Jump to content


Photo

computer about to crash - urgent help needed for xp


  • This topic is locked This topic is locked
49 replies to this topic

#1 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 19 March 2009 - 07:32 AM

please help asap! computer slowing to a death crawl :techsupport: . noticed about month ago that IE was severely slow, OExpress barely functioning, and IE changed to Mozilla. last week, paperport would no longer scan, spybot froze, backups stopped in middle, hardware not recognized (couldnt access f removable drive), and free download manager doesnt work. restore goes back one month and says no changes can be made. ran combofix, dds, gmer rootkit nothing showed. malwarebytes found some infections. had computer vacuumed per your instructs; avast is not showing any virus; total memory is 653312; available 298700; disk space 28 gig used, 5.5 available. am attempting HJT and spybot - if it wont freeze up. malwarebytes log following. if i am in the wrong forum, sorry.. please redirect. thanks

Malwarebytes' Anti-Malware 1.34
Database version: 1861
Windows 5.1.2600 Service Pack 3

3/18/2009 12:13:05 AM
mbam-log-2009-03-18 (00-13-05).txt

Scan type: Quick Scan
Objects scanned: 75782
Time elapsed: 24 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.

Edited by welz, 19 March 2009 - 08:45 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,476 posts

Posted 21 March 2009 - 07:59 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 22 March 2009 - 09:02 AM

Hi,
I'm nasdaq and will be helping you.


available 298700; disk space 28 gig used, 5.5 available.

You should never have less then 15% of free available space on your hard disk.

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit
===

Delete Malwarebytes as it's no longer required.

Delete as many old OExpress messages that are no longer required.

Delete or move old files to a CD.

===

I need to see a fresh HijackThis log to continue.
Please post it.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 22 March 2009 - 06:12 PM

thanks for reply!!! you helped me greatly in the past! my main problem is that i cant even click on the files to copy - ive got 18000 jpgs that i want to backup and once highlightd, the computer freezes. also, it looks like i have several spybots and none of them run properly , or , its my computer that wont allow me. do you recommend i delete all the spybots (theyre also on the usb removable drive)?

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 22 March 2009 - 07:43 PM

i have several spybots and none of them run properly , or , its my computer that wont allow me. do you recommend i delete all the spybots (theyre also on the usb removable drive)?


YYes deleted them all. If possible via the Add/Remove programs list.
Then make sure all the folders associiated with this tool are deleted.

Find ways to remove un used programs or programs that you can reinstalled later.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 23 March 2009 - 12:18 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:22 AM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bankratemail@bankratemail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kodakgallery.com
O15 - Trusted Zone: http://*.mlb.com
O15 - Trusted Zone: http://coupons.smartsource.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfiel...criptX/smsx.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7906 bytes

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 23 March 2009 - 09:23 AM

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Disable Microsoft Windows Defender:

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

[lose all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -


Click on Fix Checked when finished and exit HijackThis.

Please run Notepad and copy the following text into a new file:

sc config PSEXESVC start= disabled
sc stop PSEXESVC
sc delete PSEXESVC


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.

Restart the computer normally.

Are you trying to copy many files together if so try just one.
Make sure it not very large as you may not have enough working space on the hard disk to complete the copy.

How much free space do you now have.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 23 March 2009 - 10:45 AM

thanks! im not seeing great results yet but i have hope. a few things...

used space 26.3 gb, free space 7.34 gb, capacity 33.7 gb. i am dreading trying to copy the jpgs, but will attempt shortly. questions:

my paperport scanner and other programs still seem corrupted - theyre not working. have yet to try to copy jpg files.

i noticed under computer properties that that all drives were turned off for system restore... should this be?

sorry to ask, but can you tell me now that ive deleted my shortcut for IE (i used bankrate for my homepage), i actually dont know how to get to IE again? does it hurt to restore that to the start menu?

can i move programs over to my usb removable drive that i dont use often? or is this drive just for file storage only?

each time i tried to download hijack this with Free Download Manager, getting error messages about loading. so i tried to uninstall, and continued to get msgs saying it had to be done manually. i have no idea how to get rid of these files and clean reinstall; its really interfering each time i try to download HT or Spybot. any suggestions?

what is the best way to backup and should i try that now before i attempt to copy jpg files to usb? should i run chkdsk?

i deleted a ton from OE and it is STILL slower than son's tricycle... i keep compacting and nothing changes.. any advice/direction w/this monster (OE)? thanks for your patience.

