reload Windows XP on Emachine computer

[guestolo]

Nothing really bad in that log
Just do the following

Again, go ahead and disable Spybot's TeaTimer so it won't interfere


Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) 6 Update 5.
  
• From that link scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
  
• Click the "Download" button to the right.
  
• Click the Accept button>>the page will refresh
  
• Click on the link to download Windows Offline Installation, Multi-language (15.18 MB) and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:
    * Java 2 Runtime Environment, SE v1.4.2
    * J2SE Runtime Environment 5.0
    * J2SE Runtime Environment 5.0 Update 6

• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u5-windows-i586-p.exe that you downloaded to install the newest version.
  

Go back and reenable TeaTimer, if you get a prompt, allow the change

You can find info about TeaTimer and SDHelper in Spybot,
Open Spybot >> click on HELP>>HELP

[djkwik]

[quote name=\'guestolo\' post=\'424507\' date=\'Mar 21 2008, 08:15 PM\']Nothing really bad in that log
Just do the following

Again, go ahead and disable Spybot's TeaTimer so it won't interfere


Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) 6 Update 5.
  
• From that link scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
  
• Click the "Download" button to the right.
  
• Click the Accept button>>the page will refresh
  
• Click on the link to download Windows Offline Installation, Multi-language (15.18 MB) and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:
    * Java 2 Runtime Environment, SE v1.4.2
    * J2SE Runtime Environment 5.0
    * J2SE Runtime Environment 5.0 Update 6

• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u5-windows-i586-p.exe that you downloaded to install the newest version.
  

Go back and reenable TeaTimer, if you get a prompt, allow the change

You can find info about TeaTimer and SDHelper in Spybot,
Open Spybot >> click on HELP>>HELP[/quote]


Well, last night, I finally got irritated to the point where I totally uninstalled Spybot S&D.  One odd thing...after totally removing it, I checked my msconfig start-up and TeaTimer is still listed there (unchecked as I did that earlier)  I just thought it was odd to still be listed in the start-up if the program is not even on the computer anymore.  When I went to get Spybot again, i found a video about it at Downloads.com.  It stated that Spybot S&D used to be one of the best, but now is ranked like number 8 because it continually misses things that other spyware detectors will catch.  So I wanted to ask if you have a suggestion for a better spyware detector/remover that is free and easy to use?  I also updated Windows Media Player to #11 and updated Quicktime (my camera program installs QT for its videos but its 5 years old also so I needed the current version of QT).   I did the registry change you mentioned above and also updated my Java. I ran another HJT, the logfile is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:01 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080314
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205790549942
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 6085 bytes

[guestolo]

Log looks good

I checked my msconfig start-up and TeaTimer is still listed there (unchecked as I did that earlier) I just thought it was odd to still be listed in the start-up if the program is not even on the computer anymore

Let's deal with that first
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop

 

Code: [Select]

regedit /e export.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg"
export.txt

Double click on Export.bat, a text file will be placed on desktop called export.txt
As well, notepad will open
Can you copy>paste back here the whole contents

[djkwik]

[quote name=\'guestolo\' post=\'424528\' date=\'Mar 22 2008, 10:14 AM\']Log looks good



Let's deal with that first
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop

 

Code: [Select]

regedit /e export.txt "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg"
export.txt

Double click on Export.bat, a text file will be placed on desktop called export.txt
As well, notepad will open
Can you copy>paste back here the whole contents[/quote]

Here is the contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"


Also, my friend got my old hard drive to work in the adapter on his computer by moving the jumper from "master" to "CS"  We transfered most of what I wanted to a flash drive and I am SO happy.   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' /> However, since it seemed to work fine on his computer running XP, it should run on mine as well, so he let me use the adapter for awhile longer to see if there was anything else I wanted to get from the drive.  I get it home, plug it in and this time my computer DOES detect it and even installs it with no error messages, but the damn thing won't show up in My Computer.  I checked the device manager and its there and says the device is working properly?   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />   Ever hear that one?  If so, is there a fix?  If not, I'll just go back to my friends house again when he has time.

Let me know what I have to do to the registry to get rid of the remnants of TeaTimer, then I can either re load Spybot (more selectively this time) or whichever spyware detector you think would work best for me.  I also thought I got rid of Google Desktop also, but I see that is still listed in the above registry editor.

[guestolo]

=Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

Double click on fix.reg and allow to add/merge to the registry at the prompt

Back in Windows
Those entries should be gone from msconfig

Why not reinstall Spybot
Uncheck the TeaTimer during installation
After you install it
Search for and download all updates
Afterwards, click on Immunize>>Immunize again at the top Green cross

Do that after every update
Immunization won't run in the background, it just sets registry killbits and Host file entries

Do you have SpywareBlaster 4.0 installed?

If you have a legit version of XP, why not use Windows Defender
You can get free realtime spyware protection from it and have it run spyware scans occasionally also

Does the drive show in Disk management?
Right click on MyComputer and select MANAGE
From the list on the left select Disk Management
Look on the right hand side, do you see the drive?

What letters are set in MyComputer
Just C: drive and D:drive?

[djkwik]

[quote name=\'guestolo\' post=\'424760\' date=\'Mar 24 2008, 05:15 PM\']=Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

Double click on fix.reg and allow to add/merge to the registry at the prompt

Back in Windows
Those entries should be gone from msconfig

Why not reinstall Spybot
Uncheck the TeaTimer during installation
After you install it
Search for and download all updates
Afterwards, click on Immunize>>Immunize again at the top Green cross

Do that after every update
Immunization won't run in the background, it just sets registry killbits and Host file entries

Do you have SpywareBlaster 4.0 installed?

If you have a legit version of XP, why not use Windows Defender
You can get free realtime spyware protection from it and have it run spyware scans occasionally also

Does the drive show in Disk management?
Right click on MyComputer and select MANAGE
From the list on the left select Disk Management
Look on the right hand side, do you see the drive?

What letters are set in MyComputer
Just C: drive and D:drive?[/quote]



I checked Disk management and the device is not showing up.  Its not a huge issue this time...just forgot to grab some ripped songs...I can re-rip them with this even better D-drive and program.  Yes, all that is showing up is my C drive (divided into 3 units:NTSF,FAT,FAT32) and the D-drive.  I would rather just re-rip the songs...less frustrating.

If I use Windows Defender, will I need to uninstall Spyware Blaster?  WD will perform both functions (real-time protection and scans) and is free?

[guestolo]

As I said before, SpywareBlaster is NOT Realtime protection
It imports registry killbits to quietly help you keep safe on the net

Use it, it's free, and very helpful!!!