Author Topic: He did it again... (Read 1176 times)

StormieK · « **on:** June 09, 2007, 04:52:55 PM »

...he got on my computer and messed it up again!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

I keep losing the very top bar on my web pages and in OE...OE stops deleting my mail when I want it to...I tried to restart the computer and all it would do is let me turn it completely off! So I did and then it wouldn't come back on. Had to unplug it before it would come back on...

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

One VERY unhappy mother...please help me (again),
Stormie

Below is my Hjt log...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:45:12 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\cmdagent.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

guestolo · « **Reply #1 on:** June 09, 2007, 06:36:09 PM »

Quote

I keep losing the very top bar on my web pages and in OE

I'm not sure if I'm quite following what your saying

See if this helps
Open Outlook Express>>Click on VIEW>>Layout
Select your options under Basics>>eg.. Select Toolbar and click Apply

StormieK · « **Reply #2 on:** June 10, 2007, 08:58:28 AM »

Ok, I did that but it's already checked.

You know the bar at the very top of OE and of all web pages? It has the name of the page on the left and the three squares, minimize, expand, and close the page. That's what is disapearing. If I put my cursor on the three squares they show up but the rest of the bar doesn't and then the web page or OE doesn't act right. Won't let me delete e-mail, the web page won't let me click on things....when I download a file with Winzip or WinRar the little file icons don't show up either. Very strange. To make it all act right again I have to reboot but the computer won't let me. I have to turn it off. Then when I try to turn it back on the keyboard won't come on and I have to unplug the computer before it will come back on. The turning off part was happening this last time I needed your help but you got that fixed.

guestolo · « **Reply #3 on:** June 10, 2007, 09:34:51 AM »

Can we check on something
If you have combofix, delete it
Then, Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post back it's log please

Do you have all the latest High priority updates from Windows Updates?
Manually visit Windows updates, In IE select tools>>Windows updates
Choose the Express scan, install any High priority updates, reboot if required

StormieK · « **Reply #4 on:** June 10, 2007, 11:14:47 AM »

I checked for Windows Updates but I have none...all good there.

Combofix log below...

ComboFix 07-06-09.5 - C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
"Compaq_Owner" - 2007-06-10 9:42:17 - Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))

2007-06-03 18:07   <DIR>   d--------   C:\Program Files\Filters~Plugins
2007-06-02 17:08   <DIR>   d--------   C:\Program Files\PC ON POINT
2007-05-31 16:29   <DIR>   d--------   C:\Program Files\RegistryCleanExpert
2007-05-27 08:19   <DIR>   d--------   C:\Program Files\Scrapbook Plus
2007-05-21 21:07   <DIR>   d--------   C:\Program Files\Google
2007-05-20 09:30   <DIR>   d--------   C:\Program Files\PSPs Zipped
2007-05-20 09:28   75,384   --a------   C:\WINDOWS\TrueInstall.exe
2007-05-12 18:45   <DIR>   d--------   C:\DOCUME~1\COMPAQ~1\APPLIC~1\Comodo
2007-05-12 18:45   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-05-12 18:33   <DIR>   d--------   C:\Program Files\Firewall ~ COMODO
2007-05-11 16:44   160,195   --a------   C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
2007-05-11 16:43   <DIR>   d--------   C:\Program Files\Sqirtz Water Reflections
2007-05-10 22:27   156,960   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-10 22:27   12,131,872   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-10 22:27   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-09 22:34:10   --------   d-----w   C:\Program Files\SpywareBlaster
2007-05-10 03:05:51   561,272   ----a-w   C:\Program Files\MCPR.exe
2007-05-10 01:01:38   --------   d-----w   C:\Program Files\ACW
2007-05-03 18:46:39   --------   d-----w   C:\Program Files\Sonic RecordNow!
2007-04-18 16:12:23   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-03-20 02:16:32   90,682   ----a-w   C:\WINDOWS\hpiins01.dat
2007-03-17 13:43:01   292,864   ----a-w   C:\WINDOWS\system32\winsrv.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-21 21:08]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-21 21:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
"@"="" []
"COMODO Firewall Pro"="C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\CPF.exe" [2007-05-12 18:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}]

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 09:48:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-10 9:50:57

   --- E O F ---

I had uninstalled the Google Notifer but it stil shows up in the HJT log.

guestolo · « **Reply #5 on:** June 10, 2007, 11:29:10 AM »

Can you do the following for me
Go to START>>RUN>>Type in msconfig
Hit OK

Under the Services tab>>Enable ALL
Apply it
Under the General tab ensure that Normal startup is selected
Apply and close then reboot the computer

Come back here and post a fresh hijackthis log

Also, I want an update on the following
Close Hijackthis>>then REOpen Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

StormieK · « **Reply #6 on:** June 10, 2007, 12:13:54 PM »

Everything was already checked. I rebooted and it did it correctly this time, wouldn't ya know it...only thing is Active Virus Shield isn't in the task bar by the clock...or anywhere in the task bar.

HJT log,

Logfile of HijackThis v1.99.1
Scan saved at 11:06:06 AM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\cmdagent.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

HJT Uninstall Manager,

Active Virus Shield
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
Alien Skin Xenofex 2.0
CleanUp!
Color Cop v5.3
COMODO Firewall Pro
Compaq Connections
Compaq Organize
Easy Internet Sign-up
Filters Unlimited 2.0.3
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 1.99.1
Homestead SiteBuilder LPX
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918766)
Hotfix for Windows XP (KB926239)
HP Deskjet 3740
HP Imaging Device Functions 6.0
HP Photosmart Cameras 6.0
HP Photosmart Premier Software 6.0
HP Software Update
HP Solution Center and Imaging Support Tools 6.0
Intel® Extreme Graphics Driver
InterVideo WinDVD Player
iTunes
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java(tm) SE Runtime Environment 6 Update 1
LimeWire 4.12.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
PC-Doctor for Windows
PConPoint v2.0
picture-shark 1.0
Plugin Galaxy 1.0
PS2
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Sonic Express Labeler
Sonic RecordNow!
SpywareBlaster v3.5.1
Sqirlz Water Reflections
The Font Thing
Ulead ArtTexture.Plugin 1.0
Ulead FantasyWarp.Plugin 1.0
Ulead Particle.Plugin 1.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Vizros Plug-ins 4.1
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Xara X1

guestolo · « **Reply #7 on:** June 10, 2007, 01:21:17 PM »

Can you try the following, I'll be in and out of the house all day so I'll post back when I can
Download GMER from here:
http://www.majorgeeks.com/GMER_d5198.html

Choose save to disk rather than open at the download prompt

Unzip it to desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, apart from â€˜Show Allâ€™.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

StormieK · « **Reply #8 on:** June 10, 2007, 04:30:00 PM »

Here you go...

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-10 15:26:43
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreatePort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFileGather
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KiDispatchInterrupt + BA 804DB92E 7 Bytes JMP EFE11120 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP EFE0E2A0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP EFE0DE10 \??\C:\WINDOWS\system32\drivers\klif.sys
? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\cpf.exe[1736] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\cpf.exe[1736] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [ 05, 5F ]
.text C:\Program Files\Firewall ~ COMODO\Comodo\Firewall\cpf.exe[1736] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E

---- Threads - GMER 1.0.12 ----

Thread 4:116 FFB79D00
Thread 4:120 FFB79D00
Thread 4:124 FFB4D430
Thread 4:128 FFB4D430
Thread 4:132 FFB4D430
Thread 4:444 FFB79D00
Thread 4:512 FFB79D00

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.12 ----

guestolo · « **Reply #9 on:** June 10, 2007, 11:14:09 PM »

Hmm, Are you the only user on this computer
Any other profiles?

Could you do the following, see if you are prompted for your XP CD

Go to START>>RUN>>type sfc /scannow
Follow the prompts and supply XP CD if prompted

Let me know how it goes

StormieK · « **Reply #10 on:** June 11, 2007, 06:54:20 PM »

Hi, I did the scan and it didn't request the CD. After the scan the little window just closed.

There are no other profiles on this computer (that I know of). I'm the only one who uses it unless my son catches it when I forget to activate the password.

guestolo · « **Reply #11 on:** June 11, 2007, 10:52:59 PM »

Are you still having problems with IE and OE
It may be a corrupt profile

Can you try the following
If your running XP Pro
1.   Log on as the Administrator or as a user with administrator credentials.
2.   Click Start, and then click Control Panel.
3.   Click User Accounts.
4.   Click the Advanced tab, and then click Advanced.
5.   In the left pane, click the Users folder.
6.   On the Action menu, click New User.
7.   Enter the appropriate user information, and then click Create.

If your running XP HOME
Create a New User Profile in Windows XP Home Edition
1.   Log on as the Administrator or as a user with administrator credentials.
2.   Click Start, and then click Control Panel.
3.   Click User Accounts.
4.   Under Pick a task, click Create a new account.
5.   Type a name for the user information, and then click Next.
6.   Click an account type, and then click Create Account.

Sign in with that new account
Let me know if you have the same problems with IE please

StormieK · « **Reply #12 on:** June 12, 2007, 08:58:52 PM »

Windows has a new update for me to install. I tried to install it but it didn't. It was a update on OE 2003. The updater said it couldn't be installed. I tried it again and the same thing. Tried 3 times in all. Could OE be the problem? Do you still want me to try what you suggested? Wonder why it would start this after the site my son was on....? Let me know how you want me to handle this please

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Thank you...

guestolo · « **Reply #13 on:** June 13, 2007, 12:05:04 AM »

OE 2003???

I just downloaded some updates this evening from Windows updates>>5 of them
no OE 2003, do you mean Office??
All installed fine

Can you manually visit Windows update and try installing, supply more info on the update too please

I take it that is the only problem your having right now then, is one Windows update could not install?
Did you try the other user account, we can remove it after if it doesn't help

StormieK · « **Reply #14 on:** June 13, 2007, 07:46:51 PM »

My mistake...here's what the automatic update said. Update for Outlook 2003 Junk Email Filter (KB936030)

Then it said it couldn't be installed. I don't know why. I clicked on Tools and went to the Windows Update page and tried there. Same thing but with this note Download size: 0 KB , 0 minutes (Downloaded; ready to install)
This update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition
of which e-mail messages should be considered junk e-mail. This update was released in June 2007.

There was one other install that it said I needed.... Downloading Windows Genuine Advantage Validation Tool (KB892130) (update 1 of 1)... It installed.

I made another user account but something just isn't right witht this computer. I tried to change the image on my account and it says I can't. It says...Automation service can't create object. Says the same thing when I try to use a little image for the new account I just made. This brings up another question that might relate to all of this.

Some time back my son had a program installed that he could make video games with. When he tired of making video games he uninstalled it. He also uninstalled a program (I think it's a program) called Python 22. He thought it was part of the program to make the video games. The computer has not run correctly in respect to OE and certain images ever since. Like the little file icons not showing up in Winzip and Winrar. In OE the pictures don't show up when making stationery and in general it hasn't worked well.

I'm sorry, I just thought of this....

Do you know what the file QooBox is for in my C drive? Inside it's got a file Quarantine, and then two files in Quarantine called C and Registry_backups. Registry_backups appears empty. In C there's a file avenger and it appears empty too.

What a mess...thanks for you help!

guestolo · « **Reply #15 on:** June 13, 2007, 09:15:57 PM »

I'm more curious about the new user profile, does everthing appear good with it
Any problems with it? Did you give it Admin privileges?

guestolo · « **Reply #16 on:** June 13, 2007, 09:44:45 PM »

Don't worry about the Qoobox folder, that's a backup folder made from a tool we used
You can delete it

Would you like to start fresh with the installation of this computer???
Or would you like to try other alternatives

Sometimes a clean install is a good way to go to start fresh

From the uninstall list from hijackthis, what programs don't you recognize that shouldn't be there?

Also, cause I'm unsure what was downloaded
Can you do the following please, if you have an older version of Dr.Web on desktop, delete it
* REDownload Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a fresh hijackthis log

StormieK · « **Reply #17 on:** June 17, 2007, 04:42:49 PM »

No problems with the new profile. Let me have Admin privileges. I've deleted it.

Dr Web found nothing so there's nothing to report there.

I've never started from the beginning. Will I lose all my programs, graphics, tubes, projects, music, etc?

guestolo · « **Reply #18 on:** June 17, 2007, 08:42:30 PM »

N

Quote

o problems with the new profile. Let me have Admin privileges. I've deleted it.

I didn't want you to delete the new profile if you weren't having problems with it
The profile your using now may be corrupt if your having so many issues with it

What I want you to actually do if you still have problems your original profile is the following

First, let's call your original profile your using now as
A- Profile, the corrupt one

Now make a new Profile that you are going to use in the future
We'll call it B- Profile>>give it Administator rights

Now you have 2 profiles with Admin rights
We could have you log into safe mode with the hidden Administrator account or create Another Admin profile
We'll call it C- Profile

So now you have 3 profiles with Admin privileges

Let me know when you have that done and we will go from there
At the end of this you will be left with one user profile again, but we just have to do some steps first

StormieK · « **Reply #19 on:** June 20, 2007, 10:41:46 PM »

Hi, please don't lock this thread. My dad has been ill and not doing well right now. I'll be back in a day or two and make another Profile. Thanks, Stormie

News:

Author Topic: He did it again... (Read 1176 times)