Author Topic: Several problems (Read 19926 times)

guiness · « **on:** March 03, 2005, 03:27:09 PM »

I wasn't sure where to post this as I have more than one issue. I use XP Home and IE6, 1024MB Ram, 70GB HD. Of the 1024MB only 500 is available, don't know where the rest has gone. Internal links won't open, only show blank pages. I try to play online games and it says I don't have enough memory and has blank pages. I will be on the internet and get a "Internet Explorer has encountered an problem and needs to shut down". (Several times in a row) I have all updates, scanned for viruses, used stinger and removed spyware. Any help would be appreciated.

dl65 · « **Reply #1 on:** March 03, 2005, 04:18:28 PM »

guiness....Ok ...let go thru this again You have Win XP ....do you have Sp 1 and SP2 as well as all the updates ? you are able to access the internet ok ......Are you using dialup or Hi speed ..... Has your browser ever been hijacked ? Have you checked your system for trojans .... Which anti virus program do you use regularly ........Which spyware app do you regularly run ....... I know a lot of questions , but there is something going on that you need to correct ....... A format would correct , but it may not be necessary .

Let us know
dl65

guiness · « **Reply #2 on:** March 03, 2005, 04:46:43 PM »

Thanks for the quick response. Yes I have both SP1 and SP2 and all updates. I was running Nortons Antivirus, now I have EZAntiVirus and I use it everyday. No viruses were detected. I ran Stinger also, just in case. I also use Spybot. I have DSL. I can access the internet, no problem. Now IE has just started closing while I'm using it with no warning or error. Yes, my browser was hijacked but I changed it back and it is protected by WinPatrol. Any suggestions would be greatly appreciated.

Flame · « **Reply #3 on:** March 03, 2005, 06:07:07 PM »

Have you tried running a Windows Update by going to http://www.microsoft.com ?

[glb]Flame[/glb]

dl65 · « **Reply #4 on:** March 03, 2005, 07:22:19 PM »

guiness.......How about D/L ....hijackthis .......from
http://www.majorgeeks.com/download3155.html .......
After you have run the scan ( save it as a log file to your desktop ) and post it here for us to check ......

dl65

guiness · « **Reply #5 on:** March 03, 2005, 07:40:36 PM »

I have to give you the logfile in 2 posts. It is too long for one. And I have all the current Windows updates. Thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 6:38:22 PM, on 3/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE

guiness · « **Reply #6 on:** March 03, 2005, 07:45:42 PM »

Here is some more of it.

C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r1.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing

guiness · « **Reply #7 on:** March 03, 2005, 07:46:51 PM »

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094660909415
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

dl65 · « **Reply #8 on:** March 03, 2005, 07:47:18 PM »

wheres the rest of it ........There must be more than Im seeing

dl65

dl65 · « **Reply #9 on:** March 03, 2005, 07:48:05 PM »

ok ....now its all there ......let me have a look

dl65

dl65 · « **Reply #10 on:** March 03, 2005, 07:57:59 PM »

guiness......Is your home page ...... http://www.msn.com ?

let us know

dl65

guiness · « **Reply #11 on:** March 03, 2005, 08:00:22 PM »

Yes, my homepage is msn.com

dl65 · « **Reply #12 on:** March 03, 2005, 08:00:59 PM »

Thank you

dl65

dl65 · « **Reply #13 on:** March 03, 2005, 10:37:35 PM »

guiness......Ok ......here's what to do......
open hijackthis..... next click Do system scan and save log file ...................Next .....click config. ........Next ....
on the configuration page ..........leave the first box unticked and then tick the other 5 boxes ........next.....in the 4 URL boxes ....enter http://msn.com in each one ....
Next ......click back......
Now mark for removal , the following :
All R0 and R1 entries
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.msn.com
O15 - Trusted Zone: *.passport.net

Ok ....now click on fix checked........

Now reboot and see how things are ....... I would also suggest you D/L and run Antispyware ( Beta )
get it at ..... http://www.microsoft.com/athome/security/spyware/software/default.mspx

Let us know how the pc is working now .......

dl65

guiness · « **Reply #14 on:** March 04, 2005, 08:25:23 AM »

Hi. I did everything you advised and I still can't access internal http links, only get a blank page. Same with the online games. Still says I don't have enough memory, along with a blank page. I have'nt had IE shut down though. That's a plus. I D/L and ran the Antispyware. There is a place there where it shows Windows Host Files. Most of it appears to be spyware and adware (doubleclick.com, valueclick.com) and others I'm not sure what they are. Is it safe to permanently erase these? Thanks for all your help. I know it is time consuming. If you have any other suggestions, I'm willing to try.

dl65 · « **Reply #15 on:** March 04, 2005, 12:51:35 PM »

guiness.....ok .....then we are making some progress then.....Please delete the entries
( double click and Value click ) they are not good........You are safe to delete anything which Antispyware identifies ........ Your hijackthis log revealed that you had ( and may possibly still have ) 3 trojans and 2 viruses ......

