Author Topic: questolo...please help (Read 3427 times)

guestolo · « **Reply #40 on:** May 10, 2007, 10:37:10 PM »

Don't worry about catchme.exe, is from a tool that we used
Let's get AV protection on this computer

First, Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows
Install a new AV
I usually suggest the following
ONLY install one, more than one can cause conflicts

AVG 7 by Grisoft
OR
Avast Home Edition by ALWIL
OR
Avira AntiVir Personal Edition Classic
OR
Active Virus Shield
Powered by Kaspersky's>"UNCheck Security toolbar during install"

You may want to try the latter
Active Virus Shield
Supply an email address, download the installer to desktop

While installing, please ensure to UNCHECK the Security toolbar, it's not needed
Also, ensure to copy>>Paste from the email they send you the activation code

After installation, ensure it is updated and run a full system scan
Reboot afterwards
Come back here and post another hijackthis log please

StormieK · « **Reply #41 on:** May 11, 2007, 03:00:54 AM »

I'm back...fell asleep...AVS took 3 hours to scan. Scan of what AVS found at the bottom...nice little program. Thank you

New HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 1:52:05 AM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

AVS Scan...

Scan
----
Scanned:   484990
Detected:   5
Untreated:   0
Start time:   5/10/2007 10:33:05 PM
Duration:   03:03:30
Finish time:   5/11/2007 1:36:35 AM

Detected
--------
Status   Object
------   ------
deleted: Trojan program Trojan.Win32.Qhost.a   File: C:\HJT\backups\backup-20061210-182933-498
deleted: Trojan program Trojan.Win32.StartPage.ags   File: C:\WINDOWS\system32\srbndl.exe/UPX/1scenichp.exe/HomePage.exe
deleted: Trojan program Trojan.Win32.StartPage.ame   File: C:\WINDOWS\system32\srbndl.exe/UPX/1scenicid.exe
deleted: adware not-a-virus:AdWare.Win32.SaveNow.bw   File: C:\WINDOWS\system32\srbndl.exe/UPX/3scenicwu.exe/UPX
deleted: Trojan program Trojan.Win32.Qhost.a   File: C:\WINDOWS\system32\drivers\etc\hosts.msn

Events
------
Time   Name   Status   Reason
----   ----   ------   ------

Statistics
----------
Object   Scanned   Detected   Untreated   Deleted   Moved to Quarantine   Archived   Compressed   Password protected   Corrupted
------   -------   --------   ---------   -------   -------------------   --------   ----------   ------------------   ---------
Total   484990   5   5   0   0   8583   589   331   1
Documents   51258   0   0   0   0   38   4   0   0
Mailboxes   2163   0   0   0   0   435   16   0   0
PRESARIO (C:)   379831   5   5   0   0   7393   550   331   1
PRESARIO_RP (D:)   51738   0   0   0   0   717   19   0   0

Settings
--------
Name   Value
----   -----
Security Level   Recommended
Action   Prompt for action when the scan is complete
File types   All
Scan new and changed files only   No
Scan archives   All
Scan embedded OLE objects   All
Skip if object is greater than   No
Skip if scan takes longer than   No
Parse e-mail formats   No
Scan password-protected archives   No
Enable iChecker technology   Yes
Enable iSwift technology   Yes
Show detected threats on "Detected" tab   Yes

It said it backed up the Trojan...is this the correct thing to do? I tried to delete them and it said 'are you sure you want to do that' so I didn't.

My son said he deleted the movies but I still see the file names in my Windows Media player. I can't find the movies.
Unfortunatly the modem is still running some:(

guestolo · « **Reply #42 on:** May 12, 2007, 11:17:15 AM »

Quote

My son said he deleted the movies but I still see the file names in my Windows Media player

The movies are probably gone, you just have to delete them from the Library in WMP itself

We should probably get you a good firewall software
This one is free
http://www.personalfirewall.comodo.com/
The Windows firewall will control Incoming attacks
but has no control over outgoing protection
Comodo will do both, it will disable the Windows Firewall on installation, let it

Reboot the computer
Back in Windows, let comodo load
If prompted that an application needs to access the NET
Ensure that you trust it, if you do
Allow it and check always allow

If there is something you don't recognize, don't allow it
Let me know about it please

Does your son have is own login username on your computer
If so, can I see a hijackthis log from his account also

In addition, can you open Hijackthis>>Open Misc tools section>>Open HOSTS FILE MANAGER
Click on the OPEN IN NOTEPAD button
Can you COPY>>PASTE back here the whole contents of this log please

StormieK · « **Reply #43 on:** May 12, 2007, 08:00:28 PM »

I downloaded the firewall. I didn't see how to delete the names of the movies in WMP. Could you give me a little help with that. I will try again as well. My son does not have his own login.

Here's the log you asked for...

