0.155.000 Installed: 3/19/2007
DeviceFunctionQFolder Ver: 1.00.0000 Installed: 3/19/2007
DeviceManagementQFolder Ver: 1.00.0000 Installed: 3/19/2007
Easy Internet Sign-up Ver: FE UI-3.1.0.1288 Installed: 1/28/2005
Easy Internet Sign-up Ver: FE UI-3.1.0.1288 Installed: 1/28/2005
eSupportQFolder Ver: 1.00.0000 Installed: 3/19/2007
Eye Candy 4000
Filters Unlimited 2.0.3
FullDPAppQFolder Ver: 1.00.0000 Installed: 3/19/2007
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 1.99.1 Ver: 1.99.1
Homestead SiteBuilder LPX
Hotfix for Windows Media Format 11 SDK (KB929399) Installed: 3/15/2007
Hotfix for Windows XP (KB914440) Ver: 12 Installed: 12/7/2006
Hotfix for Windows XP (KB915865) Ver: 10 Installed: 12/7/2006
Hotfix for Windows XP (KB918766) Ver: 2 Installed: 11/16/2006
Hotfix for Windows XP (KB926239) Ver: 2 Installed: 12/15/2006
HP Deskjet 3740 Ver: 1.00.0000 Installed: 5/7/2005
HP Imaging Device Functions 6.0 Ver: 6.0
HP Photosmart Cameras 6.0 Ver: 6.0
HP Photosmart Premier Software 6.0 Ver: 6.0
HP Software Update Ver: 3.0.6.003 Installed: 3/19/2007
HP Solution Center and Imaging Support Tools 6.0 Ver: 6.0
hpiCamDrvQFolder Ver: 6.0.0 Installed: 3/19/2007
HPProductAssistant Ver: 60.0.155.000 Installed: 3/19/2007
HpSdpAppCoreApp Ver: 3.00.0000 Installed: 1/28/2005
InstantShareDevices Ver: 60.0.155.000 Installed: 3/19/2007
Intel® Extreme Graphics Driver
InterVideo WinDVD Player Ver: 5.0-B11.668
iTunes Ver: 6.0.4.2 Installed: 4/14/2006
iTunes Ver: 6.0.4.2 Installed: 4/14/2006
J2SE Runtime Environment 5.0 Update 10 Ver: 1.5.0.100 Installed: 12/28/2006
J2SE Runtime Environment 5.0 Update 11 Ver: 1.5.0.110 Installed: 3/1/2007
J2SE Runtime Environment 5.0 Update 2 Ver: 1.5.0.20 Installed: 4/25/2005
J2SE Runtime Environment 5.0 Update 4 Ver: 1.5.0.40 Installed: 7/29/2005
J2SE Runtime Environment 5.0 Update 6 Ver: 1.5.0.60 Installed: 12/29/2005
J2SE Runtime Environment 5.0 Update 9 Ver: 1.5.0.90 Installed: 10/29/2006
Jasc Animation Shop 3 Ver: 3.11 Installed: 8/3/2006
Jasc Paint Shop Pro 9 Ver: 9.01.0000 Installed: 7/5/2006
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java 2 Runtime Environment, SE v1.4.2_03 Ver: 1.4.2_03 Installed: 1/28/2005
Java(tm) SE Runtime Environment 6 Update 1 Ver: 1.6.0.10 Installed: 5/3/2007
LimeWire 4.12.6 Ver: 4.12.6
LiveUpdate 2.6 (Symantec Corporation) Ver: 2.6.14.0
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 4/28/2005
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP Ver: 1 Installed: 12/15/2006
Microsoft Internationalized Domain Names Mitigation APIs Installed: 12/7/2006
Microsoft National Language Support Downlevel APIs Installed: 12/7/2006
Microsoft Office Standard Edition 2003 Ver: 11.0.7969.0 Installed: 4/11/2007
Microsoft Plus! Digital Media Edition Installer Ver: 1.1.0.3500 Installed: 1/28/2005
Microsoft Plus! Photo Story 2 LE Ver: 1.1.0.3463 Installed: 1/28/2005
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) Ver: 8.00.761 Installed: 11/26/2005
Microsoft User-Mode Driver Framework Feature Pack 1.0 Installed: 12/15/2006
Microsoft Works Ver: 08.04.0623 Installed: 1/28/2005
MSN
MSN Messenger 7.5 Ver: 7.5.0324.0 Installed: 3/10/2006
MSXML 4.0 SP2 (KB925672) Ver: 4.20.9839.0 Installed: 10/14/2006
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 11/17/2006
namesuppressed Plaid Lite Installed: 8/24/2005
Norton Security Center Ver: 2005.1.0.111 Installed: 1/28/2005
PanoStandAlone Ver: 60.0.155.000 Installed: 3/19/2007
PC-Doctor for Windows Ver: 1.06.002 Installed: 1/28/2005
PC-Doctor for Windows Ver: 1.06.002 Installed: 1/28/2005
PhotoGallery Ver: 60.0.155.000 Installed: 3/19/2007
picture-shark 1.0
Plugin Galaxy 1.0
PS2
QuickTime Ver: 7.0.4 Installed: 4/14/2006
QuickTime Ver: 7.0.4 Installed: 4/14/2006
RandMap Ver: 60.0.155.000 Installed: 3/19/2007
RealPlayer
Security Update for Step By Step Interactive Training (KB898458) Ver: 20050502.101010 Installed: 6/15/2005
Security Update for Step By Step Interactive Training (KB923723) Ver: 20050502.101010 Installed: 2/16/2007
Security Update for Windows Media Player (KB911564) Installed: 2/15/2006
Security Update for Windows Media Player 10 (KB911565) Installed: 2/15/2006
Security Update for Windows Media Player 10 (KB917734) Installed: 6/14/2006
Security Update for Windows Media Player 6.4 (KB925398) Installed: 12/16/2006
Security Update for Windows XP (KB883939) Ver: 1 Installed: 6/15/2005
Security Update for Windows XP (KB890046) Ver: 1 Installed: 6/15/2005
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/10/2005
Security Update for Windows XP (KB896358) Ver: 1 Installed: 6/15/2005
Security Update for Windows XP (KB896422) Ver: 1 Installed: 6/15/2005
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/10/2005
Security Update for Windows XP (KB896424) Ver: 1 Installed: 11/8/2005
Security Update for Windows XP (KB896428) Ver: 1 Installed: 6/15/2005
Security Update for Windows XP (KB896688) Ver: 1 Installed: 10/13/2005
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/10/2005
Security Update for Windows XP (KB899588) Ver: 1 Installed: 8/10/2005
