Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Roxy

Pages: [1] 2
1
Tech Clinic / To questolo re downloads
« on: January 11, 2006, 12:07:46 AM »
I always forget about the restore points.   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />   Of course...that's a good idea so thanks for reminding me (and I won't forget about that again.)

I don't do the chat rooms anymore.  (I used to sometimes go into aol's av rooms...but that was a few years ago, and I have no need or desire for that anyway.)  But thanks for the heads-up on the malware.

I do feel a bit scared....or maybe "computer-shy" now, so-to-speak.  So I'll try to get over it and just be smarter when it comes to the internet. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

Sounds good on the updates.  That is exactly the tool it was and I'll go take a look at the link you sent.

I'm glad I didn't mess anything up.  And if I do have any probs with the aol, I'll just go back to the restore point that I create...so I won't worry about that either.

Thanks for the response!   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

2
Tech Clinic / To questolo re downloads
« on: January 10, 2006, 06:48:09 PM »
Hey there-
After all the help you gave me getting my computer cleaned up, I wanted to ask you about something before I did it.  (And also tell you something that I already did that I hope won't screw up anything! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> )

First question: as I previously mentioned, when I got this computer 6 months ago, I had problems from the get-go.  Because I knew that there was already a bunch of stuff loaded on this thing that I wanted to get out of here...and because of the memory being eaten up, etc., I never downloaded AOL onto my computer.  (I know some people hate aol, and some love it, but I've been an aol user for years.)

However, because of the problems I never put it on here and have been going to my aol account through IE.  Would it mess up my computer in any possible way if I download aol?  (If so, I'll just continue to go through IE.  If not, then I'll get it on this computer.)

Second question: I went to the windowsupdate page and there were 4 or 5 "high-priority" updates.  I usually download all of the ones that come up on the high-priority list (I don't even check the other one which also gives you recommended and available downloads.)  So...I said yes to all.....but then while downloading it occurred to me that one of them could possibly cause some type of conflict - it's some kind of a scan tool that scans downloads for worms and stuff before you open them...are you familiar?  Do you do manual updates and did you see that one? ......or are your updates set to automatic?

It's downloaded now.  Did I screw up? http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />    I hope not!

When you get a chance to send a reply I'd appreciate it.

Thanks so much.

3
Tech Clinic / Oh Boy do I need help!!!!
« on: January 08, 2006, 10:18:19 AM »
My computer is not just running a bit better, it's running great!  I don't think my computer has ever performed as well since I got it.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

I bought this thing in late July and started having problems the first week.  It was loaded with SO MUCH JUNK that I started trying to delete the stuff because the computer was very sluggish....and started crashing every so often from the get-go.  I should have brought it back but just thought if I got some of the junk, programs and games out of it, it would be fine.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Then, it started getting worse and I started looking for online help, and various scans to find out what was wrong.  I do understand now that some of that stuff I did to try and fix it just made the problem worse!  And probably the fact that I was getting help from several different sources didn't help.  (It is nice, however, to know that programs weren't installing properly so that it wasn't entirely my fault!)  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

Anyway, I did make note of everything that you told me to keep and delete, and will be very religious about doing updates and scans.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sleep.gif\' class=\'bbc_emoticon\' alt=\'-_-\' />

I am thankful that I found this site and got all of the help from you that I did......thank you so much!  And I will most certainly come back here if I encounter any other problems at all....and before I install a bunch of stuff!      http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

questolo, thank you again, and take care!

4
Tech Clinic / Oh Boy do I need help!!!!
« on: January 07, 2006, 08:26:05 PM »
Hello questolo!

Wow....all done with all of that stuff now.  My computer is running great!  So....you didn't ask me to post anymore logs and I'm assuming that you don't need to any then, correct?

If so, here are my questions:

What all should I be getting rid of that I recently installed and what should I keep?

Here is the stuff I have now, that I'm assuming I should keep...but let me know:

AVG for AV software - running all the time
ZA for firewall - running all the time
Spywareblaster -running all the time
Spybot (how often should I run this scan?)
Adaware SE (should I still keep this, and how often should I run this scan?)

I also had TrojanRemover (by Nigel Thomas, I think his name is)...should I keep this (I need to renew the registration # and update it.  I just didn't do it, and decided to wait until we were done to ask you about it.  Should I?)

Then...

How often is ok to run Cleanup!?

And should I keep ewido, CWshredder, MWAV, Jottiscan.....others?