So here's something else to try ......
click "Start " , "Control Panel" , then make sure it is being displayed in "Classic view " then click "Folder Options" ....when folder options opens ...click the view tab ......and scroll down until you see the folder called Hidden files and folders ......now put a tick in the small circle in front of "Show hidden files and folders " click apply and ok ......... Exit control panel .
Now lets shut down and reboot into the safe made ......
( repeatedly tap the F8 key as soon as you reboot ) you will be given options as to how you wish to start ...choose SAFE mode ......when it boots up in safe mode ...your display will look completely differant .....and you will not have access to the net .....
Now run your scans again .........Virus scan , then Antispyware ( Beta ) , Ad-Aware if you have it , SpyBot if you have it . Delete anything the scans find ........when finished ....shut down and reboot .......now it will start in normal mode ...... when back up in normal mode and connected to the net....try several of the links you have in your fovourites folder to see if they are working ....

Let us know

dl65

guiness · « **Reply #16 on:** March 04, 2005, 04:12:43 PM »

Spybot - Search && Destroy process list report, 3/4/2005 2:27:40 PM

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 216 (1432) C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
PID: 484 ( 4) \SystemRoot\System32\smss.exe
PID: 536 ( 484) csrss.exe
PID: 560 ( 484) \??\C:\WINDOWS\system32\winlogon.exe
PID: 604 ( 560) C:\WINDOWS\system32\services.exe
PID: 616 ( 560) C:\WINDOWS\system32\lsass.exe
PID: 768 ( 604) C:\WINDOWS\system32\svchost.exe
PID: 840 ( 604) svchost.exe
PID: 976 ( 604) C:\WINDOWS\System32\svchost.exe
PID: 1032 ( 604) svchost.exe
PID: 1100 (1432) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 1108 (1432) C:\Program Files\AIM\aim.exe
PID: 1172 ( 604) svchost.exe
PID: 1432 (1412) C:\WINDOWS\Explorer.EXE

guiness · « **Reply #17 on:** March 04, 2005, 04:13:59 PM »

Spybot - Search && Destroy browser pages report, 3/4/2005 2:14:19 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://srch-qus10.hpwis.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://qus10.hpwis.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://srch-qus10.hpwis.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://searchmiracle.com/sp.php
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://qus10.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://srch-qus10.hpwis.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

guiness · « **Reply #18 on:** March 04, 2005, 10:13:19 PM »

I ran Registry First Aid and deleted over 1000 entries. I also ran Antivirus again but it still detected nothing. I ran a different one and it found 3 Trojans. Deleted the infected files. I played it safe and deleted the programs.
Everything is much better. Pages load faster, IE hasn't shut down, all the graphics are showing up. The only problem is it still says there is not enough memory. I have 1G RAM and only 600MB available. I don't know what happened to the rest but that should be more than enough. And the problem with memory started with all the other ones I was having. So, once again, any suggestions. Thanks for all the help.

dl65 · « **Reply #19 on:** March 05, 2005, 01:07:20 AM »

guiness.....glad to hear that things are working better.
You should probably run registry first aid once a week.
Here's something else to look at ........click start .....then run ....now type in the box ....... dxdiag and click ok .....when the new window opens , make sure its the system tab and look down were it lists the memory ...what does it show ?

let us know

dl65

guiness · « **Reply #20 on:** March 05, 2005, 01:28:30 AM »

Hi, after I rebooted my computer I ran Spybot again and found another Trojan. I'm going to start in safe mode again and do everything over. It was the same Trojan as one before, just in a different file. Also, after running dxdiag, it says I have 960MB RAM. I looked under system tool...then system information, it says I have 1024MB installed, 513 available. That can't be good. It may take awhile but, I'll get it fixed with ya'lls help. Thanks

dl65 · « **Reply #21 on:** March 05, 2005, 02:12:47 AM »

guiness....What is the name of this elusive trojan?
Something else I negected to have you do was to empty the temp internet files , the cookie files and the history files. to do that click on tools in your browser , then select internet options , then the general tab , click delete cookies , delete files and clear history ....then click apply and ok

Let us know

dl65

guiness · « **Reply #22 on:** March 05, 2005, 10:09:54 AM »

The name of the Trojan is TR/VB.SR. I have deleted it form 3 different files. I have already deleted the temp files, cookies and all that. I thought I had my homepage blocked against hijackers, but apparently I don't. It keeps getting changed. Any good program for that?