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/10/2005
Security Update for Windows XP (KB900725) Ver: 1 Installed: 10/13/2005
Security Update for Windows XP (KB901017) Ver: 1 Installed: 10/13/2005
Security Update for Windows XP (KB901214) Ver: 1 Installed: 7/14/2005
Security Update for Windows XP (KB902400) Ver: 1 Installed: 10/13/2005
Security Update for Windows XP (KB903235) Ver: 1 Installed: 7/14/2005
Security Update for Windows XP (KB904706) Ver: 1 Installed: 10/13/2005
Security Update for Windows XP (KB905414) Ver: 1 Installed: 10/13/2005
Security Update for Windows XP (KB905749) Ver: 1 Installed: 10/13/2005
Security Update for Windows XP (KB905915) Ver: 1 Installed: 12/15/2005
Security Update for Windows XP (KB908519) Ver: 1 Installed: 1/11/2006
Security Update for Windows XP (KB908531) Ver: 1 Installed: 4/20/2006
Security Update for Windows XP (KB911280) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 4/20/2006
Security Update for Windows XP (KB911567) Ver: 1 Installed: 4/20/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 2/15/2006
Security Update for Windows XP (KB912812) Ver: 1 Installed: 4/20/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 1/6/2006
Security Update for Windows XP (KB913446) Ver: 1 Installed: 2/16/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 5/11/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 7/13/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB916281) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 7/13/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 8/13/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB918118) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB918439) Ver: 1 Installed: 6/14/2006
Security Update for Windows XP (KB918899) Ver: 1 Installed: 8/13/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 9/14/2006
Security Update for Windows XP (KB920213) Ver: 1 Installed: 12/7/2006
Security Update for Windows XP (KB920214) Ver: 1 Installed: 8/13/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 8/13/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 8/13/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 9/14/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 8/13/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 8/9/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 8/13/2006
Security Update for Windows XP (KB922760) Ver: 1 Installed: 11/17/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB923694) Ver: 1 Installed: 12/16/2006
Security Update for Windows XP (KB923980) Ver: 1 Installed: 11/17/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB924270) Ver: 1 Installed: 11/17/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 10/12/2006
Security Update for Windows XP (KB924667) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB925454) Ver: 1 Installed: 12/16/2006
Security Update for Windows XP (KB925486) Ver: 1 Installed: 9/28/2006
Security Update for Windows XP (KB925902) Ver: 1 Installed: 4/5/2007
Security Update for Windows XP (KB926255) Ver: 1 Installed: 12/16/2006
Security Update for Windows XP (KB926436) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB927779) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB927802) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928090) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928255) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB928843) Ver: 1 Installed: 2/16/2007
Security Update for Windows XP (KB929969) Ver: 1 Installed: 1/13/2007
Security Update for Windows XP (KB930178) Ver: 1 Installed: 4/11/2007
Security Update for Windows XP (KB931261) Ver: 1 Installed: 4/11/2007
Security Update for Windows XP (KB931784) Ver: 1 Installed: 4/11/2007
Security Update for Windows XP (KB932168) Ver: 1 Installed: 4/11/2007
SkinsHP1 Ver: 60.0.155.000 Installed: 3/19/2007
SolutionCenter Ver: 60.0.155.000 Installed: 3/19/2007
Sonic Express Labeler Ver: 1.0.0 Installed: 1/28/2005
Sonic RecordNow! Ver: 7.22 Installed: 1/28/2005
Sonic_PrimoSDK Ver: 60.0.155.000 Installed: 3/19/2007
Spybot - Search & Destroy 1.4 Ver: 1.4
SpywareBlaster v3.5.1 Ver: 3.5.1
Status Ver: 60.0.155.000 Installed: 3/19/2007
The Font Thing
TrayApp Ver: 60.0.155.000 Installed: 3/19/2007
TrueSwitch Wizard Suddenlink
Ulead ArtTexture.Plugin 1.0
Ulead FantasyWarp.Plugin 1.0
Ulead Particle.Plugin 1.0
Unload Ver: 6.1.0 Installed: 3/19/2007
Update for Windows XP (KB894391) Ver: 1 Installed: 8/10/2005
Update for Windows XP (KB896727) Ver: 1 Installed: 8/10/2005
Update for Windows XP (KB898461) Ver: 1 Installed: 6/29/2005
Update for Windows XP (KB900485) Ver: 2 Installed: 4/27/2006
Update for Windows XP (KB904942) Ver: 2 Installed: 12/7/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 12/15/2005
Update for Windows XP (KB916595) Ver: 1 Installed: 7/13/2006
Update for Windows XP (KB920872) Ver: 1 Installed: 9/14/2006
Update for Windows XP (KB922582) Ver: 1 Installed: 9/14/2006
Update for Windows XP (KB929338) Ver: 1 Installed: 3/15/2007
Update for Windows XP (KB931836) Ver: 1 Installed: 2/16/2007
Vizros Plug-ins 4.1
WebFldrs XP Ver: 9.50.7523 Installed: 10/14/2004
WebReg Ver: 60.0.155.000 Installed: 3/19/2007
Windows Genuine Advantage Notifications (KB905474) Ver: 1.7.0018.5 Installed: 7/2/2006
Windows Genuine Advantage v1.3.0254.0 Ver: 1.3.0254.0 Installed: 7/27/2005
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Format 11 runtime
Windows Media Format 11 runtime Installed: 12/15/2006
Windows Media Player 11
Windows Media Player 11 Installed: 12/15/2006
Windows XP Hotfix - KB873333 Ver: 20050114.005213
Windows XP Hotfix - KB873339 Ver: 20041117.092459
Windows XP Hotfix - KB883667 Ver: 20040812.104354
Windows XP Hotfix - KB885250 Ver: 20050118.202711
Windows XP Hotfix - KB885835 Ver: 20041027.181713
Windows XP Hotfix - KB885836 Ver: 20041028.173203
Windows XP Hotfix - KB886185 Ver: 20041021.090540
Windows XP Hotfix - KB887472 Ver: 20041014.162858
Windows XP Hotfix - KB887742 Ver: 20041103.095002
Windows XP Hotfix - KB888113 Ver: 20041116.131036
Windows XP Hotfix - KB888239 Ver: 20041124.162528
Windows XP Hotfix - KB888302 Ver: 20041207.111426
Windows XP Hotfix - KB890175 Ver: 20041201.233338
Windows XP Hotfix - KB890859 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB890923 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB891781 Ver: 20050110.165439
Windows XP Hotfix - KB893066 Ver: 1 Installed: 4/17/2005
Windows XP Hotfix - KB893086 Ver: 1 Installed: 4/17/2005
WinRAR archiver
WinZip Ver: 9.0 SR-1 (6224)
Xara X1 Ver: 1.00.0000
Xenofex 1.0
I don't know what some of these programs are...I didn't install them on purpose!?!?!?
HJT Log;
Logfile of HijackThis v1.99.1
Scan saved at 11:47:02 AM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Post by: guestolo on May 06, 2007, 01:04:45 PM
Did you actually run it or did you post an old log?
I see you mentioned it was an old log
Close down all browser windows before doing the following
Can you access your add/remove programs and remove all older versions of Java
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
You can leave this one installed
Java�„� SE Runtime Environment 6 Update 1
I'm concerned that Norton's didn't uninstall properly
In add/remove programs remove
Norton Security Center
Reboot the computer
Back in Windows
Let's make sure Norton's is totally gone
Go to the following link and do Step 2
http://service1.symantec.com/SUPPORT/tsgen...005033108162039 (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039\")?
If the computer doesn't reboot, reboot manually afterwards
Come back here and post a fresh hijackthis log
Also, for the list from InstalledPrograms.vbs
Which programs are you unsure about that you don't recognize?
Post by: StormieK on May 06, 2007, 01:11:54 PM
Post by: guestolo on May 06, 2007, 01:13:37 PM
Just carry on with my last set of instructions please
Post by: StormieK on May 06, 2007, 01:57:38 PM
Logfile of HijackThis v1.99.1
Scan saved at 12:50:55 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Post by: guestolo on May 06, 2007, 02:07:37 PM
Quote
I don't know what CueTour or PanoStandAlone are.I believe they are both related to HP software
In Internet Explorer>>Can you select TOOLS>>Do you see "Uninstall BitDefender"
If so you can remove it
Let me know if it was found
How are things running now?
Post by: StormieK on May 06, 2007, 02:21:09 PM
Thanks for the info on the other...
When I open a window the screen flashes at times. My modem is still running but is does take a break now and then. Seems to be running a little bit faster, not much though.
Post by: guestolo on May 06, 2007, 03:06:52 PM
Under the process tab, what is using most of CPU
What is System Idle process at?
Post by: StormieK on May 06, 2007, 05:55:43 PM
Post by: StormieK on May 06, 2007, 07:08:47 PM
Right now the modem is running but all CPU's are at 00. The System Idle Process is at 99. When I opened Internet Explorer a pop-up said it wasn't my default browser. That's never happened before. As far as I know it's the only browser I have.
Stormie
Post by: guestolo on May 06, 2007, 09:30:41 PM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Everything sounds normal now
Are you still experiencing problems to this point, if so, we can try some other steps
EDIT>>Could you also do the following, just for a double check
If you still have an old version of Combofix>>DELETE IT
Then do the following
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
Post by: StormieK on May 07, 2007, 10:32:33 AM
"Compaq_Owner" - 2007-05-07 9:20:21 Service Pack 2
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-04-07 to 2007-05-07 ))))))))))))))))))))))))))))))))))
2007-04-19 20:51 <DIR> d-------- C:\Program Files\TrueSwitchSuddenlink
2007-04-19 20:51 <DIR> d-------- C:\Program Files\TrueSwitch
2007-04-19 20:51 <DIR> d-------- C:\Program Files\TrueAssistant
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-06 18:43:17 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-06 17:23:43 -------- d-----w C:\Program Files\AWS
2007-05-03 18:46:39 -------- d-----w C:\Program Files\Sonic RecordNow!
