Problems, Episode II: Attack of the Crash

[Imperial]

My problem has been solved (thank you Soybean, CBMatt, and anyone else I fail to remember ), but my girlfriend has one, so I made a new topic.

[Imperial]

Don't really need this anymore.

Imperial

[doug_funny]

If I were you, I would tell your mom to buy BitDefender Antivirus Plus 10 @
http://www.bitdefender.com/PRODUCT-2143-en--BitDefender-Antivirus-Plus-v10.html
I have been using Bitdefender for years now ever since version 8 first came out. When you buy BitDefender Antivirus Plus 10, it comes with Antivirus, a Firewall, Antispam filter, & Anti spyware remover. It's a excellent program that finds viruses that Norton doesn't find. You can change the way BitDefender acts when it finds a virus or a  suspected virus. I always choose to delete both viruses and suspected viruses. Bitdefender is constantly scanning everything, so if your playing a game or something it will cause you to lag a little bit. You can always disable certain features in bitdefender. Make sure you buy BitDefender Antivirus Plus 10 for $50 for 2 years. It only cost $50 and you get 2 licenses for 2 years and you get 24/7 customer support if you encouter any problems. I have never had any problems with the program.

[Imperial]

And I've told her multiple times that we need to buy protection software.

However, with our current budget, the only software we can afford comes with a Five-Finger Discount.

And now FireFox is losing my internet connection every other page, as if I had none, yet, AIM is still running perfectly =/

[CBMatt]

However, with our current budget, the only software we can afford comes with a Five-Finger Discount.

I wouldn't be so quick to blame your mom.  There is a very good chance that some of this pirated software you're downloading has infected your computer.  And unfortunately, we don't deal with illegal copies of software.

[Imperial]

CBMatt, that was my way of saying that we're too poor to buy hardly anything, much less protection for my computer.

Everything I specified on my computer has been downloaded on the appropriate website for free. Trial versions, Free software (such as Spybot), etc.

Symantec was given to me by an online friend. who hosted it on, I believe MegaUpload. If it was pirated prior to my reception of it, I'm not held responsible for his partaking in illegal activities.

The only actual illegal thing I mentioned was using my wireless adapter to connect to my next-door neighbor's internet. Otherwise, I've done nothing wrong.

In addition, I blame my mom strictly because I've had basically no trouble since she began to use my computer instead of her own. Such happenings is a little too coincidental, don't you think?

Especially when she goes on, does her deal, and let's me back on again. Then I attempt to do whatever I wish to do (I.E go back on a website) and it takes me over a minute to load a page that took a mere 3-4 seconds before she got on, even after restarting my computer.

[patio]

Why is this post so wide ? ?

[soybean]

Why is this post so wide ? ?

Because of one line in his HijackThis report.  Sure is annoying, isn't it!

Imperial, your HijackThis report shows StyleXPService.exe running.  Can you disable or remove that?  It's not a harmful file but, according to some sources, may be using a good bit of memory.

Are you using more than one anti-virus?  I see evidence of both Symantec and AVG.  Do not run two anti-virus programs in resident memory at the same time.  Actually, I suggest you just remove Symantec and use AVG.

Also, are using more than one firewall?  Does your Symantec software include a firewall?  I see evidence of Comodo\Firewall.  And, what about Windows Firewall?  As with anti-virus, don't run two firewalls at the same time.

Do you have a Lexmark printer connected to that computer?

[CBMatt]

I'm sorry, Imperial, I took your comment the wrong way.  I have to go in a few minutes, but there are a few things I'd like you to try.

I'm not spotting anything malicious in your log, but let's address a few things...


1.  To remove Symantec from your computer, follow these steps.

2.  Download CCleaner (install without Yahoo! toolbar) and configure it according to this guide before running it.

3.  Update AVG and scan with it in Safe Mode.  See if it catches anything then.  While you're there, delete C:\Program Files\Spyware Doctor if it still exists.

4.  Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here.  Note: Don't click on the window while it's running; this may cause stalls.

5.  Disable TeaTimer and open HijackThis (and print out this post or save it in a Notepad file, as you won't have access to it).  Check the following entries...

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://82.98.235.58/trafc-2/rfe.php?nid=go&cmp=mygeek_9&q=music&uid=8D7EA596E77611DA853B000B6AC2AAE3&guid=ecc1ca13+DFF1692788E64EAAA097460B7E65289B&lid=C:%5CDocuments%20and%20Settings%5CAll%20Users%5CDocuments%5CMy%20Music
(Do you recognize this?  If not then check it.)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
(If you didn't set this with Spybot, check them.  If you did, you can leave them alone.)