And...is it still ok to use the tools-options to delete temp files, cookies, off-line junk, and history?  I was doing that almost daily but...it didn't seem to help after noticing how many were in there to be deleted with Cleanup!

I'm hoping that is all the questions that I have, but I'll let you know if I remember anything else I wanted to ask you!

Is there anything else I should know about or do to keep this from happening again?  AND....(aside from knowing that there was a lot of adware, and spyware, and that coolwebsearch that was found and deleted before I came here) what was in, or wrong with, my computer??!!  It was a mess!

But I can happily say now that it is running awesome and I thank you for that!  I will definitely be sending a little $ to help support you and this site.  (I know I would come back and use your expertise if I ever had problems again....so you can use all the support you can get to keep this site going!)  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

I look forward to hearing from you to help me finalize all of this by answering the above questions.

5
Tech Clinic / Oh Boy do I need help!!!!
« on: January 07, 2006, 01:29:40 AM »
OK, now I rebooted and ran hijack again.  (And my internet is still fine.)

I can tell you that my computer is running SO much better.  The CPU and RAM are good, the speed is much better (it's not hanging anymore) it's not constantly crashing, and no more crashes from the "P".  

Let me know how the logs look and if there is anything else that I need to do.

And...if everything looks fine now....what the heck was going on?  What all was it that was causing problems?

Also, if there's nothing else to fix (and I'm not trying to jump the gun here or anything) before we're "done" I'd like to ask you just a couple of questions about a couple of the scanning programs.

Thanks!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

**********************************

Logfile of HijackThis v1.99.1
Scan saved at 12:21:03 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

6
Tech Clinic / Oh Boy do I need help!!!!
« on: January 07, 2006, 01:15:53 AM »
OK, done.  But you didn't say whether or not I should reboot or not.  So first is the log after I followed your instructions...but before any reboot.  (Internet's fine so far).

I didn't find all of the folders and files you listed (just 1 of the folders and 2 of the files.)

I'll go back now, reboot, run another hijack this log and post it here.

*****************************************

Logfile of HijackThis v1.99.1
Scan saved at 12:09:49 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

7
Tech Clinic / Oh Boy do I need help!!!!
« on: January 07, 2006, 12:34:29 AM »
Sorry questolo-
Am just now able to do this.  I'm getting ready to go into safe-mode.  I don't know if you're still on here or not, but when I finish I will post it and then I'll check tomorrow for your response (from either tonight or tomorrow when you see it.)

Thanks!

8
Tech Clinic / Oh Boy do I need help!!!!
« on: January 06, 2006, 08:17:39 PM »
Yep, that worked.  Here's the scan using "panda" below.  (It said it found 19.)

I'll now do the 2nd one and come back and post that in a minute.

********************************************************


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "panda" 1/6/2006 7:11:19 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Google\NavClient\1.1\History]
"Panda Platinum free av download"=hex:05,eb,bd,43

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="*panda*"


Done with this one.  It said if found 133.  Below:

*****************************************

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "pav" 1/6/2006 7:15:18 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]
@="HPPAVILIONPROTECT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]
"Content Type"="application/vnd.HPPAVILIONPROTECT.md-launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-launch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-launch]
"Extension"=".HPPAVILIONPROTECT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-test]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\CPC\wallpaper]
"Brand"="PAV"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPD\HardwareDescription]
"PCName"="PAVILION"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPD\HardwareDescription]
"HPTag"="PAVILION"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\DLNG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\DLNG]
"Locale_Key_Path"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\HPOOBE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\HPOOBE]
"PC_Type"="Pavilion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]
"Locale_Key-001"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]
"Locale_Key-002"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"18"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"19"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"22"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"39"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"40"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"43"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"49"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"50"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"51"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000\Control]
"ActiveService"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Enum]
"0"="Root\\LEGACY_PAVPROC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000\Control]
"ActiveService"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Enum]
"0"="Root\\LEGACY_PAVPROC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI]
"Manufacturer"="HP Pavilion 061"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI]
"BS"="HP Pavilion 061     PY029AA-ABA A1129N      MXK5260403 NA570                               0ny1114RE101ALBAC00"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI\BSP]
"HPTag"="HP Pavilion"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI\BSP]
"PCName"="HP PAVILION"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

9
Tech Clinic / Oh Boy do I need help!!!!
« on: January 06, 2006, 07:11:07 PM »
Hi questolo-
I cana't get to that page to download it.  Your link is not working for me, and it doesn't work when I cut and paste it into my browser.  I also tried to just go to the main site, or home page, but it won't let me do that either.  It's nothing with my computer....I can get to other sites.  Just not that one. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

Any other way I can get to it?