2007-04-30 02:15:48 -------- d-----w C:\Program Files\SpywareBlaster
2007-04-05 02:45:25 -------- d-----w C:\Program Files\Color Dip
2007-03-29 03:48:22 -------- d-----w C:\Program Files\The Font Thing
2007-03-20 02:20:10 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1.\HP
2007-03-20 02:16:32 90,682 ----a-w C:\WINDOWS\hpiins01.dat
2007-03-20 02:13:58 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-03-20 02:13:11 -------- d-----w C:\Program Files\Common Files\HP
2007-03-20 02:11:59 -------- d-----w C:\Program Files\Hewlett-Packard
2007-03-20 02:10:16 -------- d-----w C:\Program Files\HP
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar4.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0
Security Packages kerberosmsv1_0schannelwdigest
Notification Packages scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter
LocalService AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunchTermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
WudfServiceGroup WUDFSvc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{552f2522-af95-11d9-97c1-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
Shell\AutoRun\command D:\setup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (STORMIE-Compaq_Owner).job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-05-07 09:25:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 2007-05-07 9:26:42
C:\ComboFix-quarantined-files.txt ... 2007-05-07 09:26
C:\ComboFix2.txt ... 2007-01-20 12:07
Post by: guestolo on May 07, 2007, 11:22:40 PM
Find and delete these 2 folders
C:\Program Files\AWS <- this folder
C:\Program Files\Common Files\Symantec Shared <-this folder
Right click an empty spot on the desktop and select NEW>>FOLDER
Call it BACKUP
Navigate to this "STARTUP" folder by doing the following
Open MyComputer>>Local Disk C:.>All Users>>Start Menu>>Programs>>STARTUP
Right click on each of the following and select CUT
reader_sl.exe
Compaq Connections.exe
hpqtra08.exe
hpqthb08.exe
Paste them too the BACKUP folder on desktop
DO NOT choose COPY, we actually want to remove the Shortcuts from the Startup folder and move them too the backup folder as backups, but not let them run on startup
Afterwards
Access your add/remove programs and close all browser windows and remove Google Toolbar
You can reinstall it later, this is for troubleshooting steps
Afterwards
Let's disable the Java Updater
Open the Java icon in the Windows Control panel
Under the Updater tab, UNCHECK>>"Automatically check for new....."
Select NEVER at the prompt
Exit Java
Afterwards
You have some items that may not need to run on startup, besides what we disabled
Go to START>>RUN>>type in msconfig
Hit OK
Under the STARTUP tab
UNCHECK the following so we can disable them from running on startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Hit APPLY>>CLOSE
DO NOT Restart the computer yet
I want to uninstall a piece of software, however good it is, but let's make sure it is not interrupting
Access add/remove programs again and remove the following
AVG-AntiSpyware
Afterwards, reboot the computer
Come back here and post a fresh hijackthis log, let me know how things are running
Post by: StormieK on May 08, 2007, 05:43:51 PM
Post by: guestolo on May 08, 2007, 05:48:30 PM
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Let me try this again
MyComputer>>Local Disk C:.>Documents and Settings>>All Users>>Start Menu>>Programs>>STARTUP
Post by: StormieK on May 08, 2007, 06:39:48 PM
reader_sl.exe
Compaq Connections.exe
hpqtra08.exe
hpqthb08.exe
Be these four things;
Adobe Reader Speed Launch
Compaq Connections w/o the .exe
HP Digital Imaging Montor
HP Photosmart Premier Fast Start
Also a hidden file called desktop.ini
Post by: guestolo on May 08, 2007, 06:59:11 PM
Quote
reader_sl.exe
Compaq Connections.exe
hpqtra08.exe
hpqthb08.exe
Be these four things;
Adobe Reader Speed Launch
Compaq Connections w/o the .exe
HP Digital Imaging Montor
HP Photosmart Premier Fast Start
Yes they would be
Quote
Also a hidden file called desktop.iniDon't worry about desktop.ini
Actually, you can Reset Windows to Hide hidden files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click OK.
Post by: StormieK on May 08, 2007, 09:00:00 PM
The modem is still running but it's taking breaks...off and on, off and on. Web pages are fast but opening folders are very slow.
HJT log;
Logfile of HijackThis v1.99.1
Scan saved at 7:52:52 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (http://\"http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Post by: guestolo on May 08, 2007, 09:37:46 PM
Quote
I did the same thing last night after the last thing you told me to do and I rebooted.What steps was that, can you let me know please
Also, are you sure that you downloaded the uninstall utility from Norton's and ran it?
Post by: StormieK on May 08, 2007, 10:27:33 PM
Do a "System scan only" with Hijackthis and put a check next to these entries:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Everything sounds normal now
Are you still experiencing problems to this point, if so, we can try some other steps
EDIT>>Could you also do the following, just for a double check
If you still have an old version of Combofix>>DELETE IT
Then do the following
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
About Nortons...I followed the link you gave me to completely uninstall it from my computer.
Post by: guestolo on May 09, 2007, 08:47:53 AM
But can you try the following
Go to START>>RUN>>Type in sfc /scannow
Hit OK
System file checker should run
You may be prompted for your XP CD
Let it run and let me know if any files need replaced please
Note: It may be a McAfee problem, how long have you had it installed?
Is it still a live subscription?
Can you try a Clean boot and see if the problems are rectified
http://support.microsoft.com/kb/310353 (http://\"http://support.microsoft.com/kb/310353\")
Post by: StormieK on May 09, 2007, 07:01:48 PM
McAfee is still good until next month I believe. I installed it about a year ago. Norton came with my computer. But it's gone now.