Thanks

guiness · « **Reply #23 on:** March 05, 2005, 10:20:37 AM »

I just tried to load a program I've used before and got this error message: 16 Bit Windows Subsystem
C:\Windows\System32\Autoexec.NT. The System file is not suitable for running MS-DOS and Microsoft Windows applications.

How concerned should I be?

guiness · « **Reply #24 on:** March 05, 2005, 11:46:07 AM »

I'm pretty sure my IE6 files are corrupt. Unfortunately I don't have my XP installation disc here or I would just reinstall it. I tried to run an IE Fix program but it needs the CD. It corrected some of it. I don't get blank pages any more and it does'nt say I don't have enough memory. However, the loaded page only stays up for about 3 seconds.

dl65 · « **Reply #25 on:** March 05, 2005, 12:26:12 PM »

guiness......Hi .....If your home page is still being changed , there's a very good chance that we overlooked something when we removed the things using hijackthis........perhaps you could run a new scan as it is today and post it for us to look at ........
I think you can download IE 6 ......... , but I'm not sure I would do that yet .

dl65

guiness · « **Reply #26 on:** March 05, 2005, 01:52:34 PM »

Here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 12:51:21 PM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.829\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://msn.com
R1 - HKCU\Softhe new log

guiness · « **Reply #27 on:** March 05, 2005, 01:55:48 PM »

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int174159.exe -auto
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKLM\..\RunOnce: [PhotoshopAlbumUninstallRebootRequired] cmd /c del "C:\WINDOWS\system32\drivers\PFCNeedUnInstallBoot.tmp"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094660909415
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

guiness · « **Reply #28 on:** March 05, 2005, 01:56:57 PM »

Disregard the very last entry of R1 on the first page, my mistake.

merlin_2 · « **Reply #29 on:** March 05, 2005, 02:03:26 PM »

T o jump in on this post.......spyware is rampant on your pc..>>use spyweeper..>>>to clean it...>>.http://webroot.com/downloads/?WRSID=9515a892e56d03e80281761ce8699a54

and use free-ram xp from majorgeeks to improve ram use...i could got into the tech..crap..but i wont..i will let the software help you.........>.info>http://www.webattack.com/Freeware/security/fwantispy.html

guiness · « **Reply #30 on:** March 05, 2005, 05:05:23 PM »

Thanks, I tried to use Spysweep and it locks up on my system. It does find alot of things my other one doesn't but I can't delete them.

dl65 · « **Reply #31 on:** March 05, 2005, 06:05:37 PM »

guiness........Is the log you posted from the same pc ? I'm seeing things that didnt appear on the first one .....
Have you been adding programs ? I also note that the trojans are still there . How many differant antivirus programs are you using .......( you should really only have one ) .......Could you list the spyware removers you are using right now and how many of them are registered ...as opposed to trial versions ....
Why dont I see antispyware .....listed ?
why dont I see registry first aid listed ?
I'm seeing Symantec showing up ....are you using some symantec app?
Unfortunately ......if you are adding or deleting apps its difficult to track whats going on .

let us know

dl65

dl65 · « **Reply #32 on:** March 05, 2005, 08:03:41 PM »

guiness......Ok , lets try this again........
before we mark for removal , I would like you to set the 4 search URLs in configuration to ......
http://www.msn.com
you can change to whatever once we get this clean ......

Mark for removal......the following:
All R0 entries
All R1 entries
O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int174159.exe -auto
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll

ok ...click fix checked ...... Now reboot and go looking for ...... C:\WINDOWS\ALCXMNTR.EXE when you find it delete it.