Close all windows except for HijackThis and click on Fixed Check.

6.  Your Java is out of date.  You'll want to correct this quickly, as it will help provide further protection for you.  To do so, go here and click on Free Java Download.  You will be given instructions on what to do next.


And because this could also be a hardware issue...

7.  When was the last time you dusted this computer?

8.  Try a free memory diagnostics at www.memtest86.com

9.  You might also want to make sure all of your fans are working properly and that the computer isn't overheating.



Look into these and post back with a new HijackThis log and an update on how things are working.

Why is this post so wide ? ?

It's the link in his last R1 entry in the log.

[Imperial]

I can remove it if I need to. If it's causing a lot of memory to go down the drain surely.

I have Symantec and AVG. As I said, I've been tipped previously of needing only one, and that AVG was the better deal. Hearing it again is only more insurance on what to do.

I downloaded Comodo, and didn't specify anything besides when it started running. However, I believe it took the place of both Symantec's and Windows'.

I apologize for the extensive length caused by my HJT log, it just seems whenever I have a problem that it's asked for so I've been doing it without consent these days

I'm going to go delete these programs now and then I'll come back and let you know if it worked.

Thanks.

And, thanks CBMatt. I'll be sure to follow these steps you've given me.

I'm guessing I can restart my computer into normal mode for step six, so I'll take care of it too.

Oh, and I had a Lexmark product downloaded on my computer at some point.

[soybean]

Re: firewalls, go to Control Panel, open Security Center, and expand the Firewall section to see what it shows as running.

If you have no Lexmark printer, I would remove that Lexmark software.

[Imperial]

Yep, only Comodo.

Ok I'm gonna get to work now

[GX1_Man]

First you need to choose one antivirus and use it alone. Norton is expensive and sucks off too many system resources. AVG is great, and free is certainly cheaper than Norton or Bit Defender.

So do that and post back some improvements. 

[CBMatt]

First you need to choose one antivirus and use it alone. Norton is expensive and sucks off too many system resources. AVG is great, and free is certainly cheaper than Norton or Bit Defender.

Not only that, but it also tends to have more success when it comes to detecting and cleaning infections.


I was very tired this morning, so I left out one important step...
You need to move HijackThis off of your desktop and into its own folder.  Create a special folder for HijackThis and move it there.  And if it created a backup folder, move that also.
And yes, you may restart to Normal Mode after Step 5.


How's everything going?

[Imperial]

NOTE: This is very long so I made it into TWO posts.


After doing 5 of the 8 steps CBMatt gave me, my computer has began to act much faster.

I still need to update Java and things, but here is the ComboFix .txt you said I might as well post:

"Mom" - 2007-05-26 21:22:57    Service Pack 2  [SAFE MODE]
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Mom\Desktop\"


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\drivers\fad.sys"


(((((((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FAD


(((((((((((((((((((((((((((((((   Files Created from 2007-04-26 to 2007-05-26  ))))))))))))))))))))))))))))))))))