Edited by welz, 23 March 2009 - 12:18 PM.


#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 24 March 2009 - 08:00 AM

my paperport scanner and other programs still seem corrupted - theyre not working.

Can you reinstall the paperport scanner for not and see if the operations comes back.
===

i noticed under computer properties that that all drives were turned off for system restore... should this be?

I do not think so. It may have been set by you or the Operating system since you had so little space on the driver.

http://www.windowsre...ve-space-in-xp/
===

sorry to ask, but can you tell me now that ive deleted my shortcut for IE (i used bankrate for my homepage), i actually dont know how to get to IE again? does it hurt to restore that to the start menu?

No! or you can just create a shortcut to your desktop and run it when you want.

can i move programs over to my usb removable drive that i dont use often? or is this drive just for file storage only?

Best to leave the programs were they are. Too many registry settings created when you install a program.

each time i tried to download hijack this with Free Download Manager, getting error messages about loading. so i tried to uninstall, and continued to get msgs saying it had to be done manually.

If the uninstall does not work the only thing you can do for now is delete the folder where it's installed.

what is the best way to backup and should i try that now before i attempt to copy jpg files to usb?

Copy one file to your USB. If all is well try two or three files at a time.
Make sure the total space of the files you copy is not equal or greater than the free space you presently have.

should i run chkdsk?

yes and after defrag your computer.
If you get to copy more files to your USB then again do a Defragmentation.

i deleted a ton from OE and it is STILL slower than son's tricycle... i keep compacting and nothing changes.. any advice/direction w/this monster (OE)? thanks for your patience.

Lets see if you have an improvement after the defragmentation of your hard disk.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 24 March 2009 - 03:35 PM

thanks for being such a patient resource and sorry to drag this out.... but things are back to the way they were and im losing it!! :techsupport:

first off, after copying tons of files, i got jammed up and when i did ctrl, alt , delete, it came up that * 'end program - c2c not responding' . what concerns me is this looks like malware. what should i use to check?

ill see if i have the discs for paperport reinstall.

i think outlook express is causing some issues because each time i use it, it goes to a white screen and then minutes later, it comes back. its a mess. IE is very slow again. im leary about using defrag until i get a little more resolved. but i will. i say that because a while back i tried it, and i lost a ton- for good. do you recommend any other cleanup methods before i bite the bullet w/defrag.?

one good thing is im able to copy the jpgs onto the usb drive. can you tell me if there is any way i can compare the original folder to the copy folder to ensure i got everything copied? i think a lot of jpgs are duplicates and its getting mind boggling.

do you know of any good sites for OE help? im thinking theres corruption there connected to IE being so delayed/slow.

Edited by welz, 24 March 2009 - 05:34 PM.


#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 25 March 2009 - 08:41 AM

first off, after copying tons of files, i got jammed up and when i did ctrl, alt , delete, it came up that * 'end program - c2c not responding' . what concerns me is this looks like malware. what should i use to check?


Never see this c2c not responding. I looked in google but did not find anything I can related to.
To you have any idea what c2c is?
===

How to reinstall or repair Internet Explorer in Windows XP
http://support.microsoft.com/kb/318378

Follow these instructions under:
Method to follow if you have Internet Explorer 7 or Internet Explorer 8

p.s.
Do not install I.E. 8 for now.
===

In the same article have a look at this and follow the instructions.
Method 3: Repair Internet Explorer 6 and Outlook Express 6 by using the System File Checker in Windows XP

Let me know where you stand.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 25 March 2009 - 07:31 PM

<<Never see this c2c not responding. I looked in google but did not find anything I can related to. To you have any idea what c2c is?>>

heres what i found from the follwoing website. im still so flippin tied up w/this computer i havent had time to investigate it thoroughly , so please advise how to rid.

http://www.bleepingc....dll-13610.html
This is an undesirable program.

This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums.
Name: {29F97553-FBD6-33D1-BFC1-47A024D1875C}
Filename: c2c.dll
Command: C:\Windows\System32\ c2c.dll
Description: Added by the Troj/Sifr-A information-stealing Trojan. This file also installs the following files in the same folder as c2c.dll: Nero7Keygen.exe,
Paradox.nfo, file_id.diz. It also installs these files in the Windows system folder: c2c.dat.
File Location: %System%
Startup Type: This startup entry is started automatically via the following Windows Registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\ShellExecuteHooks
Under that key will be a value containing a CLSID. That CLSID can be found under HKEY_CLASSES_ROOT\CLSID\ and contains the filename that is to be loaded.
CLSID: {29F97553-FBD6-33D1-BFC1-47A024D1875C}

The c2c.dll file is installed and used by Sifr.
(click on the name(s) to read more about the infection).
c2c.dll Automatic Detection
WARNING!!! c2c.dll file is related to spyware. Your computer's security and privacy may be at risk. We recommend you run a scan of your computer to detect any spyware threats.