Now run hijackthis again and post the log ....We need to see it before you add anything .

dl65

guiness · « **Reply #33 on:** March 05, 2005, 10:34:10 PM »

dl65 Yes it is the same PC and no I'm not adding programs. Well, I did add Registry First Aid and the Microsoft Antispyware and they are still there. I have one AntiVirus program. I have Adware6 and Spybot but they are not detecting any spyware. They are both trial versions. Someone from the forum suggested SpySweeper. It detected a ton of them but it locks up and I can't delete them. I don't use any Symantec programs. I'm at work now and can't do anything till tomorrow morning when I get home. Once again, thanks for all your help.

guiness · « **Reply #34 on:** March 06, 2005, 09:35:09 AM »

Logfile of HijackThis v1.99.1
Scan saved at 8:27:42 AM, on 3/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX01.359\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094660909415
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

dl65 · « **Reply #35 on:** March 06, 2005, 01:25:16 PM »

guiness ....Wow this sucker is sure stubborn......

one more time ....

Mark for removal

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Mark for removal

No reboot and see how things are .

dl65

guiness · « **Reply #36 on:** March 06, 2005, 01:56:30 PM »

Logfile of HijackThis v1.99.1
Scan saved at 12:52:33 PM, on 3/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094660909415
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

dl65 · « **Reply #37 on:** March 06, 2005, 02:07:36 PM »

guiness......So how is the pc running ?

As far as I can see , the hijacker has been removed .....

Run registry first aid again as well as Antispyware and see if it finds anything .........and then try spysweeper again ........( is it a trial version or the full version ?)
Do you have software installed from bulletproof software ? it keeps showing up ........as a bad entry .....

dl65

guiness · « **Reply #38 on:** March 06, 2005, 02:18:45 PM »

PC runs great. All the pages load, no more memory problems. Thank you very much. I have never been infected like that before. Spysweeper is a trial version but it detects 4x more than the other two. What do you recommend as an Antivirus? The one I have does not run in the background like Nortons did. I don't think it will prevent a virus before it happens. I'll do what you suggest and let you know if I find any problems. Do you know a program where I can retrieve deleted files. I think I jumped the gun and started deleting things before I knew what was going on. Again, thank you very much.

guiness · « **Reply #39 on:** March 06, 2005, 02:21:49 PM »

I used to have bps antivirus and spyware removal but it was deleted. There are alot of things still on the computer that know longer exist. Another is one of the programs where the first Trojan was found. I deleted the program but when I do a virus scan, it is the first program that is scanned.

dl65 · « **Reply #40 on:** March 06, 2005, 03:12:32 PM »

guiness......Glad to hear things are back to normal.....
As far as what do I use ..........

Anti- virus ......I use Norton 2004 .......It has never let me down ......I will update to Norton 2005 when my subscription expires . ( Norton is a bit of a resource hog ...but it does the job ) I have it set to do a full scan everyday .......

Spyware scanners .......
Ad-Aware SE professional ......I run it at least 3 times a week ....... always check for updates.

Antispyware ( Beta ) ......I have it set to autorun each day ....... and I like it because it auto updates .....

Registry First Aid ........I run it at least once a week .......And always if I delete some program ........

SpyBot Search and Destroy ........again at least once a week ........always check for updates .

SpySweeper from Webroot ........ Run it once a week.

System Mechanic 5 Pro ......... Run it once a week ......
I like this app because it has many very good features in it .....( not recomended for new users ......because there is the potential of throwing out things you require)
It has a very good defragger built into it ......as well as a seperate memory defrag and recover feature .

I also have my browser set to delete cookies , temp internet files and history each time I close the browser.

You mentioned you have things on the pc that you no longer use ....do a search and remove any empty folders or any bits and pieces you find related to those apps......
Learn how to use the search feature in the registry .......because there are numberous entries in there that you probably no longer require .......Registry First Aid finds a lot , not all .

The secret is once ......you get it running smoothly ....dont ignore the regular maintainence ......
Games have a bad habit of clogging up your system , particularly if your into on-line games .....

dl65

guiness · « **Reply #41 on:** March 06, 2005, 03:27:19 PM »

Thanks. I have all except System Mechanic 5. I'll look into getting that. Unfortunately, I let someone borrow an extra computer and when I got it back, it was in the seriously infected state. They had all the resources, just didn't bother to use them. Now that it is back to normal, I intend for it to stay that way. Once more, thanks for all of your help. I know where to come if I have any questions in the future.

Computer Hope Forum

News:

Author Topic: Several problems (Read 19926 times)

guiness

dl65

guiness

Flame

dl65

guiness

guiness

guiness

dl65

dl65

dl65

guiness

dl65

dl65

guiness

dl65

guiness

guiness

guiness

dl65

guiness

dl65

guiness

guiness

guiness

dl65

guiness

guiness

guiness

merlin_2

guiness

dl65

dl65

guiness

guiness

dl65

guiness

dl65

guiness

guiness

dl65

guiness