2007-05-26 16:55   <DIR>   d--------   C:\Program Files\CCleaner
2007-05-23 14:45   <DIR>   d----c---   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-05-23 14:45   <DIR>   d--------   C:\DOCUME~1\Mom\APPLIC~1\Comodo
2007-05-23 14:37   <DIR>   d--------   C:\Program Files\Comodo
2007-05-20 21:40   <DIR>   d--------   C:\Program Files\GiPo@Utilities
2007-05-20 21:40   <DIR>   d--------   C:\Program Files\Common Files\Gibinsoft Shared
2007-05-19 15:11   3,968   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2007-05-19 15:06   3,968   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-05-16 04:12   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-05-15 21:26   45,056   --a------   C:\WINDOWS\SYSTEM32\KPDDynCC.DLL
2007-05-15 21:26   40,960   --a------   C:\WINDOWS\SYSTEM32\KPDLM.dll
2007-05-15 21:26   2,367,488   --a------   C:\WINDOWS\SYSTEM32\xerces-c_2_7.dll
2007-05-15 21:26   196,608   --a------   C:\WINDOWS\SYSTEM32\KPDRES.dll
2007-05-15 21:25   <DIR>   d--------   C:\WINDOWS\SYSTEM32\BWKDLogs
2007-05-15 21:21   5,632   --a------   C:\WINDOWS\SYSTEM32\ptpusb.dll
2007-05-15 21:21   159,232   --a------   C:\WINDOWS\SYSTEM32\ptpusd.dll
2007-05-15 21:21   15,104   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2007-05-15 21:21   <DIR>   d--------   C:\Program Files\Common Files\Kodak
2007-05-15 21:17   <DIR>   d--------   C:\Program Files\Kodak
2007-05-15 21:16   <DIR>   d----c---   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
2007-05-13 22:15   <DIR>   d--------   C:\Program Files\ArtCursors
2007-05-13 21:00   <DIR>   d--------   C:\Program Files\MTV Networks
2007-05-13 19:59   <DIR>   d--------   C:\Program Files\AIM Music Link
2007-05-13 19:57   <DIR>   d--------   C:\Program Files\AvPropPlugin
2007-05-13 19:53   <DIR>   d--------   C:\Program Files\AIM FightList
2007-05-13 01:58   8,464   --a------   C:\WINDOWS\SYSTEM32\sporder.dll
2007-05-13 01:55   <DIR>   d--------   C:\Program Files\TGTSoft
2007-05-12 20:12   <DIR>   d----c---   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-26 22:14:24   --------   d--h--r   C:\DOCUME~1\Mom\APPLIC~1\yahoo!
2007-05-26 22:13:56   --------   d-----w   C:\Program Files\Yahoo!
2007-05-19 01:15:36   --------   d-----w   C:\Program Files\WordPerfect Office 12
2007-05-13 23:05:06   --------   d-----w   C:\Program Files\AIM6
2007-05-13 00:03:42   --------   d-----w   C:\DOCUME~1\Mom\APPLIC~1\AdobeUM
2007-05-11 02:38:39   --------   d-----w   C:\Program Files\SwiftSwitch
2007-04-18 16:12:23   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-03-17 13:43:01   292,864   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28   577,536   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28   40,960   ----a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48   1,843,584   ----a-w   C:\WINDOWS\system32\win32k.sys

[Imperial]

((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 10:19]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-19 14:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-23 14:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mom^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22a71def.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
BacsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1147121811\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc   usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a24a335b-6d11-11db-a66d-001217a32aff}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d52f7fee-311f-11db-a65a-000f1f9c5bc5}]
AutoRun\command- E:\JDLightning\Windows\JDLightning.exe
   
*Newly Created Service* -GTNDIS5

Contents of the 'Scheduled Tasks' folder
2007-05-24 15:13:01  C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 21:34:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\system\Services\SharedAccess]
"File"="C:\Program Files\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx"

Completion time: 2007-05-26 21:39:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 21:38

   --- E O F ---

I'll go upgrade Java and things now.

If I remember properly, I gave this system a good dust a couple weeks ago when I placed the stick in it.  Also, the tower feels around room-temperature. Would this give information on if my fans are working properly?

I'll be sure to make HJT it's own special folder

[soybean]

I left out one important step...
You need to move HijackThis off of your desktop and into its own folder.  Create a special folder for HijackThis and move it there.  And if it created a backup folder, move that also.

CB, what's the reason for this?

[soybean]

Also, the tower feels around room-temperature. Would this give information on if my fans are working properly?

That's a good sign.  But, if you want to get some actual temperature data, download and install SpeedFan. 

[Imperial]

I have that running, but what exactly do I do with it?

[patio]

I left out one important step...
You need to move HijackThis off of your desktop and into its own folder.  Create a special folder for HijackThis and move it there.  And if it created a backup folder, move that also.

CB, what's the reason for this?

Because certain malware out there is programmed to look for HJT in the obvious places and cancel out an effective scan...

Yes they are that insidious !

[CBMatt]

I can't help you with SpeedFan, as I've only used it once, so I'm not too familiar with it.  I prefer PC Wizard.  I think it's a bit easier to use/understand.  Look for the Voltage, Temperatures, and Fans button.

Have you been sharing your flash drive or borrowing someone else's?  Download Flash Disinfector and run it in Safe Mode with your flash drive connected (if you have more than one, repeat this with each one).  Then, enable hidden files and folders and use the Windows Search tool to search for RavMonE.  Delete any instances of it found on your computer.  Use Pocket KillBox if you have to.  Go ahead and restart back into Normal Mode.  Note: this is an infection that travels via flash drive, so you might want to walk someone through this process if you have shared a flash drive with them.

While in normal mode, open up the search and look for 22a71def.exe.  If you find its location, upload the file to VirusTotal and post the results here.

