"Instant Update Reminder"--is this a bug?

I ran Windows Defender 2 days ago & it identified an unknown program found at:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Instant Update Reminder.ink  

Anyone know if this is a bug, virus or worm that will harm my computer?  Also shortly after I logged onto dial up server I saw something open at the bottom of the toolbar called "Reminder" & I tried to view it but could not so I closed it out--could this be something that will harm my computer?  Thanks dede

[Moderator]

It sounds like something that should be removed. Here is a great read for you:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149948530

What else are you using for protection? Is everything working OK?

[R.I.P.]

 dede.......  I agree with GX1_Man ...it should be removed .
It might be a good idea to post a hijackthis log here for us to look at ....... there may be others as well.

dl65  

in response to gx1_man, i have norton antivirus corporate edition & windows defender installed on the pc.  that's it.  are those 2 programs sufficient to protect me from bugs, viruses & worms?

dl65 mentioned posting a hijackthis log here for you to look at---what does that mean & how is it done?

thanks, dede

one more thing, i just checked the instant update reminder program on my C drive  that Windows Defender identified & it looks like it was placed there by U.S. Robotics when I installed the 56k modem for dial up internet.  sounds safe to keep on the pc, would you agree?  thanks, dede  

[Moderator]

Here is a download link for Hijack This:

http://www.majorgeeks.com/download3155.html

It will create a logfile. Copy that into several posts, to include it all here. You must post the whole thing.

Have a read here:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149948530

I highly recommend ewido, great program, very easy to use, completely free. Also as has been said previously, post a hijack this log and we'll take a look at it for ya.

in response to gx_1man, i went to major geeks site provided but did not see the link for hijack this program.  also, on the website it said hijack program is only for advanced users which i clearly ain't so should i really be downloading this program?  thanks, dede

[Moderator]

The link is near the top of the page. Download from MajorGeeks, from Author's site, etc.

I know you are not an advanced user but some of the folks here are and they can help!

Here is a direct link to Hijack This. Just click and save. I know it says it's for advanced users but guess what, that's who you're talking to! So all you have to do is download it and Do a system scan and paste the log file here for us to advanced users to look over.

after running hijack this i saw about 46 lines of running processes for the c drive &  about 56 lines found below that with starting w/ R1, R0, 02, etc?  how do i know which ones to paste?  

also, after running windows defender today there are 6 unknown programs---which ones do i post here?  thanks, dede

[Moderator]

It ALL has to be included. It will take several posts to get it all.

ok, here's  message 1:

Logfile of HijackThis v1.99.1
Scan saved at 2:37:33 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\svchost.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
C:\WINNT\system32\CHKADMIN.EXE
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\QUICKEN\QWDLLS.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Compaq\Easy Access Keyboard\MEDIACTR.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\PeoplePC Online\bin\bartshel.exe
C:\PROGRA~1\PEOPLE~1\dialer\DIALER.EXE
C:\PROGRA~1\PEOPLE~1\bin\ppshared.exe
C:\Program Files\PeoplePC Online\bin\bartshel.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Darci\LOCALS~1\Temp\HijackThis.exe

ok, here's last message of hijackthis logfile:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: PeoplePC FixedBandBHO - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\PeoplePC Online\bin\BandObject.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC Online\hta\station.sbrt
O4 - HKLM\..\Run: [PPCRunonce] C:\WINNT\system32\PPCRunOnce.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKEN\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKEN\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\winnt\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{631A71CE-2442-4B0B-B683-15E545F184B4}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\CPQDIAG\CPQDFWAG.EXE
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Program Files\Compaq\LCRMS\LCRMS.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Win32sl - Intel - c:\dmi\win32\bin\Win32sl.exe

[R.I.P.]

 dede.... Before you remove what I am about to suggest , I should let you know that I have only a success rate rate of 99% at cleaning up machines based on their hijackthis logs ........... based on perhaps 500 + attempts......

I would do the following ....... when you open hijackthis and before you click scan and save log ....... go down to the lower right corner and click on config......  when the new page opens , in the 4 boxes that contain URLs .......
enter the URL of your home page ...for example http://www.msn.com    and then click on the back button ( again in the lower right corner )
Now , mark for removal the following :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search    
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/websearch    

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll    
    
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)  

O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINNT\Downloaded Program Files\SbCIe02a.dll

O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab    
 
O17 - HKLM\System\CCS\Services\Tcpip\..\{631A71CE-2442-4B0B-B683-15E545F184B4}: NameServer = 209.244.0.3 209.244.0.4  
 

Now make sure all the above are marked for removal ( put a tick mark in the box in front of the appropriate entry)

Now click fix checked .....   reboot and see how things are ...... and post a fresh hijackthis log so we can make sure its clean .

dl65  
 

 

in response to dl65's email of 6/25 at 7:57 pm:  how can i find the url of my home page? thanks dede

dl65:  one other thing, i use a dial up service from peoplepc but you flagged 2 of their programs for removal.  won't that affect my dial up service?  thanks, dede

can anyone help me w/ the 2 messages I posted on July 3rd?  here they are:

dl65:  one other thing, i use a dial up service from peoplepc but you flagged 2 of their programs for removal.  won't that affect my dial up service?  thanks, dede

in response to dl65's email of 6/25 at 7:57 pm:  how can i find the url of my home page? thanks dede

I highly recommend ewido, great program, very easy to use, completely free.

At Major Geeks, CNet, and its own site, it's all 29.95. Is there a free version that I just ain't finding?

[Moderator]

Free to try, $29.95 to buy. I think it continues to be functional but you would no doubt want to send them some cash for a good product.

Theres 2 Versions of Ewidow now, if you go on to the Girsoft site youll see there with AVG Free and Ewido Free

http://free.grisoft.com/doc/1