10
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 11:15:57 PM »
questolo-
(2nd post....I'm just telling you so that you know there's another one from to read before this one....after your last post.)

I didn't yet take fixcheck that wintasks line.....did you want me to also fixcheck the qttask one again too at the same time?

Also, I went to the Panda software site and I do believe that it was the 2006 version...not 2005.  But I can't remember for sure if it was the Panda Platinum Internet Security, or the Titanium Antivirus & Antispyware.  Does that make a difference for trying to get it out?

I did do a search for *Pand* and it came up with 3 references:
One is a file entitled "Panda Software" and it's in the recycle bin.  (I did go in there to try and see which one it is but all I could get ws that the the product name was "PandaSheild", the filename was PavPrSrv.exe, and the version was 1.3.0.0.  Don't know if that helps or not.

Also, there were two other files:
PANDA.HTM
PANDA.TXT

They are both in C:\WINDOWS\I386\COMPDATA
each one is 1 KB in size.

Do you want me to delete those?

11
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 10:57:42 PM »
Nope, just getting help from you.  That would be too confusing for me!  (And probably screw up my machine rather than fix it, I would think.)

But I noticed that I typed "pttask".....I meant that to be a "q".  I just went back and looked and it's in a prior post of yours to me (#34).  I'll paste it right below:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

You were telling me to uncheck this, but it looks like it's still there in the most recent hijackthis log.

I don't know what version of Panda that I had (HEY!!!  I just typed the cap letter P and my computer didn't crash!!  What do you know!  We're getting there!)  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Anyway, I deleted all of the Panda stuff so I don't know how I'd go back and find that.  It was whatever the trial version is on the website.  So I guess it would be the most recent....2005?....because I just downloaded it this past week.  Are there still traces of it?

I did uninstall wintasks from add/remove, but then I saw it in the hijackthis log.  I almost checked that one too, but I don't want to make ANY moves on my own...only the ones you tell me to make!

I will go fixcheck that one entry and reboot.  And I'll go to the Panda site and see what the download is and post it back here in a few minutes.  Anything else that I should, or need to do?  Or do we need to get this Panda out of here now?

12
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 09:44:54 PM »
I'm back.

I did everything you said.  Comments:

I hope that by typing pavprsrv with smaller case letters is ok because I tried to type it in the upper case and my computer tried to crash.  Even though it was "saved" the run window would go away.  So I did it in lower case (don't know if that worked or not.)

After I uninstalled all the Norton stuff, I had to go in and look for files, and in the "common file" I found a panda file....so I deleted that.

I uninstalled freemeter and speedupmypc.

I ran the regseeker and it came up with 0 items.

When I ran hijackthis again, I see that there in a line in it for "wintasks"...that is part of the LIUtilities.  Should I delete that?

And didn't you already have me delete the "pttask" at boot file (or am I remembering it incorrectly) because that's back in there.

Also, what is that MDM.EXE file?  It's in my tasks manager but it didn't use to be.  Is that something from one of the new things that I have on my computer?

New log below:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:27 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

13
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 08:46:08 PM »
I will certainly do the things that you've instructed.  But when I take out the "Speed up my pc", then my computer will crash all of the way.

One of the reasons I installed it is because of it's "crash recovery".

My computer monitor, several times a day, just all of a sudden would go all white.  Or it would be white with colored stripes on it.  None of the keys worked, ctrl-alt-del didn't work, I'd have to turn the power plug off...and then back on...and then my computer would completely reboot.  So now, with this, the box comes up that keeps it from crashing all the way to that point.

But also, in the past few days I got that thing happening where when I type the cap letter p, the computer tries to crash too.

So hopefully we'll get this fixed or else I'll need to put that back in so I can use the computer for work.

I'll unload/uninstall it now though, and hopefully you'll be able to see anything that it may be hiding.

I am so thankful for your help!!!

I'll be back......

14
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 07:56:29 PM »
SpyBot said that I had nothing.  So nothing changed from the last hijackthis run, but I ran it again and here's my log (I answered your questions in the post directly proceeding this one):


Logfile of HijackThis v1.99.1
Scan saved at 6:53:36 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

15
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 07:30:57 PM »
I've used add/remove to uninstall programs.  And I think a couple of them (like a few of the outlook recovery things, and a couple spyware scanners) had uninstall (or remove) buttons when I went to start/all programs.

I'm telling you....I've had this computer since the end of July...and never had so many problems with a computer!  And I don't need all of the "media" stuff either....any of that I can take off of here?  I only would use stuff for pictures, and CD's/DVD's (for writing or recording music.)  No tv's, or tivo, or movies, etc.

I will do as you instructed and post back.  Yes, I can get to add/remove.  (And the last couple of times I tried to use Spybot, it would usually find a couple of things but then near the end it would freeze and say that something was not able to be accessed because of something or other....?)

But I'll see if it works this time.

And I'll post back with a new log.

Oh....I had Norton Internet Security....it came preinstalled.

16
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 07:00:59 PM »
First the list, then the log below:


Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
ATI Control Panel
ATI Display Driver
AVG Anti-Virus 7.1
CleanUp!
ewido anti-malware
FreeMeter
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 1.99.1
HP Boot Optimizer
hp deskjet 5100
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone for Media Center PC
HP Image Zone Plus 4.8.6
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 4.7
HP Software Update
HP Tunes
HPIZplus450
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
KBD
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
MSN
muvee autoProducer 4.0
muvee autoProducer unPlugged - HPD
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SpeedUpMyPC
Spybot - Search & Destroy 1.3
Trojan Remover 6.4.2
UltraSnap Trial 1.8
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
ZoneAlarm

********************************************


Logfile of HijackThis v1.99.1
Scan saved at 5:59:21 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

17
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 06:50:36 PM »
Done.  And this time when I booted I didn't get that message.  p still tries to crash my computer though.  And the RAM is still running around 80%.

Here's the new hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 5:43:25 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

*****************************************

I see stuff from SpySubtract and Defender in there still....I thought I removed that stuff?  And, I don't know if this makes a difference or not, but I use IE to get to my AOL email....I never loaded my AOL software on here because of the junk loaded on this computer (that I don't use) and all the memory that was being eaten up.  So I have to go through IE all the time.....pull up IE, type AOL email, go to my email, etc.

Just fyi.

18
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 06:12:07 PM »
All three of them report nothing on the scan, but say they are suspicious:

File:  ExMenu.dll  
Status:  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)  
MD5  dc1771f3a59641b0f0bfb774b0730bd1  
Packers detected:  UPX
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing

******************************************

File:  ExPMenu.dll  
Status:  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)  
MD5  640da7a6c1da1d2a525d98c8ff32e46a  
Packers detected:  UPX
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing


*****************************

ExTab.dll  
Status:  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  6363a268deb0a5310904b6041173ce30  
Packers detected:  UPX
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing

**********************************************

Any other files that I should scan?  This is all puzzling, isn't it?  

You know, when I type the cap "p" letter, and the computer tries to crash (and crash recovery "saves" it from crashing all the way) the box says "terminating suspicious processes", but it doesn't say what those suspicious processes are!




And remember that I posted this message that I get on my computer in a previous email:
When I boot up now, I get a "Runner Error" message that says:

Runner filename (updates from HP.exe) lacks a '-' (the app id separator)

19
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 05:54:11 PM »
Will do.  I'll post back when I'm done.

20
Tech Clinic / Oh Boy do I need help!!!!
« on: January 05, 2006, 02:28:15 AM »
Here's the Winpfind log (the cap p crashed the computer again!)  just fyi.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2           10/19/2005 3:01:06 AM       16109567   C:\WINDOWS\LPT$VPN.901
qoologic             10/19/2005 3:01:06 AM       16109567   C:\WINDOWS\LPT$VPN.901
SAHAgent             10/19/2005 3:01:06 AM       16109567   C:\WINDOWS\LPT$VPN.901
UPX!                 1/10/2005 3:17:24 PM        170053     C:\WINDOWS\tsc.exe
PECompact2           10/19/2005 3:01:06 AM       16109567   C:\WINDOWS\VPTNFILE.901
qoologic             10/19/2005 3:01:06 AM       16109567   C:\WINDOWS\VPTNFILE.901
SAHAgent             10/19/2005 3:01:06 AM       16109567   C:\WINDOWS\VPTNFILE.901
UPX!                 2/18/2005 5:40:14 PM        1044560    C:\WINDOWS\vsapi32.dll
aspack               2/18/2005 5:40:14 PM        1044560    C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2                 8/9/2004 10:00:00 PM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
UPX!                 2/26/2005 12:01:40 PM       174080     C:\WINDOWS\SYSTEM32\ExMenu.dll
UPX!                 2/26/2005 12:01:38 PM       113152     C:\WINDOWS\SYSTEM32\ExPMenu.dll
UPX!                 2/26/2005 12:01:40 PM       202240     C:\WINDOWS\SYSTEM32\ExTab.dll
PTech                11/4/2005 4:27:24 PM        534280     C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2           11/10/2005 9:17:18 PM       2368864    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               11/10/2005 9:17:18 PM       2368864    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/10/2004 5:00:00 AM        708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/9/2004 10:00:00 PM        657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack               8/12/2005 12:55:12 PM       278528     C:\WINDOWS\SYSTEM32\trjscan.trb
aspack               8/12/2005 12:55:14 PM       348672     C:\WINDOWS\SYSTEM32\trupd.trb
winsync              8/9/2004 10:00:00 PM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX!                 1/4/2006 3:19:18 PM         749600     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG!                 1/4/2006 3:19:18 PM         749600     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2                 1/4/2006 3:19:18 PM         749600     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack               1/4/2006 3:19:18 PM         749600     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     1/5/2006 12:56:04 AM      S 2048       C:\WINDOWS\bootstat.dat
                     1/4/2006 6:13:32 PM      H  31767      C:\WINDOWS\system32\vsconfig.xml
                     1/5/2006 12:55:50 AM     H  8192       C:\WINDOWS\system32\config\default.LOG
                     1/5/2006 12:56:28 AM     H  1024       C:\WINDOWS\system32\config\SAM.LOG
                     1/5/2006 12:56:08 AM     H  16384      C:\WINDOWS\system32\config\SECURITY.LOG
                     1/5/2006 12:57:58 AM     H  94208      C:\WINDOWS\system32\config\software.LOG
                     1/5/2006 12:56:26 AM     H  962560     C:\WINDOWS\system32\config\system.LOG
                     12/10/2005 8:51:06 AM    H  1024       C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
                     1/5/2006 12:54:30 AM     H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          8/9/2004 10:00:00 PM        68608      C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp.    9/20/2004 9:20:44 AM        16121856   C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          8/9/2004 10:00:00 PM        549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        358400     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        380416     C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation7/27/2004 5:50:48 PM        73728      C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         5/25/2005 12:35:02 PM       49262      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc.           9/23/2004 7:57:40 PM        323072     C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          5/26/2005 5:16:30 AM        174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        68608      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        549888     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        135168     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        80384      C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        155136     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        358400     C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        129536     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        68608      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        618496     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        25600      C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        257024     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        36864      C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        114688     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        155648     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        298496     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        94208      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        148480     C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation          8/9/2004 10:00:00 PM        162304     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Realtek Semiconductor Corp.    9/20/2004 9:20:44 AM        16121856   C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     1/27/2005 8:41:38 PM     HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
                     5/25/2005 12:52:48 PM       1819       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
                     1/4/2006 6:14:10 PM         805        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpeedUpMyPC.lnk
                     5/25/2005 1:17:20 PM        810        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
                     7/22/2005 11:51:22 AM       1870       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
                     12/19/2005 12:24:26 PM      775        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinTasks.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     1/27/2005 12:30:22 PM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
                     5/25/2005 12:59:44 PM       1886       C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
                     1/27/2005 8:41:38 PM     HS 84         C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     1/27/2005 12:30:22 PM    HS 62         C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   SV1    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Trojan Remover
   {52B87208-9CCF-42C9-B88E-069281105805}    = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG7\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover
   {52B87208-9CCF-42C9-B88E-069281105805}    = C:\PROGRA~1\TROJAN~1\Trshlex.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
   Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}    = HP view   : c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
       =    :
   {2318C2B1-4965-11d4-9B18-009027A5CD4F}    = &Google   : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
   ButtonText    = Research   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
   ButtonText    = Messenger   : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP view   : c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = HP view   : c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
   {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google   : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   HPBootOp   "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
   Zone Labs Client   C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
   ISUSPM Startup   C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
   Symantec NetDriver Monitor   C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   LSBWatcher   c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
   ISUSScheduler   "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
   HPDJ Taskbar Utility   C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
   HP Component Manager   "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
   ehTray   C:\WINDOWS\ehome\ehtray.exe
   DeviceDiscovery   C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
   CompleteSecurityUpdate   "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
   Complete Security   "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
   ccApp   "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   AVG7_CC   C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   ctfmon.exe   C:\WINDOWS\system32\ctfmon.exe
   Ashampoo PopUpBlocker   C:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   0
   services   0
   startup   0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   181
   NoCDBurning   0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
    = Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 1/5/2006 1:09:07 AM


********************************************************************************

Here's the new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:21:54 AM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Pages: [1] 2