I left out one important step...
You need to move HijackThis off of your desktop and into its own folder.  Create a special folder for HijackThis and move it there.  And if it created a backup folder, move that also.

CB, what's the reason for this?

You mean, what's the reason for the backup folder?  HijackThis creates backups of everything you fix/remove with it.  It's a powerful little tool and it can do some damage if misused.  So, it creates these backups so you can restore things you've fixed/removed, just in case it was something important that needs to be restored.

[soybean]

I left out one important step...
You need to move HijackThis off of your desktop and into its own folder.  Create a special folder for HijackThis and move it there.  And if it created a backup folder, move that also.

CB, what's the reason for this?

Because certain malware out there is programmed to look for HJT in the obvious places and cancel out an effective scan...

Yes they are that insidious !

Gotcha.  Thanks.

[soybean]

I have that running, but what exactly do I do with it?

Ummm, well, look at it to see the temps, voltages, etc.  What else?   

[Imperial]

I left out one important step...
You need to move HijackThis off of your desktop and into its own folder.  Create a special folder for HijackThis and move it there.  And if it created a backup folder, move that also.

CB, what's the reason for this?

Because certain malware out there is programmed to look for HJT in the obvious places and cancel out an effective scan...

Yes they are that insidious !

Gotcha.  Thanks.

Likewise.

But, uh, would this file not need to be named "HJT"?

And, Soybean, what good is it to know the temperature, volts, etc., if I don't know what they mean and what I should do to modify something incase I know that one of the temps, volts, etc. is too high or low.

Thanks a bunch for all of the help guys.

[CBMatt]

But, uh, would this file not need to be named "HJT"?

And, Soybean, what good is it to know the temperature, volts, etc., if I don't know what they mean and what I should do to modify something incase I know that one of the temps, volts, etc. is too high or low.

Actually, it is a good idea to rename HijackThis.exe to HJT.exe, or better yet, give it a completely random name, as this will help make it less likely to be detected by certain infections.

As for your temperatures, you can post them here and we can let you know if they're normal or not.

[Imperial]

Um, well, i have an icon on my taskbar that says HD0: 36C

would that be it?

It has gone up since last night, it was 33 before I went to bed.

I'm looking for the 22a71def.exe file right now.

[soybean]

HD0 indicates a hard drive temperature.  What other temps is it reporting?  You really need to identify the CPU temp.  SpeedFan's default labeling of various temps is often not clear as to what component it represents.  Most likely the highest temp SpeedFan shows will be the CPU temp.

SpeedFan's generic labels can be changed to something more meaningful.  If you are not sure what the various temps represent, you might access your BIOS and see whether it shows any temps; matching that to what SpeedFan reports would be a way of identifying the temps.  Or, you could download EVEREST Free Edition 2.20 and run it once to help identify SpeedFan temps. 

[TrapperX]

Try SIW System information for windows. It's free and has a lot of information
http://www.majorgeeks.com/download4387.html
I am pretty sure it has temp sensors included if you MB supports it.

[soybean]

Well, we've mentioned three programs now for the purpose of getting temperature readings.  I'm not sure this is helpful.  If his primary objective is to get temperature readings and perhaps monitor temperatures, not just take a snap shot at a particular moment, then SpeedFan is a very good tool.  It's designed to control fan speed, in systems that will allow it, and provide temperature info.  And, it can provide continuous monitoring of temperatures; it gives a temperature reading in the system tray and can provide a continuous reading there.  That's nice if you want to observe your system temps under different workloads.

PC WIZARD that CBMatt mentioned looked like a very good tool for obtaining system information but it goes far beyond temperature info; it's really more comparable to Everest Free, Belarc advisor, and such system information tools.  So, if you want a more comprehensive system information tool, it looks like a good choice.

SIW (System Info) has 83,934 downloads from majorgeeks.com vs. 485,682 for SpeedFan.  And, the description at http://www.majorgeeks.com/download4387.html makes no mention of temperatures. 

[TrapperX]

Well, we've mentioned three programs now for the purpose of getting temperature readings.  I'm not sure this is helpful.  If his primary objective is to get temperature readings and perhaps monitor temperatures, not just take a snap shot at a particular moment, then SpeedFan is a very good tool.  It's designed to control fan speed, in systems that will allow it, and provide temperature info.  And, it can provide continuous monitoring of temperatures; it gives a temperature reading in the system tray and can provide a continuous reading there.  That's nice if you want to observe your system temps under different workloads.

PC WIZARD that CBMatt mentioned looked like a very good tool for obtaining system information but it goes far beyond temperature info; it's really more comparable to Everest Free, Belarc advisor, and such system information tools.  So, if you want a more comprehensive system information tool, it looks like a good choice.

SIW (System Info) has 83,934 downloads from majorgeeks.com vs. 485,682 for SpeedFan.  And, the description at http://www.majorgeeks.com/download4387.html makes no mention of temperatures. 

I am not in an competition on who's product was better or what it does better.
I saw he wasn't finding the cpu temp and I have used this program before with little effort or learning cure, it is a easy to use app and good for beginners because it doesn't have to be installed and can even be run from a USB.
And as far as downloads go, numbers can easily be fudged and just because more people download something IMO doesn't make it better.
I was thinking of the person trying to fix his computer not who has or who does what. I am here to help individuals as I believe we are all trying to do.
I don't know everything nor does anyone individual, so we are all here to learn from each other, at least I am  
TrapperX

PS I just download both programs.
Speed Fan has a big learning curve right out of the box, and looks like it is designed towards over clockers in mind .
PC Wizard is about the same as SIW with a nicer look and more features, I will probably use PC Wizard now.   
Thank you CBMatt!!!
This is what I am talking about learning from others  

[soybean]

Yes, SpeedFan does have a panel that can be used for overclocking on some systems but that can simply be ignored.  The initial screen that appears when SpeedFan is opened shows the temperature info along with fan speeds and voltage readings.  And, that screen is really all many users may need or be interested in.  In that case, I don't see much learning curve; just install it and open it to view the default screen.

Again, I agree that PC WIZARD looks like a very nice program, based on the extensive information on the website.  My point was that, if he mainly wants to monitor temperature, an extensive system reporting tool like PC WIZARD does much more than that and may be more than he wants. 

I have Everest Home Edition installed and it tells me the same info that SpeedFan tells me.  But, it does not display a temperature value in the system tray and allow for easy temperature monitoring that way.  My system tray shows this:


If I double click on the temp to open SpeedFan, I see:


So, it's a quick and easy way to get temperature info.

[TrapperX]

I think we have Hijacked this post soybean 

I know and you know they don't need to do anything else with the SpeedFan
But... we all know how curious we all are and especially less experienced users
they tend to play with things, so I try to make it a simple as can be. Like (no offense to less experienced users by any means)  I am talking with my Grandmother or 7 year old son who one day soon is going to be telling me how to do things 
I think SpeedFan is a cool program and if I needed to monitor my system I would probably go that route, it is a nice program with some really nice features I would have used in the days I was OCing my PIII 700 to 933
But these days I don't play around with my machines because they have more power than I need except when I am processing video,.
Now once I get my quad core with 4 gig of ram I am sure I will be more than pleased as I look over my shoulder to make sure wife doesn't see me wanting to upgrade my 6 month old system already 

[Imperial]

Ok, I apologize for not replying sooner, but I've been busy:

When I searched for 22a71def.exe, I found 3 things. 1 being the log for the one thing you had me run, 1 being from SYSTEM32, and another from somewhere else.

Was the SYS32 one the one I am looking for?

Also, with speedfan, it appears to only find 1 fan (Which I think is all I have on this computer.) And it's at 35C, which I'm assuming is perfect temperature as it showed a check next to it

Finally, and more importantly:

AVG Free cannot update for some reason. It is now out of date. When I attempt to do it manually, about 3 seconds into searching for updates I receive a pop up that says "Search was unsuccessful" with only an OK button.

What to do?

[scaptic]

yo when it gets to the virtual memory let the computer manage the page files n try to get 1/2 GB ram to make your computer very fast n avoid putting more music caz is the one that usually makes computers run slower, but 2 GB RAM will do n try compress your disk c to increase your memory

[CBMatt]

Ok, I apologize for not replying sooner, but I've been busy:

When I searched for 22a71def.exe, I found 3 things. 1 being the log for the one thing you had me run, 1 being from SYSTEM32, and another from somewhere else.

Was the SYS32 one the one I am looking for?

Yes, the one in the system32 is the file you should upload to VirusTotal.  As for AVG...try again later; perhaps the site is experiencing problems.

[firestar]

Why would you think norton anti virus sucks? I have had that since I've had this computer and it still runs fast, I know very little about my computer but I don't see how something that is free would be better? 

[GX1_Man]

I guess the other question is how do you know that since you paid your money how do you know THAT is better?

If you compare Norton and then AVG on a computer (not running both at the same time), you will see exactly what we are talking about. 

[closefrnds]

Hi,, I read all the above Posts..
Well I faced the same Problem earlier.
Try the simple tricks that r on my site, that is in my signature.. Hope It helps

[Imperial]

Ok, I apologize for not replying sooner, but I've been busy:

When I searched for 22a71def.exe, I found 3 things. 1 being the log for the one thing you had me run, 1 being from SYSTEM32, and another from somewhere else.

Was the SYS32 one the one I am looking for?

Yes, the one in the system32 is the file you should upload to VirusTotal.  As for AVG...try again later; perhaps the site is experiencing problems.

I turn on music and lock my computer (to prevent my mom from waking me up in the morning like she always tries to do) when I go to bed, and when I wake up in the morning 7-9 hours later, I always see the pop up notification that update was unsuccessful.

This tells me that it's not their site, but maybe something else. Any advice/help/tips?

Also, can someone provide proof or reasoning to support the validity in Closefrnds' post?

[TrapperX]

Also, can someone provide proof or reasoning to support the validity in Closefrnds' post?

I can tell you he is hosting illegal key makers for Microsoft software so I would suggest to stay away and for a Forum moderator look over the site to see if it is appropriate to be here.

[CBMatt]

See if you can go to the web site and download the manual updates from another computer and then transfer them to your computer with a flashdrive or CD.

As for Closefrnds' post...if the Top Ten Tips To Improve System Speed is what's being referred to, then I'd say those look like valid suggestions.  However, I would expect those tips to speed up the computer's boot time more than its general performance.

[CBMatt]

Also, can someone provide proof or reasoning to support the validity in Closefrnds' post?

I can tell you he is hosting illegal key makers for Microsoft software so I would suggest to stay away and for a Forum moderator look over the site to see if it is appropriate to be here.

Thanks for the heads-up, TrapperX.  I'll look into this right now and review the rest of his site.

[Imperial]

See if you can go to the web site and download the manual updates from another computer and then transfer them to your computer with a flashdrive or CD.

Alright, I'll try this Sunday when I go over to my friend's again.

Thanks for the heads-up TrapperX/CBMatt (on Closefrnd).

Now, haha, I have another problem (and I'll edit the first post with it since the first post's problem is solved now):

My girlfriend's computer will seemingly crash and forces itself to shut down or something of that nature.

It'll happen randomly and without warning.

She's given me specs before, but I'm aware that it's an alright computer and that she's got protection (exactly what escapes me, but I believe Spybot is one of them)

In her own words what keeps happening tonight:

(her SN) (12:53:39 AM): it seems as the computer completely restarts it slef, like it shuts off then trys to turn back on.
(her SN) (12:53:52 AM): but if i am not siging of AIM then that cant be the case.

She also noted that:

well, okay, even though my computer is shutting off. AIM for some reason isnt logging me off, the minute my computer rebots it self.it took like 5minutes or so why? is my computer not completey shutting off, is it more hibernating? see i am not sure. Gr. :/

What I thought, was maybe some important process is being interrupted, or fails in some way, causing most of her computer to shut down, but not-as important programs running (like AIM or an internet browser) continue to run until the rest of the computer shuts down.

However, I'm not really computer-savvy. I know a little here and there, but nothing on a subject as this. Any help?

I'll have a lot more information if she can sign on soon, such as computer specs, protection she's got, etc.

Yet again, thank you very much

[CBMatt]

Imperial,
I'm very glad we were able to help you out with resolving your problem.  For this new problem, I would suggest starting a new topic.  I think it would have a better chance of being looked at that way.  Someone might see the number of posts on here and assume you're getting ample help even though this is a new problem.  I could be wrong, of course, but I think some of our busier members might have that sort of attitude.  Also...editing your original post makes things a bit confusing.  I only looked at your post because I saw that I had posted in it (with the new title, I didn't recognize the topic).  And until I read a couple of responses, I was completely confused.

I'm sure everyone will be happy to help, but I think it would be in your best interest to start a new topic.  And please get as much information from your girlfriend as possible to help things go smoothly.  Specs and protection are a must, of course, as I'm sure you know.  And find out if her computer actually loses power when this happens.  Does it shut off?  When it starts back up, are her programs still running?  That's the impression I'm getting here.

[Imperial]

Haha, alright I'll just lock this then and restart.