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

127.0.0.1 localhost

guestolo · « **Reply #44 on:** May 12, 2007, 10:30:20 PM »

Your host file looks ok
Are you sure there was nothing below the second
127.0.0.1 localhost

Here's what I want your host file to look like Exactly

Code: [Select]

#	Copyright Â© 1993-1999 Microsoft Corp.
#	
#	This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#	
#	This file contains the mappings of IP addresses to host names. Each
#	entry should be kept on an individual line. The IP address should
#	be placed in the first column followed by the corresponding host name.
#	The IP address and the host name should be separated by at least one
#	space.
#	
#	Additionally, comments (such as these) may be inserted on individual
#	lines or following the machine name denoted by a "#" symbol.
#	
#	For example:
#	
#	102.54.94.97 rhino.acme.com # source server
#	38.25.63.10 x.acme.com # x client host
#	
127.0.0.1	localhost

Anything below the first 127.0.0.1 localhost
Can you highlight it and delete the line in hijackthis>>Misc tools section>>Hosts file manager
Remember, have your host file look exactly as I have in the code box above

What version of Media player are you running?
Open WMP and Maximize the window, do you see the Library?
Or open HELP>>About, let me know what version you have

StormieK · « **Reply #45 on:** May 12, 2007, 11:50:00 PM »

Here it is again...after I deleted the lines below the first IP address. There was nothing else below the second IP address.

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

I'm running WMP 11. It's set to check for updates every week so it stays current.

guestolo · « **Reply #46 on:** May 13, 2007, 12:28:12 AM »

I'm not sure what view your in in WMP 11
But if you see Tools select it and then click Options
If you don't see Tools
Right click the top menubar and select TOOLS>>Options

Open the Privacy tab
Select Clear History and Clear Caches

If the file may happen to be still on the machine, Open the Library tab
Select Video
Right click on the file and select Delete

Much more info in the Help files in WMP
Under Help menu

StormieK · « **Reply #47 on:** May 13, 2007, 10:33:41 AM »

I found it (WMP)...thank you.

This is what poped up when I restarted my computer this morning. Is this ok??? Well, guess I don't know how to add an image in your forum so I'll type it out.

~~~~
Comodo Firewall Pro

Generic Host Process for Win 32 Services is trying to act as a server. What would you like to do?

Details
Application svchost.exe
Remote IP : 192.168.1.101 Port : 1033 - UDP
Parent services.exe

Security Considerations

C:\WINDOWS\system32\WgaTray.exe has tried to use svchost.exe through OLE Automation, which can be used to hijack other applications. WgaTray.exe might be using svchost.exe to connect to the internet.
~~~~

I denyed letting it do this. This doesn't sound good.

guestolo · « **Reply #48 on:** May 13, 2007, 10:49:19 AM »

That is Microsoft checking to see if your version of Windows is legit {WgaTray.exe}
Just allow it, then it won't nag you anymore

Are you still liking your new AV?
My personal preference, you decide what you like however
On system startup, it always scans startup objects
You can leave this enabled
Or double click the AV icon by the clock
Select Settings>>Under Scan >>highlight Startup objects
Uncheck>Run on System start
Again, you can leave it running on startup, you will just notice activity for a bit on system start

Take a look at the settings, you may want to run a scheduled scan once a week at least
Highlight MyComputer under Scan>>On the right select Run mode
Select Change>>Have it run Weekly in the dropdown box under Schedule>>Choose the day and time
Select Run task if skipped>>This way it won't prompt you to run the scan, it will run the scan on startup if the computer happens to be shut down
at the scheduled time of scan

Leave the check for updates Automatically selected if you prefer
It will check often to ensure your always updated

StormieK · « **Reply #49 on:** May 13, 2007, 12:50:38 PM »

I like it better than anything I've had in the past. Very user friendly. Thank you

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> I set it to scan once a week.

Comodo Firewall is something I'm not sure about. I like it but I'll have to get use to it. It pops up and asked me what it wants me to do and I don't know most of the time. I guess. Seems like a good program though and I'm keeping it. Thanks for it too

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Every time I open WMP it asks me if it's ok, I say yes every time. Hummm...

My computer modem still runs often but not as much as 5 or 6 days ago.

Do I need to keep all the programs you had me install other than AVS and Comodo. On my desktop I've got Installed Programs, the Saved text for that. Combo fix and the text for that. BACKUP and Dr Webcureit. I'm not sure if we are finished with them yet.

I also noticed that on all my hjt logs there are files missing. Can I get those back? Are they needed?

guestolo · « **Reply #50 on:** May 14, 2007, 09:45:40 PM »

Don't worry about the file missing in hijackthis, it's just a bug

Go ahead and manually delete
InstalledPrograms.zip and .vbs
Combofix.exe >>Also delete C:\Combofix folder
MCPR.exe
Dr.Web Cureit.exe>>You can also delete the folder it created>>C:\Documents and Settings\Compaq_Owner\DoctorWeb <-this folder

Delete the "Backup" folder from desktop

The modem working as you mentioned may be normal, not sure how much activity you are seeing
Everything appears to be running normal

Just by chance, can you do the following
Download TcpView.zip
and unzip it to it's own folder on desktop
Open it's new folder and double click on TCPView.exe>>Allow access thru Comodo
Let this run for a bit, when you see much activity from the modem
Select FILE>>SAVE AS
Give it a name and click Save, it should save to the folder you extracted too
Post the contents here please, I WILL edit your IP address

StormieK · « **Reply #51 on:** May 15, 2007, 07:11:20 PM »

I've deleted all the things listed.

If you think it's running good then I'll accept that. It didn't use to run at all, sometimes for days it wouldn't come on and now it does anytime a webpage is opened or my OE is opened but also just sitting here. However, it does stop running where when I came to the forum several days ago it did not. It ran almost constantly:(

Here's the Scan....

alg.exe:532   TCP   Stormie:1025   Stormie:0   LISTENING
avp.exe:1516   TCP   Stormie:1110   Stormie:0   LISTENING
iexplore.exe:3092   UDP   Stormie:4722   *:*
lsass.exe:784   UDP   Stormie:4500   *:*
lsass.exe:784   UDP   Stormie:isakmp   *:*
svchost.exe:1000   TCP   Stormie:epmap   Stormie:0   LISTENING
svchost.exe:1068   UDP   Stormie:ntp   *:*
svchost.exe:1068   UDP   stormie:ntp   *:*
svchost.exe:1132   UDP   Stormie:1026   *:*
svchost.exe:1248   UDP   Stormie:1900   *:*
svchost.exe:1248   UDP   stormie:1900   *:*
System:4   TCP   Stormie:microsoft-ds   Stormie:0   LISTENING
System:4   TCP   stormie:netbios-ssn   Stormie:0   LISTENING
System:4   UDP   Stormie:microsoft-ds   *:*
System:4   UDP   stormie:netbios-dgm   *:*
System:4   UDP   stormie:netbios-ns   *:*

guestolo · « **Reply #52 on:** May 15, 2007, 11:38:59 PM »

Can you try the following for me, just a checkup, everything else looks normal
Right click the MyComputer icon and select Manage
Highlight "Services and Applications"
Double click on "Services"
Double click on "Automatic updates"
Select "DISABLED" from the dropdown menu
APPLY and OK it and then reboot your computer

Let me know how things are running then please

Also: there could be connection between a program you have installed
TrueAssistant
From what I understand, this will synchronize your OE with online Email clients, could this be what needs constant connection?

Quote

It didn't use to run at all, sometimes for days it wouldn't come on and now it does anytime a webpage is opened or my OE is opened but also just sitting here. However, it does stop running where when I came to the forum several days ago it did not. It ran almost constantly:(

StormieK · « **Reply #53 on:** May 16, 2007, 12:41:24 AM »

Ok, I did what you asked and it's pretty much the same. And it's running soooooooo slow. I notied this after we started working on getting the computer cleaned up. Not sure why. Mostly after the firewall was installed. Could it be that and the AVS working? I still like them and know I need them. Just wondering.

About that True Assistant Cox was bought by Suddenlink as you probably know, and when I had to change e-mail addresses all this stuff was downloaded True Assistant, True Switch, and True Suite.. I had to download it so it would change all my Cox information to Suddenlink. I have no idea if I still need it. Would you know?

guestolo · « **Reply #54 on:** May 16, 2007, 09:27:32 PM »

I can't believe that once the info is transferred you will still need the software installed afterwards if you don't need/use it
Here's another forum post about this software
http://www.freedomlist.com/forum/viewtopic.php?t=23424

You decide if you need it or not, I would say no

Also, I'm not sure why things really slowed down since you installed Comdo
It runs great on one of my computers
Can you give me some general computer specs please
Right click the MyComputer icon and select properties
What info can you post back about your system

Eg..How much RAM and CPU type

StormieK · « **Reply #55 on:** May 16, 2007, 11:28:46 PM »

I hope this is what you're asking for....

Celeron ® CPU 2.80GHz

2.80 GHz 248 MB of RAM

I'll read the forum tomorrow... Thank you.

guestolo · « **Reply #56 on:** May 17, 2007, 10:56:18 PM »

248 MB of RAM
That's not near enough Memory installed, appears to have 8mb shared to video
Which could also be improved on

But for the time being, I would concentrate on updating your RAM to at LEAST 512 MB

I had you disable Windows updates earlier as a troubleshooting step, can you ensure it is set back to Automatic
Right click the MyComputer icon and select Manage
Highlight "Services and Applications"
Double click on "Services"
Double click on "Automatic updates"
Select "Automatic" from the dropdown menu
APPLY and OK it

We should disable other entries in your log

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

Quote

Checks the internet for updated drivers/utilities for your HP product - update manually. Also disabling will obviously get rid of the more or less common error message: Windows can't shutdown the computer because hpcmpmgr.exe can't be ended Can also be the cause of Windows being Minimized for no reasons.

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Checks for software updates for your HP products, this does not need to run on startup
Let's create a shortcut to it so you can run it manually once a month
Manually navigate to HPWuSchd2.exe
Right click on it and select Send to and the select Desktop (Create Shortcut)
A shortcut will be created on desktop, you can put it in the Backup folder we made earlier

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Do you plan on updating your Memory
It is fairly cheap nowadays, If your unsure how to install it, do you have a friend that can help you with it?
It's fairly straight forward, but if you have never done it before, it may be intimidating

If you don't plan on updating your Memory, We may have to uninstall Comodo
to use a bit less resources, if you do remove it, ensure the Windows firewall gets reenabled
But PLEASE, do NOT remove AVS
You need realtime protection from Anti-Virus software

Also, ensure that you keep SpywareBlaster updated

StormieK · « **Reply #57 on:** May 18, 2007, 05:16:23 PM »

I enabled Windows update. I also did what you asked in hjt and rebooted. I update Spyware Blaster two or three times a week.

My son said he would try to add the extra memory but I also have a friend who said he would do it if my son can't. Thank you for the suggestion.

What exactly do I buy? It's a card correct? Does it say it's 512 MB of Ram or is it the difference between 248 MB of Ram and 512 MB of Ram? Is that clear? I mean is it 512 MB of Ram or 264 MB of Ram? Is there one brand better than another? I won't hold you to it if I don't like it:)

There was something I found in my Cleanup! just a minute ago that I saw there a couple of days ago as well. It's called Slide.com and I haven't been to a site called that nor will it come up when typed in the address bar.

One more thing for this message...I left my computer on last night and when I woke it up this morning there was a box in the lower right corner from AVS I believe that said a Win32.Startpage.ags and Win32.Startpage.ame Trogan has been found. Then another box came up that said a Downloader.JavaAgent.C Trogan had been found and both wanted to know what to do sooooo, I click on delete them. Did I do the right thing...is there anything else I need to do? Hope I didn't mess things up.

guestolo · « **Reply #58 on:** May 22, 2007, 07:38:34 PM »

Sorry for the delay

Quote

Win32.Startpage.ags and Win32.Startpage.ame Trogan has been found

AVS is probably set to rescan Quarantine after update
This is usually set to leave files in Quarantine for 30 days
Is that what's going on?
If you open AVS by double clicking it's icon by the clock
Left click somewhere in the box in "STATISTICS"
Open the Quarantine tab
You can highlight each entry and Delete permanently
That should help

Quote

Downloader.JavaAgent.C

It's ok that you let AVS delete the file
I had you delete older Java versions earlier, you should only have one installed now in add/remove programs
Can you open the Java icon in the Windows Control panel
Under the General tab click on "Settings" under Temporary Internet Files
Click "Delete Files"
click "OK"
Let it clear the files than OK out of Java

I don't really have a preference in RAM, just one that's compatible
You don't have to purchase the Ram from this site below
Just gives you an indication what your looking for
Can you give me the computer make and model?
http://www.memoryx.net/
Hope that helps

StormieK · « **Reply #59 on:** May 28, 2007, 08:07:33 AM »

Hi, I deleted everything in the Quaratine box. I only have one Java version in my add/delete programs.

Could you tell me how to access the Windows Control Panel. I thought I knew but guess I don't. Thank you.

I'll go visit the site link as soon as I finish here. Thank you for that. By make and model is this what you need to know? I have a Compaq, Windows XP and purchased it in 2005.

Is it ok to delete the Tcp View file on my desktop and also the Shortcut to SelfUpdate.exe? Two more questions...is it ok to delete the Google Updater in my add/delete programs and still keep my Google Bar? I reinstalled it but it came with this updater and my computers runs almost all the time again. I wanted to donate to you/forum and I know you are in Canada so does the money get to you even though I'm in the USA?

Stormie
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here's the make and model...

Computer Make: Compaq Presario 061
Computer Model: PW506AA-ABA SR1411NX NA520
Computer Version: 0n41411RE101GOVII00
Motherboard Model: Govii
Motherboard Version: 1.03
CPU: Intel Celeron 2.8Ghz
Installed Memory: 2 slots: 256 MB, empty
Matched - Machine: Presario SR1411NX
Matched - Model: http://www.memoryx.net/coprsrme178.html

ECC: No

News:

Author Topic: questolo...please help (Read 3427 times)