Download SpyHunter's Spyware Scanner.
Automatically detect c2c.dll.

i hope this is reliable as far as malware goes... im not sure if its linked to my router or wireless. their remedy looks like... Download and extract the Autoruns program by Sysinternals to C:\Autoruns.

also, i repaired IE7 and i ran scannow... i dont think it ran right because i got a quick flash and when i checked into it, it said that usually means a reported error. no change in the computer. i ran regcure for the heck of it, and its showing some 2000 problems found.... ill wait to proceed with your above instructs til i hear from you.

thanks

Edited by welz, 26 March 2009 - 11:49 AM.


#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 26 March 2009 - 08:52 AM

This tool will help us identify and clean the infection.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply with a fresh HijackThis log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 27 March 2009 - 10:29 PM

well i would love to try that... but , today my IE7 wasnt working well so i tried to restore system since i enable the proprties to turn on restore.. and now, i have NO desktop. nothings working. im beat.

ok, im in safemode and cant figure out how to disable avast (it wasnt showing anywhere) - i think i may have disabled it from the all programs menu. also in searching google, apparently avast can interfere with system restore. windows console has been installed.

Edited by welz, 27 March 2009 - 11:37 PM.


#15 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 27 March 2009 - 11:49 PM

please see reply above. im hoping avast was disabled.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:09 AM, on 3/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
F:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bankratemail@bankratemail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kodakgallery.com
O15 - Trusted Zone: http://*.mlb.com
O15 - Trusted Zone: http://coupons.smartsource.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfiel...criptX/smsx.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 5756 bytes


ComboFix 09-03-26.03 - Malz 2009-03-28 0:18:32.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.263 [GMT -4:00]
Running from: c:\documents and settings\Malz\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090327-0] *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 )))))))))))))))))))))))))))))))
.

2100-02-23 14:35 . 2001-02-22 09:54 768 --a--c--- c:\program files\x73_lut.dat
2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a--c--- c:\program files\ACMonitor_X73.exe
2009-03-26 10:20 . 2009-03-27 23:22 <DIR> d-------- c:\program files\RegCure
2009-03-22 22:37 . 2009-03-22 22:37 <DIR> d-------- c:\program files\CCleaner
2009-03-22 10:17 . 2009-01-09 15:19 1,089,593 --------- c:\windows\SYSTEM32\DLLCACHE\ntprint.cat
2009-03-17 23:35 . 2009-03-17 23:35 <DIR> d-------- c:\documents and settings\Malz\Application Data\Malwarebytes
2009-03-17 23:34 . 2009-03-17 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 20:35 . 2009-03-15 20:35 250 --a------ c:\windows\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 03:39 --------- d-----w c:\program files\SPAMfighter
2009-03-23 05:01 --------- d-----w c:\program files\Trend Micro
2009-03-23 04:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-23 03:33 --------- d-----w c:\program files\ewido anti-malware
2009-03-23 01:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 00:13 --------- d-----w c:\program files\Google
2009-03-23 00:12 --------- d-----w c:\program files\Coupons
2009-03-18 03:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-14 23:49 --------- d-----w c:\program files\Stamps.com Internet Postage
2009-03-13 15:43 --------- d-----w c:\program files\Linksys EasyLink Advisor
2009-02-26 13:44 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 15:09 --------- d-----w c:\program files\Java
2009-02-22 18:52 --------- d-----w c:\documents and settings\Malz\Application Data\Elluminate
2009-02-21 23:09 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2009-02-21 23:04 --------- d-----w c:\program files\Verizon
2009-02-21 23:04 --------- d-----w c:\program files\Common Files\Motive
2009-02-18 18:10 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-02-09 11:13 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-28 23:08 --------- d-----w c:\program files\Common Files\Application
2009-01-17 02:35 3,594,752 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2006-09-02 17:55 439,296 -c--a-w c:\documents and settings\Malz\remote.exe
2002-09-24 12:24 61,440 -c--a-w c:\windows\INF\i386\onetUSD.dll
2002-07-09 12:23 36,864 -c--a-w c:\windows\INF\i386\Vizmicro.dll
2002-05-20 12:20 172,032 -c--a-w c:\windows\INF\i386\viceo.dll
2002-05-20 12:02 225,280 -c--a-w c:\windows\INF\i386\rtscan.dll
2001-08-03 22:29 13,824 -c--a-w c:\windows\INF\i386\Usbscan.sys
2001-07-26 20:58 47 -c--a-w c:\program files\ACMonitor_X73.ini
2001-07-05 16:46 8,116 -c--a-w c:\program files\OSLO3071b2.USB
2001-05-08 20:36 114,688 -c--a-w c:\program files\lxarscan.dll
2001-04-23 18:22 1,437 -c--a-w c:\program files\gtx73.ini
2008-09-14 01:36 16,384 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
2008-09-14 01:36 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
2008-09-14 01:35 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
2008-09-14 01:36 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
backup=c:\windows\pss\CallWave.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
backup=c:\windows\pss\EPSON Background Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Malz^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\Malz\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
c:\program files\Picasa2\PicasaMediaDetector [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
c:\progra~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-11-20 10:06 178688 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 02:04 122933 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-04-02 20:07 389120 c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 08:59 126976 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a--c--- 2005-06-01 12:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 08:59 155648 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\progra~1\mcafee.com\agent\McAgent.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
c:\progra~1\mcafee.com\agent\mcregwiz.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\progra~1\mcafee.com\agent\McUpdate.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2006-01-19 11:06 11776 c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
c:\program files\NetWaiting\netwaiting.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---h----- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
c:\windows\system32\NeroCheck.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
--a--c--- 2002-09-24 08:21 86016 c:\program files\Visioneer OneTouch\OneTouchMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
-----c--- 2004-04-11 21:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2003-10-31 20:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-03-05 16:07 2260480 f:\spybot - search & destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.5.0_10\bin\jusched.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-24 23:45 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-10 21:40 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 02:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Custom Uninstall Tracking]
c:\docume~1\MARYJO~1\LOCALS~1\Temp\InstallHelper.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
--a------ 2009-01-30 17:52 1553920 c:\program files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_UninstallTracking]
c:\docume~1\MARYJO~1\LOCALS~1\Temp\InstallHelper.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\progra~1\mcafee.com\vso\mcvsshld.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\progra~1\mcafee.com\vso\mcmnhdlr.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
c:\progra~1\Yahoo!\YOP\yop.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
c:\program files\Zone Labs\ZoneAlarm\zlclient.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
c:\program files\Google\Gmail Notifier\gnotify.exe [BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2008-04-19 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2008-04-19 20560]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [2004-10-24 26488]
S3 PhoneTrayDriver;PhoneTrayDriver;c:\windows\SYSTEM32\DRIVERS\ptdrv.sys [2005-10-18 21170]
S3 SaiHFF0C;SaiHFF0C;c:\windows\SYSTEM32\DRIVERS\SaiHFF0C.sys [2007-07-16 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\SYSTEM32\DRIVERS\saiuFF0C.sys [2007-07-16 19584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{363fa01e-6274-11da-95a8-000f1f75a6b2}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\EasyShare Registration Task.job
- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16 []

2009-03-27 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (TERMINALMADNESS-Malz).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

2009-03-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-03-28 c:\windows\Tasks\NetWaiting.job
- c:\progra~1\NETWAI~1\NETWAI~1.EXE []

2009-03-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-03-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []

2009-03-28 c:\windows\Tasks\User_Feed_Synchronization-{EC257655-351B-43B5-806C-60C3D30E8D65}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://bankratemail@bankratemail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: kodakgallery.com\www
Trusted Zone: mlb.com
Trusted Zone: smartsource.com\coupons
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Malz\Application Data\Mozilla\Firefox\Profiles\d1vut0ym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Malz\Application Data\Mozilla\Firefox\Profiles\d1vut0ym.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\1.4.681.27779\npCIDetect7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 00:25:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2009-03-28 0:33:57
ComboFix-quarantined-files.txt 2009-03-28 04:32:34
ComboFix2.txt 2009-03-17 01:20:48
ComboFix3.txt 2007-07-17 14:10:54

Pre-Run: 8,283,885,568 bytes free
Post-Run: 8,281,341,952 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

275 --- E O F --- 2009-03-24 00:57:47

Edited by welz, 27 March 2009 - 11:52 PM.


#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 28 March 2009 - 08:21 AM

In your c:\windows\Tasks\ folder you have a these tasks that the files are missing.
If you do not use these anymore delete them from the folder.

2009-03-27 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (TERMINALMADNESS-Malz).job
- c:\progra~1\mcafee.com\vso\mcmnhdlr.exe []

2009-03-28 c:\windows\Tasks\NetWaiting.job
- c:\progra~1\NETWAI~1\NETWAI~1.EXE []

2009-03-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-03-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []
===

I suggest you repair Internet Explore for the article I gave you ealier.

How to reinstall or repair Internet Explorer in Windows XP
http://support.microsoft.com/kb/318378
===

Can you boot in normal mode and submit a fresh HijackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 29 March 2009 - 08:51 PM

-i already fixed IE with that link. i will try again.
-also i noticed that when i ran task manager, aawservice.exe was always running (lavasoft i dont use), so i disabled it. and it still continues to run although it is never used. how to disable it?
-do you think the problem is registry?

problems still the same.. i can barely use outlook express it is so slow; same with IE.. there are endless freezes, white screens, delays, and unresponsive programs that i have to terminate. for OE problem, i read somewhere about placing text in the registry to enable windows mesenger - do you know about this? im running out of options.
thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:29 PM, on 3/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bankratemail@bankratemail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.kodakgallery.com
O15 - Trusted Zone: http://*.mlb.com
O15 - Trusted Zone: http://coupons.smartsource.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfiel...criptX/smsx.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6439 bytes

Edited by welz, 29 March 2009 - 09:19 PM.


#18 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 29 March 2009 - 10:43 PM

EUREKA! my god that was the most painful computer ordeal that i can remember...
could you please check my hjt log anyway, but i deleted a registry item for outlook express and then used your link again for IE7 and things seem better.
paperport ok. outlook very good. have yet to try free download manager. but can you tell me, what would make these programs work again?
also, what should i do about service running aaw (lavasoft) to disable (as in previous post)?
thanks for all your patience and help

#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 30 March 2009 - 09:04 AM

Disable Microsoft Windows Defender:

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Then stop this process
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe


Open HijackThis
Click: None of the above, just start the program.
Click: Config
Click: Misc Tools
Click: Open Process Manager. Look for the process and click on Kill Process.

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

Delete this folder in bold if found.

C:\Program Files\Lavasoft\Ad-Aware\

Restat the computer normally.

Enable Windows Defender.
===

For the programs that are not working I would just reinstall them in the same folder.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#20 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 30 March 2009 - 08:08 PM

thanks. i must have killed the lavasoft process one way or another in my delirium...
can you answer the following please:

whats the worst that would happen if i ended the lavasoft process thru task manager? im afraid maybe thats what i did. its not showing thru HJT nor in my task manager anymore.

also, why would deleteing a string in the registry for outlook express fix this? what would that have to do w/other non related programs working again?

may i delete any old logs that i have found? all sorts of them.

also, please advise how best to backup now. then should i run defrag?

can you advise what IE version i should be using? and xp service?

is it ok to switch between IE and mozilla?

thanks for all! i will donate!

#21 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 31 March 2009 - 07:35 AM

whats the worst that would happen if i ended the lavasoft process thru task manager? im afraid maybe thats what i did. its not showing thru HJT nor in my task manager anymore.

It's OK using Hijackthis is just an other way to do it.

also, why would deleteing a string in the registry for outlook express fix this? what would that have to do w/other non related programs working again?


I do nt know. What string did you delete and where did you get the information.
I will try for find out for my need also.

may i delete any old logs that i have found? all sorts of them.

If you know what they are yes. Keep them in your recycle bin for a week in case you delete something your need.

To remove Combofix use this fix.
Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

also, please advise how best to backup now. then should i run defrag?

Backup you files to a CD or a USB.
If you need more space on the hard disk then delete them.
When All is complete then do a Defrag.

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

You are good with Ver. 7. and SP3.

is it ok to switch between IE and mozilla?

Yes.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
How did I get infected in the first place?
http://spywareinfofo...showtopic=60955
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#22 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 31 March 2009 - 07:20 PM

heres what i used to fix outlook express, which also effected my IE7 (i think)

http://www.dslreports.com/faq/7326

After removing Windows Messenger, Outlook Express takes forever to load! Why? (#7326)
This is because Outlook Express is integrated with Windows Messenger. When Messenger is removed using some of the popular uninstall methods, there is one registry key left behind that causes Outlook Express to take a long time to load. On some computers, this may be accompanied by an entry in the error log saying "The server {FB7199AB-79BF-11D2-8D94-0000F875C541} did not register with DCOM within the required timeout"

To fix this, start REGEDIT.EXE and navigate to the key:
HKEY_CLASSES_ROOT\CLSID\{FB7199AB-79BF-11d2-8D94-0000F875C541}
You can also do a search for this key to get there easily.

In this key, you will find the keys InProc32 and LocalServer32. In both of these keys, there is a default key. Change the default key to a empty string. Reboot your computer after making the change.

NOTE: Backup your computer and system registry before proceeding.

NOTE: This FAQ item is applicable only to Outlook Express, NOT Outlook.
----------------------------------------------------------------------------------

i will look into the link you provided. sorry to admit, but i got over ambitious last night and defragged before a complete backup. would i notice if there was an issue? my main concern is the jpg files - i copied many of them but the defrag looks like it couldnt defrag the areas of kodak where they were. hopefully all is ok.

also did the cleanup for combofix and got an error msg (win 32... something about couldnt install on xp) but then said uninstalled.

my only other quest is, my desktop fonts are different. and the taskbar is very small fonts and clock. tried many fixes such as right click, changing properties. any suggestions?

thanks! hopefully all will be well tomw w/the conficker!!!

Edited by nasdaq, 02 April 2009 - 09:10 AM.


#23 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 01 April 2009 - 07:30 AM

Have you seen this article?

How to Change Fonts and Colors of Desktop Items.
http://support.microsoft.com/kb/140752
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#24 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 01 April 2009 - 08:20 PM

thanks and yes i did see that article but it doesnt pertain to the taskbar. at least i dont see it. any ideas on taskbar?

what did you think of the deletion from the registry? why would that impact other programs?

Edited by welz, 01 April 2009 - 09:16 PM.


#25 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 02 April 2009 - 09:25 AM

I Googled this string with quotes "taskbar fonts"
A number of suggestions look interesting.

This one in particular.
http://www.trap17.co...tons_t9883.html

Try this suggestion by Trap FeedBacker

Trap FeedBacker
Change Font Size On Taskbar Buttons

It didn't work for me until I changed from the XP "style" to the "Windows Classic Style"
I changed it by going to:
Display Properties
Appearance tab
Windows and Buttons drop down box


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#26 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 03 April 2009 - 10:40 AM

one last tip, if you dont mind, am i starting a problem again if i start w/theh google toolbar again? right now im back to pretty much basics on the comptuer.. thanks! for everything!

Edited by welz, 04 April 2009 - 09:30 AM.


#27 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 17 April 2009 - 09:27 AM

Glad we could help. :)

[Reopened]
This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#28 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,045 posts

Posted 11 May 2009 - 05:02 PM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#29 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 11 May 2009 - 06:17 PM

welz

I'm listening please submit a fresh HijackThis log for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#30 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 14 May 2009 - 08:27 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:26 AM, on 5/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfiel...criptX/smsx.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_6.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7073 bytes

#31 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 14 May 2009 - 10:37 AM

Your log is clean.

What problems if any are you having?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#32 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 14 May 2009 - 07:51 PM

very similar to before ... OE is starting to slow (but the string in the registry is ok); IE is taking longer to load; and my monitor is doing strange things like not coming on and flickering.
also, things 'seemed' to change after an install of an active x. maybe i should do a restore? what should my internet settings be?

Edited by welz, 14 May 2009 - 07:53 PM.


#33 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 15 May 2009 - 07:46 AM

IE is taking longer to load; and my monitor is doing strange things like not coming on and flickering.

Could it be that your graphics card or monitor are failing?


things 'seemed' to change after an install of an active x. maybe i should do a restore? what should my internet settings be?


On the XP you can use a good System restore point to revert to what if was prior to installing the ActiveX.
This tutorial should help you.
http://www.microsoft...ew_03may19.mspx

===

While you check the above, let me check further.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#34 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 16 May 2009 - 05:52 PM

do you want me to post the contents of the log, o/w, how do i include it as attachment? forgot (sorry)..

#35 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 17 May 2009 - 07:56 AM

Copy and paste it in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#36 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 17 May 2009 - 09:02 PM

ComboFix 09-05-16.05 - Malz 05/16/2009 18:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.250 [GMT -4:00]
Running from: c:\documents and settings\Malz\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090516-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\MailSwitch.ocx

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2100-02-23 18:35 . 2001-02-22 13:54 768 -c--a-w c:\program files\x73_lut.dat
2100-02-08 20:03 . 2001-05-11 15:39 53248 -c--a-w c:\program files\ACMonitor_X73.exe
2009-05-13 21:03 . 2009-05-13 21:03 -------- d-----w c:\program files\Common Files\Application
2009-05-13 21:02 . 2009-05-16 13:17 -------- d-----w c:\program files\SPAMfighter
2009-05-05 21:49 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 21:49 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 21:49 . 2009-05-05 21:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-04 01:19 . 2009-05-04 01:19 -------- d-----w c:\program files\CleanUp!
2009-04-24 02:58 . 2009-04-24 02:58 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-24 02:38 . 2009-04-24 02:49 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-24 02:38 . 2009-04-24 02:38 -------- d-----w c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 02:57 . 2004-09-07 21:23 -------- d-----w c:\program files\Common Files\Adobe
2009-04-16 19:12 . 2004-08-29 01:17 72928 -c--a-w c:\documents and settings\Malz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 05:22 . 2004-08-23 23:25 -------- d-----w c:\program files\Common Files\AOL
2009-03-30 03:01 . 2009-03-30 03:01 -------- d-----w c:\program files\ACW
2009-03-23 05:01 . 2007-07-23 19:43 -------- d-----w c:\program files\Trend Micro
2009-03-23 03:33 . 2006-05-24 22:00 -------- d-----w c:\program files\ewido anti-malware
2009-03-23 02:37 . 2009-03-23 02:37 -------- d-----w c:\program files\CCleaner
2009-03-23 01:24 . 2004-08-23 23:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 00:13 . 2004-08-30 15:18 -------- d-----w c:\program files\Google
2009-03-23 00:12 . 2007-06-23 19:20 -------- d-----w c:\program files\Coupons
2009-03-18 03:07 . 2004-08-31 13:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 14:22 . 2002-08-29 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-24 00:32 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 18:10 . 2009-02-18 18:11 410984 ----a-w c:\windows\system32\deploytk.dll
2001-07-26 20:58 . 2000-01-11 16:50 47 -c--a-w c:\program files\ACMonitor_X73.ini
2001-07-05 16:46 . 2001-07-20 14:48 8116 -c--a-w c:\program files\OSLO3071b2.USB
2001-05-08 20:36 . 2000-12-05 19:56 114688 -c--a-w c:\program files\lxarscan.dll
2001-04-23 18:22 . 2100-02-08 19:53 1437 -c--a-w c:\program files\gtx73.ini
2009-02-05 05:52 . 2004-11-09 16:56 848 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-11 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave4"= serwvdrv.dll
"wave5"= serwvdrv.dll
"wave6"= serwvdrv.dll
"wave7"= serwvdrv.dll
"wave8"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
backup=c:\windows\pss\CallWave.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
backup=c:\windows\pss\EPSON Background Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MLB.TV NexDef Plug-in.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
backup=c:\windows\pss\MLB.TV NexDef Plug-in.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Malz^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\Malz\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [4/19/2008 8:47 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [4/19/2008 8:47 AM 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [3/12/2009 10:44 AM 184968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 PhoneTrayDriver;PhoneTrayDriver;c:\windows\SYSTEM32\DRIVERS\ptdrv.sys [10/18/2005 12:31 PM 21170]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [10/24/2004 10:32 AM 26488]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4/23/2009 10:38 PM 33176]
S3 SaiHFF0C;SaiHFF0C;c:\windows\SYSTEM32\DRIVERS\SaiHFF0C.sys [7/16/2007 11:07 PM 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\SYSTEM32\DRIVERS\saiuFF0C.sys [7/16/2007 11:07 PM 19584]
.
Contents of the 'Scheduled Tasks' folder

2009-05-16 c:\windows\Tasks\defrag.job
- c:\windows\SYSTEM32\dfrgntfs.exe [2002-08-29 00:12]

2009-05-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{EC257655-351B-43B5-806C-60C3D30E8D65}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Malz\Application Data\Mozilla\Firefox\Profiles\d1vut0ym.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Google Updater\1.4.681.27779\npCIDetect7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-16 18:37
ComboFix-quarantined-files.txt 2009-05-16 22:37

Pre-Run: 6,623,387,648 bytes free
Post-Run: 6,675,828,736 bytes free

158 --- E O F --- 2009-05-15 05:37

#37 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 18 May 2009 - 08:11 AM

Now that this ActiveX has been deleted how is the computer performing?
c:\windows\MailSwitch.ocx
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#38 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 18 May 2009 - 07:38 PM

i didnt realize the activex was deleted... still slow loading IE or mozilla which is even worse. please elaborate what is c:\windows\MailSwitch.ocx . thanks.

#39 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 19 May 2009 - 08:17 AM

I checked Google on this .ocx it's being reported by Kaspersky at PassWord steeler.

C:\WINDOWS\MailSwitch.ocx Infected: Trojan-PSW.Win32.Agent.liq

For your security I suggest your change all your passwords.
===

In post no 33 I asked if you had a good System Restore point.
Did you check it?
===

Let's use this online scanner (don't worry, it doesn't delete anything, it only detects).

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#40 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 19 May 2009 - 09:25 PM

i will try restore point also. forgot to respond but did catch it. thanks.

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 19, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 19, 2009 16:20:30
Records in database: 2197368


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\

Scan statistics
Files scanned 133507
Threat name 5
Infected objects 15
Suspicious objects 0
Duration of the scan 05:32:26

File name Threat name Threats count
C:\Documents and Settings\Malz\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1

C:\Documents and Settings\Malz\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1

C:\Documents and Settings\Malz\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1

C:\Documents and Settings\Malz\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1

C:\Documents and Settings\Malz\My Documents\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1

F:\backup 2009\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1

F:\backup 2009\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1

F:\backup 2009\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1

F:\backup 2009\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1

F:\backup 2009\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1

F:\docs on c\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1

F:\docs on c\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.g 1

F:\docs on c\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1

F:\docs on c\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1

F:\docs on c\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1

The selected area was scanned.

#41 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 20 May 2009 - 07:44 AM

You can delete all the copies of the file setup_ares.exe

Can you do this repair?

Repair Internet Explorer 7.
How to reinstall or repair Internet Explorer in Windows XP
http://support.microsoft.com/kb/318378
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#42 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 21 May 2009 - 10:06 PM

ok i deleted those files. would there be a risk to repairing ie7? not sure why youre asking..

#43 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 22 May 2009 - 10:53 AM

Are you still having all those computer crashes and other problems?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#44 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 22 May 2009 - 05:19 PM

well i cant delete those files you mentioned.. i cant even find them although ive done a search! can you advise..

no crashe, but things are awfully slow.

i will repair IE7 now.

Edited by welz, 22 May 2009 - 05:20 PM.


#45 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 23 May 2009 - 07:54 AM

The files could be hidden.

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

If you cannot find them they they are not present.

There could however be some remnant entries in the registry.

Download the Registry Search Tool from here:
http://www.billsway....les/RegSrch.zip

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:
setup_ares.exe

Press 'OK'

The search will run for a while then alert you when it is finished.

Press 'OK' and copy the contents of the WordPad window and post in this thread.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#46 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 24 May 2009 - 07:46 AM

im getting an error msg, windows script host, when i run the regsrch... 'error: the system cannot find the file speciified. code 80070002' so i couldnt get it to run properly. i deleted two instances of that file but that was it.

#47 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 24 May 2009 - 12:22 PM

Install this latest VBRuntime files.

http://support.micro...om/gp/vbruntime

Install this one..

Visual Basic 6.0
VBRun60sp6.exe installs Visual Basic 6.0 SP6 run-time files
VBRun60sp6.exe is a self-extracting executable file that installs the latest versions of the Microsoft Visual Basic run-time files that are required by all applications that are created with Visual Basic 6.0. The files include the fixes that are included with Visual Studio 6.0 Service Pack 6.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#48 welz

welz

    Advanced Member

  • Full Member
  • PipPipPip
  • 139 posts

Posted 28 May 2009 - 05:47 PM

ran this again after i installed the program you mentioned and i got an error saying system cannot find the file specified ("script:c:\docume~1\mj...temp directory 1 for regsrch....")

#49 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 29 May 2009 - 07:44 AM

c:\docume~1\mj...temp directory 1

Can you delete all the files in this temporary folder?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#50 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 47,814 posts

Posted 21 June 2009 - 07:36 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button