The computer has never done this before but I don't think It was anything you asked me to do. Oh and it wasn't slow it just wouldn't come on...just the Compac screen would come up. I kept having to turn it off and finally after I left it off for about an hour I turned it on again and it booted up.
Ok, I'll go do what you said and be back asap. One more thing...the modem only when I log into OE and web pages...like here or anywhere really but it has slowed down running some.
Post by: StormieK on May 09, 2007, 08:12:51 PM
Post by: guestolo on May 09, 2007, 09:10:04 PM
Can we now try McAfee's,
Again, troubleshooting is hit and miss
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' /> Can you do the following
Access your add/remove programs and remove all remnants of McAfee's
Reboot the computer
AFterwards, ensure that Windows firewall is enabled in the Windows Control Panel
Back in Windows
If you suspect that you had any problems removing McAfee's
Or this may be a good move anyways
Download and run the McAfee Consumer Products Removal tool (MCPR.exe).
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.
- McAfee Security Center
- McAfee VirusScan
- McAfee Personal Firewall Plus
- McAfee Privacy Service
- McAfee SpamKiller
- McAfee Wireless Network Security
- McAfee SiteAdvisor
- McAfee Data Backup
- McAfee Network Manager
- McAfee Easy Network
- McAfee AntiSpyware
- Click Save and save the file to any folder on the computer.
- Navigate to the folder where the file is saved.
- Double-click MCPR.exe.
- Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
[color=\"blue\"]Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.[/color]
After the second window appears, the program will begin the cleanup. - Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
- Press Y on the keyboard.
- Wait for the computer to restart.
These McAfee removal instructions can be found at http://ts.mcafeehelp.com/faq3.asp?docid=408302 (http://\"http://ts.mcafeehelp.com/faq3.asp?docid=408302\")
NOTE: I don't want to leave you without Antivirus protection for very long
We can replace mcAfee's with a free alternative if you approve
This will help to trouble shoot your problems
Let me know how things are running afterwards
Post by: StormieK on May 09, 2007, 10:19:25 PM
Webpage pops up faster. It started right up but it's still in the clean boot mode. Modem is still running off and on...more on than off
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> It's good with me to get another antivirus program. I'm a bit nervous about not having one...hope it's user friendly. I'm a graphic designer not a computer person
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on May 09, 2007, 10:23:33 PM
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe (http://\"ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe\")
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, Click Options > Change settings
- Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
- Back at the main window, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found: (http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Post by: StormieK on May 10, 2007, 02:28:32 AM
HJT log; It's very short this time...posted all that was in the report. A few files missing...hummm
Computer running the same.
Logfile of HijackThis v1.99.1
Scan saved at 1:21:16 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
Post by: guestolo on May 10, 2007, 08:05:27 AM
Do a Normal starutp
Reboot the computer
Post a new hijackthis log to ensure there are no leftovers from McAfee's
Did your version of McAfee's have a Firewall?
Post by: StormieK on May 10, 2007, 04:29:12 PM
Logfile of HijackThis v1.99.1
Scan saved at 3:24:08 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
[color=\"#FFC0CB\"]Something I've wondered about...sometimes (it happened when I restarted the computer) a bar will show up like when you click on a link to go to a webpage. There's nothing written on it and it lasts for about 2 seconds and then it's gone. I'm guessing, but almost something just loaded in the background. I'm guessing...[/color]
Post by: StormieK on May 10, 2007, 08:28:48 PM
Post by: guestolo on May 10, 2007, 10:37:10 PM
Let's get AV protection on this computer
First, Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows
Install a new AV
I usually suggest the following
ONLY install one, more than one can cause conflicts
AVG 7 by Grisoft (http://\"http://free.grisoft.com/doc/2/lng/us/tpl/v5\")
OR
Avast Home Edition by ALWIL (http://\"http://www.avast.com/eng/down_home.html\")
OR
Avira AntiVir Personal Edition Classic (http://\"http://www.free-av.com/antivirus/allinonen.html\")
OR
Active Virus Shield (http://\"http://www.activevirusshield.com/antivirus/freeav/index.adp\")
Powered by Kaspersky's>"UNCheck Security toolbar during install"
You may want to try the latter
Active Virus Shield
Supply an email address, download the installer to desktop
While installing, please ensure to UNCHECK the Security toolbar, it's not needed
Also, ensure to copy>>Paste from the email they send you the activation code
After installation, ensure it is updated and run a full system scan
Reboot afterwards
Come back here and post another hijackthis log please
Post by: StormieK on May 11, 2007, 03:00:54 AM
New HJT log;
Logfile of HijackThis v1.99.1
Scan saved at 1:52:05 AM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ (http://\"http://www.yahoo.com/\")
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
AVS Scan...
Scan
----
Scanned: 484990
Detected: 5
Untreated: 0
Start time: 5/10/2007 10:33:05 PM
Duration: 03:03:30
Finish time: 5/11/2007 1:36:35 AM
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Qhost.a File: C:\HJT\backups\backup-20061210-182933-498
deleted: Trojan program Trojan.Win32.StartPage.ags File: C:\WINDOWS\system32\srbndl.exe/UPX/1scenichp.exe/HomePage.exe
deleted: Trojan program Trojan.Win32.StartPage.ame File: C:\WINDOWS\system32\srbndl.exe/UPX/1scenicid.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.bw File: C:\WINDOWS\system32\srbndl.exe/UPX/3scenicwu.exe/UPX
deleted: Trojan program Trojan.Win32.Qhost.a File: C:\WINDOWS\system32\drivers\etc\hosts.msn
Events
------
Time Name Status Reason
---- ---- ------ ------
Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archived Compressed Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ---------- ------------------ ---------
Total 484990 5 5 0 0 8583 589 331 1
Documents 51258 0 0 0 0 38 4 0 0
Mailboxes 2163 0 0 0 0 435 16 0 0
PRESARIO (C:) 379831 5 5 0 0 7393 550 331 1
PRESARIO_RP (D:) 51738 0 0 0 0 717 19 0 0
Settings
--------
Name Value
---- -----
Security Level Recommended
Action Prompt for action when the scan is complete
File types All
Scan new and changed files only No
Scan archives All
Scan embedded OLE objects All
Skip if object is greater than No
Skip if scan takes longer than No
Parse e-mail formats No
Scan password-protected archives No
Enable iChecker technology Yes
Enable iSwift technology Yes
Show detected threats on "Detected" tab Yes
It said it backed up the Trojan...is this the correct thing to do? I tried to delete them and it said 'are you sure you want to do that' so I didn't.
My son said he deleted the movies but I still see the file names in my Windows Media player. I can't find the movies.
Unfortunatly the modem is still running some:(
Post by: guestolo on May 12, 2007, 11:17:15 AM
Quote
My son said he deleted the movies but I still see the file names in my Windows Media playerThe movies are probably gone, you just have to delete them from the Library in WMP itself
We should probably get you a good firewall software
This one is free
http://www.personalfirewall.comodo.com/ (http://\"http://www.personalfirewall.comodo.com/\")
The Windows firewall will control Incoming attacks
but has no control over outgoing protection
Comodo will do both, it will disable the Windows Firewall on installation, let it
Reboot the computer
Back in Windows, let comodo load
If prompted that an application needs to access the NET
Ensure that you trust it, if you do
Allow it and check always allow
If there is something you don't recognize, don't allow it
Let me know about it please
Does your son have is own login username on your computer
If so, can I see a hijackthis log from his account also
In addition, can you open Hijackthis>>Open Misc tools section>>Open HOSTS FILE MANAGER
Click on the OPEN IN NOTEPAD button
Can you COPY>>PASTE back here the whole contents of this log please
Post by: StormieK on May 12, 2007, 08:00:28 PM
Here's the log you asked for...
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 localhost
Post by: guestolo on May 12, 2007, 10:30:20 PM
Are you sure there was nothing below the second
127.0.0.1 localhost
Here's what I want your host file to look like Exactly
Code: [Select]
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhostAnything below the first 127.0.0.1 localhost
Can you highlight it and delete the line in hijackthis>>Misc tools section>>Hosts file manager
Remember, have your host file look exactly as I have in the code box above
What version of Media player are you running?
Open WMP and Maximize the window, do you see the Library?
Or open HELP>>About, let me know what version you have
Post by: StormieK on May 12, 2007, 11:50:00 PM
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
I'm running WMP 11. It's set to check for updates every week so it stays current.
Post by: guestolo on May 13, 2007, 12:28:12 AM
But if you see Tools select it and then click Options
If you don't see Tools
Right click the top menubar and select TOOLS>>Options
Open the Privacy tab
Select Clear History and Clear Caches
If the file may happen to be still on the machine, Open the Library tab
Select Video
Right click on the file and select Delete
Much more info in the Help files in WMP
Under Help menu
Post by: StormieK on May 13, 2007, 10:33:41 AM
This is what poped up when I restarted my computer this morning. Is this ok??? Well, guess I don't know how to add an image in your forum so I'll type it out.
~~~~
Comodo Firewall Pro
Generic Host Process for Win 32 Services is trying to act as a server. What would you like to do?
Details
Application svchost.exe
Remote IP : 192.168.1.101 Port : 1033 - UDP
Parent services.exe
Security Considerations
C:\WINDOWS\system32\WgaTray.exe has tried to use svchost.exe through OLE Automation, which can be used to hijack other applications. WgaTray.exe might be using svchost.exe to connect to the internet.
~~~~
I denyed letting it do this. This doesn't sound good.
Post by: guestolo on May 13, 2007, 10:49:19 AM
Just allow it, then it won't nag you anymore
Are you still liking your new AV?
My personal preference, you decide what you like however
On system startup, it always scans startup objects
You can leave this enabled
Or double click the AV icon by the clock
Select Settings>>Under Scan >>highlight Startup objects
Uncheck>Run on System start
Again, you can leave it running on startup, you will just notice activity for a bit on system start
Take a look at the settings, you may want to run a scheduled scan once a week at least
Highlight MyComputer under Scan>>On the right select Run mode
Select Change>>Have it run Weekly in the dropdown box under Schedule>>Choose the day and time
Select Run task if skipped>>This way it won't prompt you to run the scan, it will run the scan on startup if the computer happens to be shut down
at the scheduled time of scan
Leave the check for updates Automatically selected if you prefer
It will check often to ensure your always updated
Post by: StormieK on May 13, 2007, 12:50:38 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> I set it to scan once a week.Comodo Firewall is something I'm not sure about. I like it but I'll have to get use to it. It pops up and asked me what it wants me to do and I don't know most of the time. I guess. Seems like a good program though and I'm keeping it. Thanks for it too
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Every time I open WMP it asks me if it's ok, I say yes every time. Hummm...My computer modem still runs often but not as much as 5 or 6 days ago.
Do I need to keep all the programs you had me install other than AVS and Comodo. On my desktop I've got Installed Programs, the Saved text for that. Combo fix and the text for that. BACKUP and Dr Webcureit. I'm not sure if we are finished with them yet.
I also noticed that on all my hjt logs there are files missing. Can I get those back? Are they needed?
Post by: guestolo on May 14, 2007, 09:45:40 PM
Go ahead and manually delete
InstalledPrograms.zip and .vbs
Combofix.exe >>Also delete C:\Combofix folder
MCPR.exe
Dr.Web Cureit.exe>>You can also delete the folder it created>>C:\Documents and Settings\Compaq_Owner\DoctorWeb <-this folder
Delete the "Backup" folder from desktop
The modem working as you mentioned may be normal, not sure how much activity you are seeing
Everything appears to be running normal
Just by chance, can you do the following
Download TcpView.zip (http://\"http://download.sysinternals.com/Files/TcpView.zip\")
and unzip it to it's own folder on desktop
Open it's new folder and double click on TCPView.exe>>Allow access thru Comodo
Let this run for a bit, when you see much activity from the modem
Select FILE>>SAVE AS
Give it a name and click Save, it should save to the folder you extracted too
Post the contents here please, I WILL edit your IP address
Post by: StormieK on May 15, 2007, 07:11:20 PM
If you think it's running good then I'll accept that. It didn't use to run at all, sometimes for days it wouldn't come on and now it does anytime a webpage is opened or my OE is opened but also just sitting here. However, it does stop running where when I came to the forum several days ago it did not. It ran almost constantly:(
Here's the Scan....
alg.exe:532 TCP Stormie:1025 Stormie:0 LISTENING
avp.exe:1516 TCP Stormie:1110 Stormie:0 LISTENING
iexplore.exe:3092 UDP Stormie:4722 *:*
lsass.exe:784 UDP Stormie:4500 *:*
lsass.exe:784 UDP Stormie:isakmp *:*
svchost.exe:1000 TCP Stormie:epmap Stormie:0 LISTENING
svchost.exe:1068 UDP Stormie:ntp *:*
svchost.exe:1068 UDP stormie:ntp *:*
svchost.exe:1132 UDP Stormie:1026 *:*
svchost.exe:1248 UDP Stormie:1900 *:*
svchost.exe:1248 UDP stormie:1900 *:*
System:4 TCP Stormie:microsoft-ds Stormie:0 LISTENING
System:4 TCP stormie:netbios-ssn Stormie:0 LISTENING
System:4 UDP Stormie:microsoft-ds *:*
System:4 UDP stormie:netbios-dgm *:*
System:4 UDP stormie:netbios-ns *:*
Post by: guestolo on May 15, 2007, 11:38:59 PM
Right click the MyComputer icon and select Manage
Highlight "Services and Applications"
Double click on "Services"
Double click on "Automatic updates"
Select "DISABLED" from the dropdown menu
APPLY and OK it and then reboot your computer
Let me know how things are running then please
Also: there could be connection between a program you have installed
TrueAssistant
From what I understand, this will synchronize your OE with online Email clients, could this be what needs constant connection?
Quote
It didn't use to run at all, sometimes for days it wouldn't come on and now it does anytime a webpage is opened or my OE is opened but also just sitting here. However, it does stop running where when I came to the forum several days ago it did not. It ran almost constantly:(
Post by: StormieK on May 16, 2007, 12:41:24 AM
About that True Assistant Cox was bought by Suddenlink as you probably know, and when I had to change e-mail addresses all this stuff was downloaded True Assistant, True Switch, and True Suite.. I had to download it so it would change all my Cox information to Suddenlink. I have no idea if I still need it. Would you know?
Post by: guestolo on May 16, 2007, 09:27:32 PM
Here's another forum post about this software
http://www.freedomlist.com/forum/viewtopic.php?t=23424 (http://\"http://www.freedomlist.com/forum/viewtopic.php?t=23424\")
You decide if you need it or not, I would say no
Also, I'm not sure why things really slowed down since you installed Comdo
It runs great on one of my computers
Can you give me some general computer specs please
Right click the MyComputer icon and select properties
What info can you post back about your system
Eg..How much RAM and CPU type
Post by: StormieK on May 16, 2007, 11:28:46 PM
Celeron ® CPU 2.80GHz
2.80 GHz 248 MB of RAM
I'll read the forum tomorrow... Thank you.
Post by: guestolo on May 17, 2007, 10:56:18 PM
That's not near enough Memory installed, appears to have 8mb shared to video
Which could also be improved on
But for the time being, I would concentrate on updating your RAM to at LEAST 512 MB
I had you disable Windows updates earlier as a troubleshooting step, can you ensure it is set back to Automatic
Right click the MyComputer icon and select Manage
Highlight "Services and Applications"
Double click on "Services"
Double click on "Automatic updates"
Select "Automatic" from the dropdown menu
APPLY and OK it
We should disable other entries in your log
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Quote
Checks the internet for updated drivers/utilities for your HP product - update manually. Also disabling will obviously get rid of the more or less common error message: Windows can't shutdown the computer because hpcmpmgr.exe can't be ended Can also be the cause of Windows being Minimized for no reasons.
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Checks for software updates for your HP products, this does not need to run on startup
Let's create a shortcut to it so you can run it manually once a month
Manually navigate to HPWuSchd2.exe
Right click on it and select Send to and the select Desktop (Create Shortcut)
A shortcut will be created on desktop, you can put it in the Backup folder we made earlier
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Do you plan on updating your Memory
It is fairly cheap nowadays, If your unsure how to install it, do you have a friend that can help you with it?
It's fairly straight forward, but if you have never done it before, it may be intimidating
If you don't plan on updating your Memory, We may have to uninstall Comodo
to use a bit less resources, if you do remove it, ensure the Windows firewall gets reenabled
But PLEASE, do NOT remove AVS
You need realtime protection from Anti-Virus software
Also, ensure that you keep SpywareBlaster updated
Post by: StormieK on May 18, 2007, 05:16:23 PM
My son said he would try to add the extra memory but I also have a friend who said he would do it if my son can't. Thank you for the suggestion.
What exactly do I buy? It's a card correct? Does it say it's 512 MB of Ram or is it the difference between 248 MB of Ram and 512 MB of Ram? Is that clear? I mean is it 512 MB of Ram or 264 MB of Ram? Is there one brand better than another? I won't hold you to it if I don't like it:)
There was something I found in my Cleanup! just a minute ago that I saw there a couple of days ago as well. It's called Slide.com and I haven't been to a site called that nor will it come up when typed in the address bar.
One more thing for this message...I left my computer on last night and when I woke it up this morning there was a box in the lower right corner from AVS I believe that said a Win32.Startpage.ags and Win32.Startpage.ame Trogan has been found. Then another box came up that said a Downloader.JavaAgent.C Trogan had been found and both wanted to know what to do sooooo, I click on delete them. Did I do the right thing...is there anything else I need to do? Hope I didn't mess things up.
Post by: guestolo on May 22, 2007, 07:38:34 PM
Quote
Win32.Startpage.ags and Win32.Startpage.ame Trogan has been found
AVS is probably set to rescan Quarantine after update
This is usually set to leave files in Quarantine for 30 days
Is that what's going on?
If you open AVS by double clicking it's icon by the clock
Left click somewhere in the box in "STATISTICS"
Open the Quarantine tab
You can highlight each entry and Delete permanently
That should help
Quote
Downloader.JavaAgent.CIt's ok that you let AVS delete the file
I had you delete older Java versions earlier, you should only have one installed now in add/remove programs
Can you open the Java icon in the Windows Control panel
Under the General tab click on "Settings" under Temporary Internet Files
Click "Delete Files"
click "OK"
Let it clear the files than OK out of Java
I don't really have a preference in RAM, just one that's compatible
You don't have to purchase the Ram from this site below
Just gives you an indication what your looking for
Can you give me the computer make and model?
http://www.memoryx.net/ (http://\"http://www.memoryx.net/\")
Hope that helps
Post by: StormieK on May 28, 2007, 08:07:33 AM
Could you tell me how to access the Windows Control Panel. I thought I knew but guess I don't. Thank you.
I'll go visit the site link as soon as I finish here. Thank you for that. By make and model is this what you need to know? I have a Compaq, Windows XP and purchased it in 2005.
Is it ok to delete the Tcp View file on my desktop and also the Shortcut to SelfUpdate.exe? Two more questions...is it ok to delete the Google Updater in my add/delete programs and still keep my Google Bar? I reinstalled it but it came with this updater and my computers runs almost all the time again. I wanted to donate to you/forum and I know you are in Canada so does the money get to you even though I'm in the USA?
Stormie
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here's the make and model...
Computer Make: Compaq Presario 061
Computer Model: PW506AA-ABA SR1411NX NA520
Computer Version: 0n41411RE101GOVII00
Motherboard Model: Govii
Motherboard Version: 1.03
CPU: Intel Celeron 2.8Ghz
Installed Memory: 2 slots: 256 MB, empty
Matched - Machine: Presario SR1411NX
Matched - Model: http://www.memoryx.net/coprsrme178.html (http://\"http://www.memoryx.net/coprsrme178.html\")
ECC: No
Post by: guestolo on May 30, 2007, 11:12:43 PM
Quote
Could you tell me how to access the Windows Control Panel
START>>CONTROL PANEL>>If your in Category view click on Other Control Panel Options on the left to find Java
At MemoryX link, it indicates your looking for this ram
256MB 184-pin PC2700 2.5V DDR DIMM
You don't have to get it from MemoryX, it's just FYI, so you know what your looking for
You want at Least another 256 mb stick
Go ahead and delete TCPView
Quote
Shortcut to SelfUpdate.exeIf it's just a shortcut, go ahead and delete it
What program is selfupdate related too?
Quote
I wanted to donate to you/forum and I know you are in Canada so does the money get to you even though I'm in the USA?Yes, I receive it, it is only optional
Quote
is it ok to delete the Google Updater in my add/delete programs and still keep my Google Bar?Yes
Read this link
http://www.google.com/support/pack/bin/ans...&topic=8326 (http://\"http://www.google.com/support/pack/bin/answer.py?answer=28074&topic=8326\")
Post by: StormieK on June 04, 2007, 07:38:26 PM
/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> I deleted TCPView. The short cut to SelfUpdater is for HP. Can I delete it as well? Can't remember why now but you had me make one for a later time. I deleted the Google Updater as well. Computer doesn't run alllllll time now...
I guess that's about it. I sure appreciate the time you've taken to help me. You are the best I've seen!
Thank you for everything,
Stormie
Post by: guestolo on June 04, 2007, 09:33:09 PM
Thank you for the donation, it's appreciated
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />If everything else is well I'll lock this topic, just let me know if you have any other questions or close this thread, thanks
Post by: StormieK on June 04, 2007, 10:02:24 PM
Have a great week:)
Stormie
Post by: guestolo on June 09, 2007, 04:16:13 PM
Take care Stormie
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />