Oh Boy do I need help!!!!

[guestolo]

I still think the high CPU may be with programs that never got properly unintalled

Can you do the following
Go to START>>RUN>>In the open field
type in msconfig
Click the Launch System Restore button
Click on Create a New Restore point

Name it and click Create
When that's done

Go to START>>RUN>>type in the following and hit OK
sc delete PavPrSrv

I have to assume you had a newer trial version of Norton Internet Security installed
Can you try the following link to uninstall it completely, as it seems Add/REmove programs didn't remove it altogether

Click here
Make sure you reboot afterwards

We may have to deal with Panda's later too

Back to This

I downloaded this "SpeedUpMyPC" thing, which has a crash recovery on it and everytime I try to do something (like order online AV software) as soon as I start typing in my name the crash recovery starts running. It's already done it twice since I've been typing this email. (In other words, something wants to crash my computer so I can't fix it.)

If you didn't pay for this, can I have you Uninstall it please from Add/Remove programs
Or disable it completely, it's refraining us from seeing everything
Also, if you didn't pay for FreeMeter
Remove it too, they may not be malicious, but something is definitely conflicting and we have to narrow it down
Make sure to restart the computer afterwards

Back in Windows,  Can I have you do the following
Download and UNZIP this free registry cleaner
RegSeeker 1.45
http://www.hoverdesk.net/freeware.htm

Before running this
Run a Scan only with hijackthis and fix checked this entry please, with all other windows closed
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe

Open the RegSeeker Folder and double click on RegSeeker.exe
Click on "Clean the registry"  in the left menu
Hit OK
Let it finish scanning and then ensure Backup before deletion is checked

Choose "Select all"
Delete all selected
Reboot your computer again

Post a new hijackthis log, let's see if any bad processes are found

[Roxy]

I will certainly do the things that you've instructed.  But when I take out the "Speed up my pc", then my computer will crash all of the way.

One of the reasons I installed it is because of it's "crash recovery".

My computer monitor, several times a day, just all of a sudden would go all white.  Or it would be white with colored stripes on it.  None of the keys worked, ctrl-alt-del didn't work, I'd have to turn the power plug off...and then back on...and then my computer would completely reboot.  So now, with this, the box comes up that keeps it from crashing all the way to that point.

But also, in the past few days I got that thing happening where when I type the cap letter p, the computer tries to crash too.

So hopefully we'll get this fixed or else I'll need to put that back in so I can use the computer for work.

I'll unload/uninstall it now though, and hopefully you'll be able to see anything that it may be hiding.

I am so thankful for your help!!!

I'll be back......

[Roxy]

I'm back.

I did everything you said.  Comments:

I hope that by typing pavprsrv with smaller case letters is ok because I tried to type it in the upper case and my computer tried to crash.  Even though it was "saved" the run window would go away.  So I did it in lower case (don't know if that worked or not.)

After I uninstalled all the Norton stuff, I had to go in and look for files, and in the "common file" I found a panda file....so I deleted that.

I uninstalled freemeter and speedupmypc.

I ran the regseeker and it came up with 0 items.

When I ran hijackthis again, I see that there in a line in it for "wintasks"...that is part of the LIUtilities.  Should I delete that?

And didn't you already have me delete the "pttask" at boot file (or am I remembering it incorrectly) because that's back in there.

Also, what is that MDM.EXE file?  It's in my tasks manager but it didn't use to be.  Is that something from one of the new things that I have on my computer?

New log below:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:27 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[guestolo]

Don't worry about MDM.exe right now, it's legit,

I did see Wintasks in your add/remove programs earlier, but it's not there now

Recheck add/remove programs and uninstall it from there if found

Then have hijackthis fixchecked this entry with all other windows closed
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe

Reboot your computer

Back in windows, can you let me know what version of Panda's you tried to install
The exact version please
Eg...Panda Platinum 2005

Not sure what you mean by this

And didn't you already have me delete the "pttask" at boot file (or am I remembering it incorrectly) because that's back in there.

Are you receiving help elsewhere also?

[Roxy]

Nope, just getting help from you.  That would be too confusing for me!  (And probably screw up my machine rather than fix it, I would think.)

But I noticed that I typed "pttask".....I meant that to be a "q".  I just went back and looked and it's in a prior post of yours to me (#34).  I'll paste it right below:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

You were telling me to uncheck this, but it looks like it's still there in the most recent hijackthis log.

I don't know what version of Panda that I had (HEY!!!  I just typed the cap letter P and my computer didn't crash!!  What do you know!  We're getting there!)  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Anyway, I deleted all of the Panda stuff so I don't know how I'd go back and find that.  It was whatever the trial version is on the website.  So I guess it would be the most recent....2005?....because I just downloaded it this past week.  Are there still traces of it?

I did uninstall wintasks from add/remove, but then I saw it in the hijackthis log.  I almost checked that one too, but I don't want to make ANY moves on my own...only the ones you tell me to make!

I will go fixcheck that one entry and reboot.  And I'll go to the Panda site and see what the download is and post it back here in a few minutes.  Anything else that I should, or need to do?  Or do we need to get this Panda out of here now?

[Roxy]

questolo-
(2nd post....I'm just telling you so that you know there's another one from to read before this one....after your last post.)

I didn't yet take fixcheck that wintasks line.....did you want me to also fixcheck the qttask one again too at the same time?

Also, I went to the Panda software site and I do believe that it was the 2006 version...not 2005.  But I can't remember for sure if it was the Panda Platinum Internet Security, or the Titanium Antivirus & Antispyware.  Does that make a difference for trying to get it out?

I did do a search for *Pand* and it came up with 3 references:
One is a file entitled "Panda Software" and it's in the recycle bin.  (I did go in there to try and see which one it is but all I could get ws that the the product name was "PandaSheild", the filename was PavPrSrv.exe, and the version was 1.3.0.0.  Don't know if that helps or not.

Also, there were two other files:
PANDA.HTM
PANDA.TXT

They are both in C:\WINDOWS\I386\COMPDATA
each one is 1 KB in size.

Do you want me to delete those?

[guestolo]

Hi again Roxy
I can't find uninstall instructions for version 2006

But can we run a registry fix regardless, see it it helps at all

First, can you do the following
Download:  Registry Search Tool from this link
http://billsway.com/vbspage/

Unzip and double-click "RegSrch.vbs"
Note: if your Antivirus or another program prompts about running a ".vbs" file, allow the script to run

In the open field copy and paste the below in bold then hit OK

panda

Wait for the results and post them back here
Do the same for this next one too please
pav

Don't remove anything out of the registry yet, let me see these first

[Roxy]

Hi questolo-
I cana't get to that page to download it.  Your link is not working for me, and it doesn't work when I cut and paste it into my browser.  I also tried to just go to the main site, or home page, but it won't let me do that either.  It's nothing with my computer....I can get to other sites.  Just not that one. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

Any other way I can get to it?

[guestolo]

It's down for me too

Can you download from below RegSrch.zip
UNZIP the contents so you have RegSrch.vbs extracted, then follow the directions I posted

[Roxy]

Yep, that worked.  Here's the scan using "panda" below.  (It said it found 19.)

I'll now do the 2nd one and come back and post that in a minute.

********************************************************


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "panda" 1/6/2006 7:11:19 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Google\NavClient\1.1\History]
"Panda Platinum free av download"=hex:05,eb,bd,43

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="*panda*"


Done with this one.  It said if found 133.  Below:

*****************************************

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "pav" 1/6/2006 7:15:18 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]
@="HPPAVILIONPROTECT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HPPAVILIONPROTECT]
"Content Type"="application/vnd.HPPAVILIONPROTECT.md-launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell\open]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPAVILIONPROTECT\shell\open\command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-launch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-launch]
"Extension"=".HPPAVILIONPROTECT"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.HPPAVILIONPROTECT.md-test]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\CPC\wallpaper]
"Brand"="PAV"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPD\HardwareDescription]
"PCName"="PAVILION"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\HPD\HardwareDescription]
"HPTag"="PAVILION"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\DLNG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\DLNG]
"Locale_Key_Path"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\HPOOBE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\HPOOBE]
"PC_Type"="Pavilion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]
"Locale_Key-001"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\Locale Key]
"Locale_Key-002"="Software\\HEWLETT-PACKARD\\Pavilion\\Keyboard\\1.0\\HPOOBE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W21]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W2K]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"18"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"19"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"22"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"39"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"40"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"43"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"49"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"50"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"51"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\W98]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"13"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"14"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"15"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"16"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"17"="http://redirect.paviliondownload.com/finance/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"20"="http://redirect.paviliondownload.com/people/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"21"="http://redirect.paviliondownload.com/2.0/chat/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"57"="http://redirect.paviliondownload.com/connect/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"58"="http://redirect.paviliondownload.com/search/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"59"="http://redirect.paviliondownload.com/email/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"60"="http://redirect.paviliondownload.com/2.0/sports/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"61"="http://redirect.paviliondownload.com/entertainment/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\Pavilion\KEYBOARD\1.0\WME]
"63"="http://redirect.paviliondownload.com/shopping/EN_US/index.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]

[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000\Control]
"ActiveService"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc\Enum]
"0"="Root\\LEGACY_PAVPROC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PavProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"Service"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000\Control]
"ActiveService"="PavProc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\Enum]
"0"="Root\\LEGACY_PAVPROC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Disabled:BackWeb for Pavilion"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI]
"Manufacturer"="HP Pavilion 061"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI]
"BS"="HP Pavilion 061     PY029AA-ABA A1129N      MXK5260403 NA570                               0ny1114RE101ALBAC00"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI\BSP]
"HPTag"="HP Pavilion"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Hewlett-Packard\DMI\BSP]
"PCName"="HP PAVILION"

[HKEY_USERS\S-1-5-21-585124988-2935058200-1954285887-1008\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Search Assistant]
"DefaultSearchURL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser"

[guestolo]

Can you again create a New System restore point

Afterwards, Can you download WinsockXP Fix from the following link
http://www.spychecker.com/program/winsockxpfix.html
Save this too your desktop
I don't think you will need it, but I want you too have it just in case

Download from below Clean.zip and unzip the contents to your desktop
So you have Clean.reg extracted

Don't use it yet
RESTART into Safe mode

Double click on clean.reg and allow to add/merge to the registry

Reboot back to Normal mode

Find and delete the following files or folders recommended by Panda's
FOLDERS
 C:\Program Files\Panda Software
C:\Program Files\Common Files\Panda Software or
C:\Program Files\Common Files\Panda Software\PavShld if the previous one can't be deleted.
C:\Program Files\InstallShield Installation Information\{E91563B4-D9EC-11D5-A2BB-00606771B69D}

FILES
 %windir%\system32\drivers\shlddrv.sys
%windir%\system32\drivers\pavproc.sys
%windir%\system32\drivers\pavdrv51.sys
%windir%\system32\drivers\pcontnt.sys
%windir%\system32\drivers\Netflt.sys
%windir%\system32\drivers\cpoint.sys
%windir%\system32\Pavipc.dll
%windir%\system32\SYSTOOLS.dll
%windir%\system32\PavSProt.dll
%windir%\system32\PavSkre.dll

%windir% represents C:\WINDOWS

Let me know how things are running after that
Post back one final hijackthis log

NOTE, if you do happen to lose internet connection after doing the above
Run WinsockXP fix
Run the FIX part of it and reboot when prompted
Only run this tool if you need it please

[Roxy]

Sorry questolo-
Am just now able to do this.  I'm getting ready to go into safe-mode.  I don't know if you're still on here or not, but when I finish I will post it and then I'll check tomorrow for your response (from either tonight or tomorrow when you see it.)

Thanks!

[Roxy]

OK, done.  But you didn't say whether or not I should reboot or not.  So first is the log after I followed your instructions...but before any reboot.  (Internet's fine so far).

I didn't find all of the folders and files you listed (just 1 of the folders and 2 of the files.)

I'll go back now, reboot, run another hijack this log and post it here.

*****************************************

Logfile of HijackThis v1.99.1
Scan saved at 12:09:49 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Roxy]

OK, now I rebooted and ran hijack again.  (And my internet is still fine.)

I can tell you that my computer is running SO much better.  The CPU and RAM are good, the speed is much better (it's not hanging anymore) it's not constantly crashing, and no more crashes from the "P".  

Let me know how the logs look and if there is anything else that I need to do.

And...if everything looks fine now....what the heck was going on?  What all was it that was causing problems?

Also, if there's nothing else to fix (and I'm not trying to jump the gun here or anything) before we're "done" I'd like to ask you just a couple of questions about a couple of the scanning programs.

Thanks!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

**********************************

Logfile of HijackThis v1.99.1
Scan saved at 12:21:03 AM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[guestolo]

I think I may know what you want to ask, please hang onto all programs and files for now
Then ask away after you do the following

If your happy with the way everything is running
I'm not sure what got cleaned out before you posted here, but could you do the following
We should clear all your restore points to ensure you don't restore any nasties that may be residing in the
restore folders
Go to START>>RUN>>In the open field
type in msconfig
Click the Launch System Restore button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"

Apply it and OK out of there>>Reboot your computer

Back in Windows, Go back and take the check out of Turn off system restore
This will reenable the System Restore feature and creates a new restore point

After that is done, one last step
With all the programs you installed lately
It may be wise to run a Disk Defrag on your system,
I like running this in safe mode so minimum is running
Before running it, run that tool you downloaded earlier>>Windows CleanUp!
Then
Go to START>>Programs>>Accessories>>System Tools>>Disk Defragment
Click on the Defragment button
Let this finish, it could take some time if you have not run it for awhile

Return to Normal Windows when it's done

NOTE: After running CleanUp!>>It also clears your prefetch folder
So startup may be a bit slower at first, but it will increase on next bootup

For added protections
You should install this free tool
SpywareBlaster 3.5.1 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"

Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Do that after every update

I'm on my way to bed soon, but that should keep you busy for a bit  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />
I'll talk to you soon

[Roxy]

Hello questolo!

Wow....all done with all of that stuff now.  My computer is running great!  So....you didn't ask me to post anymore logs and I'm assuming that you don't need to any then, correct?

If so, here are my questions:

What all should I be getting rid of that I recently installed and what should I keep?

Here is the stuff I have now, that I'm assuming I should keep...but let me know:

AVG for AV software - running all the time
ZA for firewall - running all the time
Spywareblaster -running all the time
Spybot (how often should I run this scan?)
Adaware SE (should I still keep this, and how often should I run this scan?)

I also had TrojanRemover (by Nigel Thomas, I think his name is)...should I keep this (I need to renew the registration # and update it.  I just didn't do it, and decided to wait until we were done to ask you about it.  Should I?)

Then...

How often is ok to run Cleanup!?

And should I keep ewido, CWshredder, MWAV, Jottiscan.....others?

And...is it still ok to use the tools-options to delete temp files, cookies, off-line junk, and history?  I was doing that almost daily but...it didn't seem to help after noticing how many were in there to be deleted with Cleanup!

I'm hoping that is all the questions that I have, but I'll let you know if I remember anything else I wanted to ask you!

Is there anything else I should know about or do to keep this from happening again?  AND....(aside from knowing that there was a lot of adware, and spyware, and that coolwebsearch that was found and deleted before I came here) what was in, or wrong with, my computer??!!  It was a mess!

But I can happily say now that it is running awesome and I thank you for that!  I will definitely be sending a little $ to help support you and this site.  (I know I would come back and use your expertise if I ever had problems again....so you can use all the support you can get to keep this site going!)  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

I look forward to hearing from you to help me finalize all of this by answering the above questions.

[guestolo]

what was in, or wrong with, my computer??!! It was a mess!

I still believe that with all the Malware removal tools and extra AV's you installed, there was a lot of conflicts
This is a perfect example why a person should only run One AV and One software Firewall on their system

It's not your fault completely, because many wouldnt' install properly
This could of been from malware or interference with other programs you had on your computer

In addition, I'm not very keen on Resource monitors and such
I hate the idea of a piece of software too monitor my resources, when itself must use resources in the meantime

What I would keep
It's optional to keep CleanUp! and Ewido's
I would keep both however,
Run CleanUp! once a week
Run Ewido once a month<<make sure to check for updates before running a scan

Spybot and Ad-Aware SE
Keep them both, check for updates every couple of weeks and run scans if an update is present
Make sure to Immunize with Spybot
Update both beforehand
SpywareBlaster, again, hold onto this please and update and enable as instructed earlier

TrojanRemover, I've never used it myself
If you didn't pay for it, you may opt to remove it

Manually delete CWshredder, WinsockXP Fix, RegSrch.vbs, MWAV, Jottiscan results, WPFind.zip and the WPFind folder
Hijackthis>>Hold onto it for a couple of weeks, if everything is still running smooth
Remove Hijackthis 1.99.1 from add/remove programs and then manually delete C:\HJT <-this folder
RegSeeker, another tool you may want to hang onto, if you don't want it please manually delete it

If you still have Windows set to show hidden files and folder, you can go back and rehide them

And...is it still ok to use the tools-options to delete temp files, cookies, off-line junk, and history? I was doing that almost daily but...it didn't seem to help after noticing how many were in there to be deleted with Cleanup!

Yes,that's ok, but I would still hold onto CleanUp! and run once in awhile  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

AVG for AV software - running all the time
ZA for firewall - running all the time

Don't go surfing without an Active AV and Firewall running
AVG and ZoneAlarm both have a good reputation, I would opt to hold onto them both

I think we have your computer running a bit better
The next to you run into problems, don't hestitate to post here first before installing too many programs that are unneeded  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

[Roxy]

My computer is not just running a bit better, it's running great!  I don't think my computer has ever performed as well since I got it.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

I bought this thing in late July and started having problems the first week.  It was loaded with SO MUCH JUNK that I started trying to delete the stuff because the computer was very sluggish....and started crashing every so often from the get-go.  I should have brought it back but just thought if I got some of the junk, programs and games out of it, it would be fine.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Then, it started getting worse and I started looking for online help, and various scans to find out what was wrong.  I do understand now that some of that stuff I did to try and fix it just made the problem worse!  And probably the fact that I was getting help from several different sources didn't help.  (It is nice, however, to know that programs weren't installing properly so that it wasn't entirely my fault!)  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

Anyway, I did make note of everything that you told me to keep and delete, and will be very religious about doing updates and scans.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sleep.gif\' class=\'bbc_emoticon\' alt=\'-_-\' />

I am thankful that I found this site and got all of the help from you that I did......thank you so much!  And I will most certainly come back here if I encounter any other problems at all....and before I install a bunch of stuff!      http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

questolo, thank you again, and take care!

[guestolo]

Good work Roxy
It was a battle, but we won  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

Since everything is running better I'll lock this topic

Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />