Jump to content


Photo

My HijackThis log file: suspicious entries?


  • This topic is locked This topic is locked
51 replies to this topic

#1 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 07 March 2006 - 08:56 PM

Hello, first time here :D
I use Windows XP OS
This is my first time using and posting a HijackThis log file. I hope I'm doing it correctly?
Problems I'm noticing occasionaly is my browser being very slow, and I'm on DSL.
Thanks in advance for looking and checking it out. If you could let me know what on this file
shouldn't be there and how to remove it, thank you!



Logfile of HijackThis v1.99.1
Scan saved at 9:07:40 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\DOCUME~1\Beth\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - http://www.geocities...ranslate1.0.txt
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128681248901
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


The 3 things that I see that look suspicious to me are:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


I do have Spybot Search and Destroy on my computer, so the second one above may be part of that. But, is it necessary? The other two (1st & 3rd) I have no clue about and seem suspicious to me.
Thank you in advance for any help, I appreciate it!!!


#2 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 09 March 2006 - 07:18 AM

Hello everyone! Just checking the status of my post of my HiJack This log to see if anyone had viewed and replied. I know you're all busy, I'll keep checking back, thanks!! :unsure:
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#3 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 11 March 2006 - 09:11 AM

Dear hayleyscomett, :)

Welcome to the SWI forums.

We are currently studying your log. :)
******************************

You are currently running HijackThis from a temporary folder. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted. Go to "My Computer", click on c:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or "HijackThis" and then please move the "HijackThis.exe" executable there.

Please restart your computer and then post a new HijackThis log. :)

#4 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 11 March 2006 - 06:39 PM

Thank you rambro for your reply :D

I did made a folder for HiJack This, placed the exe in there. I then did a restart on my computer, and ran HJT again. Here is the log.
Any help appreciated! I'm on DSL and my browser does seem to be running slow. There are 2 on the below log that puzzle me.
Thank you for checking into my log for me.


Logfile of HijackThis v1.99.1
Scan saved at 7:27:50 PM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - http://www.geocities...ranslate1.0.txt
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128681248901
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#5 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 11 March 2006 - 07:48 PM

Dear hayleyscomett, :)

(Note: Please read through these instructions a couple of times before executing the steps in this post.)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Before starting any cleaning steps, please disable the Microsoft Anti-Spyware real-time protection:
  • Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".
Next, open Microsoft Anti-Spyware.
  • Click on the Options menu, then Settings.
  • Select "Real Time Protection" from the left column.
  • Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
  • Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.

You can reenable it once your system is clean.
******************************************

Please download and run a Free Trial of Trojan Hunter at http://www.misec.net...rojanHunter.exe. Please restart your computer.

Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer.

Then please run the Panda scan here: http://www.pandasoft...n_principal.htm. Delete any viruses found, and restart your computer.
*******************************

Download, install, update, configure and run a scan with Ad-Aware SE at the following link: http://rstones12.gee...areSE_setup.htm

Restart your computer.
*************************

Click Start then Control Panel then Add and Remove Programs. Look for the following installed program/programs and if they are listed click on each one and then click on the Remove or Change button and if asked select "Yes" or "Ok" to remove:

Optional programs you can uninstall, through the Add/Remove program:

Viewpoint Manager provides automatic updates for ViewPoint products such as ViewPoint Media Player (and it comes bundled with AOL, AOL Instant Messenger, Compuserve, etc). This program can be run manually via Start -> Settings -> Control Panel by enabling auto-updates temporarily, re-booting and then disabling again. However, Viewpoint Manager is a media player often installed without the users' knowledge. If you do not want this software on your computer, then please uninstall it.

Uninstall the following program/programs through Add/Remove programs (if they exist):

Viewpoint or Viewpoint Manager or Viewpoint Media Player

Use the following link as a reference: http://ask-leo.com/viewmgrexe.html

Restart your computer.
************************

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

Optional Fixes

I highly recommend that you fix these items:

If you choose to remove Viewpoint Manager, put a check next to the following entry as well:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

This is is a task tray icon which is used as a shortcut to a number of QuickTime related features. You really don't need this in your system tray. It is safe to remove this from your startup. QuickTime's most common purpose is for watching movies commonly in the .mov format. I suggest you fix this line.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Optional folder/folders marked in blue to be deleted (if they exist):

If you uninstalled Viewpoint Manager you need to remove the next folder also:

C:\Program Files\Viewpoint

Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Restart your computer in normal mode, and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#6 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 12 March 2006 - 07:13 PM

Hello rambro! Wow, what an all day affair that was to do! I saved your instructions to a word pad doc. due to my printer being out of ink.
I followed all your steps and posted comments after each suggestion, so I'd know not to forget a step.
The only step I did not do was this one:

"Please run the Housecall online virus scan located at: http://housecall.tre.../start_corp.asp. Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system. When the scan is finished, please restart your computer."

Reason being, I could not get this one to run. I went to the website, clicked on the "scan here, it's free" link and the next page loaded, or so it said. Bottom of the browser said "done" but the progress bar would never fully load. Only 5 green bars loaded up. The screen was white, except for the left hand side which was a status box. It was greyed out and said "updating and starting housecall" with a progress bar underneath that. That bar never changed or moved. Only remained whiteI couldn't get anywhere with the site. I tried 3 times.

Here is the latest HiJack This log I just performed::

Logfile of HijackThis v1.99.1
Scan saved at 7:52:54 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - http://www.geocities...ranslate1.0.txt
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128681248901
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


I notice that the one called "O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)" is now gone.

Thaaaannnnk you!!!

I did remove that viewpoint manager as you suggested also.

May I ask what this one is ?? ::

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

I still don't understand that one, and it's also listed in my startup when I go to run and type msconfig and click on start up. It never used to be there, and I just don't know what it is or for.

Also, should I go back and put these settings back how they were?

* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.

Since that one is recommended shouldn't it be checked? (Maybe it is back to that after I had went from safe mode back to normal, I haven't checked.)

So far, my browser seems to be okay and running smoothly, although this is my first online experience, coming here, after cleaning as you had suggested. I hope it continues :D

Oh, and that Trojan Hunter Guard is down in my task bar by my clock, should I leave that on and in start up?

Gosh, look at me, asking more questions after you so graciously helped me with my system cleaning and log file.
Okay, have a look at this new log file and let me know if it's okay now and if you could answer the other questions as well that would be terrific!!

Thank you so much for all your help :cool:
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#7 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 12 March 2006 - 10:45 PM

Dear hayleyscomett, :)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


This is what I found through google:

Name - dumprep 0 -kordumprep 0 -u
Command - dumprep 0 -kdumprep 0 -u
Status - N
Description - Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out


See the following link: http://castlecops.co...umprep_0_u.html
*************************************

Also, should I go back and put these settings back how they were?

* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.

Since that one is recommended shouldn't it be checked? (Maybe it is back to that after I had went from safe mode back to normal, I haven't checked.)


Leave it. :)
********************

Oh, and that Trojan Hunter Guard is down in my task bar by my clock, should I leave that on and in start up?


Go to the "Trojan Hunter Guard" icon in the system tray of your computer. Right click on this icon and choose "Settings". In the "TrojanHunter Guard" dialog box "uncheck" the following checkboxes:
  • Load on startup
  • Enabled
Then press the "OK" button.
**********************************

The following line:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)


is actually:

PCTools Site Guard {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} L BHO iesdsg.dll PCTools Spyware Doctor


Since you have Microsoft Anti-Spyware installed on your computer, you can uninstall the "Spyware Doctor" antispyware software from your computer (i.e. if it exists on your computer).
***************************************

Reason being, I could not get this one to run. I went to the website, clicked on the "scan here, it's free" link and the next page loaded, or so it said. Bottom of the browser said "done" but the progress bar would never fully load. Only 5 green bars loaded up. The screen was white, except for the left hand side which was a status box. It was greyed out and said "updating and starting housecall" with a progress bar underneath that. That bar never changed or moved. Only remained whiteI couldn't get anywhere with the site. I tried 3 times.


At this point I do not know why "TrendMicro's Housecall" on-line scan did not complete its scan of your computer system. Dear hayleyscomett, did you disable the "Microsoft Anti-Spyware real-time protection" on your computer system (i.e. let me know in detail).

rambro :)

#8 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 12 March 2006 - 10:46 PM

Dear hayleyscomett, :)

Please register (it's free, don't worry) with PCPitStop and run the full diagnostic tests on your computer here: http://www.pcpitstop...top/default.asp. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me in a reply to this post.

rambro :)

#9 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 13 March 2006 - 07:22 AM

Thank you for getting back to me.

I will go and have a read about the [KernelFaultCheck] %systemroot%\system32\dumprep from the link you provided, thanks. I know there's a driver or something on computers that's called Kernel32 or something like that, so I figured it had something to do with that.

Okay, I will leave all settings regarding this:

""* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option."" as they are then. :cool:


I have now changed the settings for the Trojan Hunter Gaurd, thanks! Should I keep it on my operating system??

Aaaah, so that's what no name, no file is, huh, okay. I will do a check to see if I have that installed on my computer. I know I have Spybot S&D, but I didn't think I had the Spyware Doctor, but it's possible. I will check that out in a bit.

Yes, I did all the options you had suggested regarding the Microsoft AntiSpyware during the cleaning steps.
Before starting any cleaning steps, please disable the Microsoft Anti-Spyware real-time protection:

""Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).
Click on "Security Agents Status".
Click on "Disable real-time protection".

Next, open Microsoft Anti-Spyware.
Click on the Options menu, then Settings.
Select "Real Time Protection" from the left column.
Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.""

In fact, the settings are still that way now. I didn't revert them back. Should I???
Maybe that's the reason that I couldn't get Trend Micro to run?? It was odd, I clicked the links, went to the next page, then nothing. I never got an active x thing or a pop up or anything.

Okay, I will go and register with the PCPitStop next and do what you suggested and report back!

Thank you so much for all your help with this, I really appreciate it!
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#10 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 13 March 2006 - 07:53 AM

Dear hayleyscomett, :)

I have now changed the settings for the Trojan Hunter Gaurd, thanks! Should I keep it on my operating system??


Leave the Trojan Hunter software on your computer until after the 30 day trial period is over, then if you want you can buy the software or uninstall it through add/remove programs via your control panel.

In fact, the settings are still that way now. I didn't revert them back. Should I???
Maybe that's the reason that I couldn't get Trend Micro to run??


No, leave the Microsoft Anti-Spyware real-time protection off!!! I will have you re-enable these features at a later date. The reason I told you to disable the "Microsoft Antispyware" software is because it might interfere with applications like TrendMicro's Housecall online scan. Therefore don't revert back.

Did you try running TrendMicro's Housecall in Internet Explorer?

rambro :)

#11 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 14 March 2006 - 07:07 AM

Hi rambro. :wave: I just finished with the PC Pitstop web site. Here is the url for my results:

TechExpress link for your current results:
http://www.pcpitstop...R190WFYHFJS89RR

That was very interesting to read! I figured I could use more memory. I like how you can click on each part of the test and read the results.

Okay, now you've seen the inside of my puter, I await your analysis :D

Now I'm going to go and try that trend micro web site again.

Thanks again rambro :D
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#12 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 14 March 2006 - 08:15 AM

Okay, gave the Trend Micro site another try and no luck again :scratchhead:

I've attached a snapshot of my screen when I went there. You'll see that my IE browser says "done" down in the bottom left, but the progress bar, bottom middle, never went passed 4 bars. And the windows flag logo at top right was not moving.

Puzzling to me, and I even right clicked on my Microsoft AntiSpyware and shut it down before trying to go to that page.

attachment deleted.

Edited by hayleyscomett, 01 April 2006 - 11:29 AM.

" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#13 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 14 March 2006 - 10:13 AM

Dear hayleyscomett, :)

Okay, gave the Trend Micro site another try and no luck again


Dear hayleyscomett, forget about the Trend Micro site for awhile.

Puzzling to me, and I even right clicked on my Microsoft AntiSpyware and shut it down before trying to go to that page.


Dear hayleyscomett, didn't my previous instructions about turning off the Microsoft Antispyware realtime protection, disable the Microsoft Antispyware software?
*******************************************

From your PCPitstop results: http://www.pcpitstop...R190WFYHFJS89RR go an click on the link that says "Internet" then when the new web page pops up, click on the link that says "Adjust IE browser cache size" and follow the instructions that pop up on that page.
********************************************

I could not find how much memory (maximum memory) your computer system takes when searching through google. You may want to go to the following website: http://www.crucial.c...og=uslp_scanner , to see if it can tell you how much memory you will need, in case you want to "max out" (increase the memory) in you computer system in the future.
***************************************************************

I would like you to download some java software.

Go to the following link: http://java.sun.com/....0/download.jsp

This should bring you to a web site whose title is: Download Java 2 Platform Standard Edition 5.0

Click on the third download: The J2SE Runtime Environment (JRE) allows end-users to run Java applications

Note: The link itself should say: Download JRE 5.0 Update 6

Click on this link.

This should bring you to a web site whose title is: J2SE™ Runtime Environment 5.0 Update 6

Accept the License Agreement by clicking on its associated "radio/option" button.

Scroll to the box that says: Windows Platform - J2SE™ Runtime Environment 5.0 Update 6

Click on the link that says: Windows Online Installation, Multi-language and proceed with the download and installation.
(Note: It should also say: jre-1_5_0_06-windows-i586-p-iftw.exe - 237.80 KB)

Restart your computer and then post a new HijackThis log. :)

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#14 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 16 March 2006 - 07:45 AM

Hi rambro, sorry I haven't replied sooner.

"didn't my previous instructions about turning off the Microsoft Antispyware realtime protection, disable the Microsoft Antispyware software?"

I don't think so, I believe all it did was disable the real time protection. (which is still set that way) It didn't shut it down, but now I went and reread your instructions and rechecked the settings for MSAS and the boxs for "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection". are unchecked. However, when I did a restart it does show up on my task bar by the clock still. :scratchhead:

******************************************************

Okay, I went to the PCPitstop page and clicked on Adjust Browser Cache Size. It says: "The maximum size of your Internet Explorer browser cache is 2385 megabytes. This is a larger value than we recommend.
About Browser Cache Size
Generally, cache sizes above 100 megabytes waste disk space and can actually cause slower performance. Cache sizes below 10 megabytes may not provide enough temporary storage for the browser, and can cause low performance because of increased network activity."

I followed the steps, but I'm unsure as to what size to change it to?? If it's at 2385 mb now, what number should I put in there?

******************************

Here is the results of the maximum memory upgrade scan:

The Crucial System Scanner has completed the evaluation of your system. We've searched more than 20,000 systems to list only the memory upgrades guaranteed to work in your Crucial Scanner Results eMachines Imperial Motherboard.

The motherboard the system scanner identified, is what has been displayed to you on this web page. The parts and specifications listed are what your system supports. Select the upgrade you want, choose the quantity then click the 'buy' button.

Important! The Crucial System Scanner has determined that you only have one empty memory slot available for an upgrade. To maximize the performance of your system, consider purchasing the largest compatible upgrade your computer will support. Simply subtract the amount of memory currently installed from your computer's maximum memory capacity. This will give you the module size (number of megabytes) that we recommend. Just make sure you don't exceed the maximum amount of megabytes your computer can handle.

These 184-pin DIMM modules are compatible with your system.
Size of Upgrade Part # Specifications Price Qty/Buy
1GB CT402548 DDR PC2100 • CL=2.5 • UNBUFFERED • NON-ECC • DDR266 • 2.5V • 128Meg x 64
What does this mean? US $120.99
512MB CT402551 DDR PC2100 • CL=2.5 • UNBUFFERED • NON-ECC • DDR266 • 2.5V • 64Meg x 64
What does this mean? US $64.99
256MB CT402550 DDR PC2100 • CL=2.5 • UNBUFFERED • NON-ECC • DDR266 • 2.5V • 32Meg x 64
What does this mean? US $32.99

Crucial Recommends Start / Crucial Scanner Results / eMachines Imperial Motherboard

Crucial recommends this 184-pin DIMM DDR PC2100 module guaranteed to be compatible with your system and deliver the performance you need.


Details
512MB—CT402551
DDR PC2100
CL=2.5
NON-ECC

US $64.99

So I would need the $64.99 one and not the $32.99 one then??? It just so happens the my Uncle works with computers and would have no problem getting this memory upgrade for me and installing it. Should I go with the one that Crucial recommends ($64.99) or would the $32.99 one work okay for me???

***********************************

I'm installing the Java now. Once completed I will restart and then run HJT and post the results to you.

:D
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#15 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 16 March 2006 - 08:29 AM

rambro, my latest HJT log file ::

Logfile of HijackThis v1.99.1
Scan saved at 9:22:34 AM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - http://www.geocities...ranslate1.0.txt
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128681248901
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


***************
Thank you for all your help! I'll await further instruction. :rolleyes:
Beth
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#16 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 16 March 2006 - 10:59 AM

Dear hayleyscomett, :)

I don't think so, I believe all it did was disable the real time protection. (which is still set that way) It didn't shut it down, but now I went and reread your instructions and rechecked the settings for MSAS and the boxs for "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection". are unchecked. However, when I did a restart it does show up on my task bar by the clock still.


Ok, this was my misunderstanding, as long as you disabled the real time protection in the Microsoft Antispyware software (i.e. which you did :) ), then you are in good shape.
********************

I followed the steps, but I'm unsure as to what size to change it to?? If it's at 2385 mb now, what number should I put in there?


Change the size to 100 megabytes (MB). :)
*************************************

Here is what I can gather from the "The Crucial System Scanner" test that you performed on your computer.

You have a maximum of "two memory" slots, each memory slot can hold a maximum of 512 MB of RAM.

So if you wanted to "max" out the memory for your computer you would need: 512 MB + 512 MB = 1 GB, the maximum about of memory your system can support is 1 GB.

Other combinations you could come up with are 256MB + 256MB = 512 MB.

I would not go with a combination of 128 MB + 256 MB = 384 MB or 128 MB + 512MB = 640 MB or 256 MB + 512 MB = 768 (i.e. is possible to do) because in each memory slot (in your case, you have 2 memory slots), their should be the same size of memory for each slot.

My recommendation, max out your memory (i.e. 512 MB + 512 MB).

As for this information:

Details
512MB—CT402551
DDR PC2100
CL=2.5
NON-ECC


Just give this information to the clerk or sales person who you are buying the memory from.
******************************

Dear hayleyscomett, the reason why you started this post is the following:

Problems I'm noticing occasionaly is my browser being very slow,


That is why I had you run the PCPitstop tests and run the online scans (to check for spyware) to see what is causing the slow down in your Internet Explorer.

Can you get by with 128 MB of RAM in your computer?

Answer: Probably, but your computer performance would suffer.

Now I want to introduce another concept/idea to you. Here is part of a prevention speech I would give a user:

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here: http://www.mozilla.o...oducts/firefox/


Another browser you might consider using is called "Opera", here is a link: http://www.opera.com/

I would keep your Internet Explorer as a backup browser for "windows updates" and to perform online scans, because Internet Explorer contains a thing called "Active X", which the FireFox and the Opera browser do not have. For example, on my computer I am using the Mozilla's FireFox browser and I have Internet Explorer as a backup. I do this because I want to prevent my computer from getting spyware when I surf the Internet. The reason why I mention this is that it is something you might consider, you don't have to switch to another browser right away, but the option is available to you. :)

#17 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 16 March 2006 - 11:00 AM

Dear hayleyscomett, :)

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

Restart your computer.
  • Open Hijackthis, In the lower right corner click the "Config..." (Configuration) button.
  • Once in the "Configuration" panel, click "Misc Tools" button.
  • Then click the "Open Uninstall Manager..." button.
  • The "Add/Remove Programs Manager" panel should appear.
  • In this panel click the "Save list" button.
  • Save the "uninstall_list.txt" file to its default location.
  • Then copy and paste the notepad text that appears in the generated "unistall_list.txt" file in a reply to this post.


#18 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 19 March 2006 - 10:00 AM

Hello rambro, sorry to not have posted back sooner. Held up with my daughter for the last couple of days.
Here is the notepad document you want to review after I saved the list from HJT as you requested:

2Wire Wireless Client
42 Bit Scanner
Ad-Aware SE Personal
Adobe Acrobat 5.0
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Xenofex 2.0
Alien Skin Xenofex 2.0 Demo
America Online
AMP Font Viewer
AOL Instant Messenger
Arthur's Reading Games
Avance AC'97 Audio
BigFix
Bob the Builder
CC_ccProxyMSI
CC_ccStart
ccCommon
Clifford Reading
Clifford Thinking Adventures
CompuServe
Conexant SoftK56 Modem(M)
Eye Candy 3
Eye Candy 4000
Filters Unlimited 2.0
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hoyle Board Games
Hoyle Casino '99 Demo
Hoyle Poker
ICQ
Intel® Extreme Graphics Driver Software
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 8.10 Update Patch
Java 2 Runtime Environment Standard Edition v1.3.1_02
Little Bear Rainy Day Activities
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Works 6.0
MSRedist
Nero - Burning Rom
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Panda ActiveScan
PaperPort 6.5
PowerDVD
QuickTime
QuickTime for Windows (32-bit)
SBC Yahoo! Applications
SBC Yahoo! DSL Home Networking Installer
SBC Yahoo! Login
Scholastic's I SPY Junior
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Sesame Street Elmo's Art Workshop
Sierra Utilities
Spybot - Search & Destroy 1.4
Sqirlz Water Reflections
Symantec Script Blocking Installer
The Land Before Time Kindergarten Adventure
Translation Plug-in
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Visioneer 4400 Scanner
Winamp (remove only)
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Xenofex 1.0
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Toolbar for Internet Explorer

Good gravy that looks like a lot of stuff on my pc! Wow!! There are things on that I never use, ie: America Online (came with the pc) and ICQ (again, came with the pc). Should I un-install them??

I have read somewhere before that IE was not the best browser to be using. I may consider the Firefox browser for sure. So, say I was to get the Firefox browser, do I have enough memory right now (before any additional memory is bought) to run that browser?? I would just have both on my pc (IE and FF) and just use (launch) FF to browse the interent and do any online surfing?? And only use (launch) IE to do windows updates? Just making sure I understand before I make any decisions. Is my pc capable of having both browsers installed? (I'm sure it must be otherwise you wouldn't have recommended it).

I did go in and change the internet chache size to 100 mb, so that is taken care of. I alos ran the trojan hunter again yesterday, it found nothing. I also ran the AdAwareSE and it found like 4 cookies and 1 reg key, something called Alexa. I checked the items and I believe it quarantined them. I have no idea what the Alexa was, or how it got on my pc to begin with! That wasn't on the first initial scan that AA did for me when I first went and got it.

I'll await further advice/recommendations/directions from you :D thank you!!
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#19 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 19 March 2006 - 11:25 AM

Dear hayleyscomett, :)

So, say I was to get the Firefox browser, do I have enough memory right now (before any additional memory is bought) to run that browser?


Yes, both browsers will work with the amount of memory you now have installed on your computer.

I would just have both on my pc (IE and FF) and just use (launch) FF to browse the interent and do any online surfing?? And only use (launch) IE to do windows updates?


Yes, for the most part the above statement is true, however, their may be times where certain links (for example, links in which a video is played) when clicked will not work in the FireFox browser and will only work in Internet Explorer because of a thing called "ActiveX" controls, which Internet Explorer has but browsers like "FireFox" and "Opera" do not have (i.e. in this case you can always open the same link in Internet Explorer, for example, to see a certain video clip). However, As a general rule browse the Internet with either FireFox or Opera and use Internet Explorer for windows updates and for certain on-line scans.

If you decide to download the FireFox browser, you might consider adding this extension to the Firefox browser. Here is the link to this extension: http://flashblock.mozdev.org/. The above extension is optional (this blocks "Macromedia Flash content"), but I would first download the FireFox browser and get a feel for this browser and then if the Micromedia flash content (popups) bothers you, you can then install the above extension (i.e. remember you have to crawl before you can walk - therefore get used to the FireFox browser first and when you feel comfortable with it, then you can add extensions to this browser).
*************************

Dear hayleyscomett, in your first post you mentioned that you were using DSL to connext to the Internet.

Can you tell me in detail who your Internet Service Provider (ISP) is?

rambro :)

#20 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 22 March 2006 - 08:39 AM

Hello rambro :wave:

Here is all the information on my DSL connection. Hope this is what you wanted.

My ISP is through my phone service company, SBC. It's SBC Global, which is powered with Yahoo, unfortunately. That would explain all the Yahoo crap on my pc. Here's the link for SBC. http://sbcglobal.prodigy.net/ When I set up my DSL account I chose not to use/install their browser, and stayed with IE as my default browser. Recently, AT&T bought SBC, so I'm not sure if anything will change with my provider or not. So far, nothing has changed. Interestingly enough, my neighbor got DSL through the same phone company, some time after I had gotten mine, and she says that hers is faster then mine.

The modem that my DSL goes through is called the 2 Wire Portal. Here is a link for that as well. http://www.2wire.com/

Now, my device doesn't look like either of these ones on these two pages --> http://www.2wire.com/?p=73 or http://www.2wire.com/?p=8
Mine is listed on this page --> http://www.2wire.com/?p=106 under the 1000 series models. Mine is the
1800HG/1801HG** ADSL* 4 HyperG Yes No VoHPNA Classic B model. If you click the "spec sheet" link there, you'll see a .pdf file of what mine looks like and all it's details. Maybe mine is an 'older' model, and perhaps an upgrade to a newer modem might help with the speed of my browsing the internet??

I apologize if this is too much info, just trying to help you to understand all details of my connection to the internet. If you need anything else, just ask :D

I think I am going to seriously consider the Firefox browser. What you said made sense to me. Would I still be able to use Outlook Express mail client having Firefox?

Do you need another HJT log or anything?

Thanks so much for all your help!!
Beth
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#21 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 22 March 2006 - 02:04 PM

Dear hayleyscomett, :)

Since you have Microsoft Antispyware software on your computer, you can uninstall the following program through the Add/Remove programs via the Control Panel:

Yahoo! Anti-Spy
************************************

There are things on that I never use, ie: America Online (came with the pc) and ICQ (again, came with the pc). Should I un-install them??


This is strictly up to you. If you don't use these applications and you want to uninstall them, then do so. Your choice. :)
**************************************

I think I am going to seriously consider the Firefox browser. What you said made sense to me. Would I still be able to use Outlook Express mail client having Firefox?


Yes, give Firefox a try. You will still be able to use Outlook Express, just keep Internet Explorer as your backup because Outlook Express comes with Internet Explorer. In fact, I was looking over your programs and you have a great deal of graphical programs, picture/photographic enhancement software and a few online games that might work well in an "Internet Explorer" browser (ActiveX environment) as compared to a "FireFox" browser, but give it a try to see if these programs can work in this type of browser.
***************************

I also want to give you some information on how to "sure up" your IE settings:

IE settings changes

Here's some recommended changes in IE settings that will help protect you.

Go to the Tools menu, then choose Internet Options.

Click on the Privacy tab and click on the Advanced button.

In the box that pops up, check both the Override automatic cookie handling and
Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block".
Click OK

Go to the Security tab & click the Custom Level button.

The following ActiveX section settings should be changed as follows:

* Download signed ActiveX controls: Prompt
* Download unsigned ActiveX controls: Prompt
* Initialize and script ActiveX controls not marked as safe: Disable

In the Microsoft VM section (if it exists), set Java Permissions to "High Safety".

In the Miscellaneous section, set Installations of desktop items to "Prompt"

Click on the Advanced tab and uncheck both Install on demand items.

Click on Apply, then OK.

#22 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 22 March 2006 - 02:06 PM

Dear hayleyscomett, :)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

1. Prepare Ewido Security Suite for use:
  • Download the trial version of Ewido Security Suite.
  • Install the Program.
  • Click on the "update" button on the left hand side of the window.
  • Click on "Start Update".
2. When installing, under 'Additional Options' uncheck:
  • Install background guard
  • Install scan via context menu
3. You should not run the program yet so Exit the program.
4. Reboot into Safe mode. To reboot in Safe mode:
  • Restart your computer and immediately begin tapping the F8 key on your keyboard.
  • If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
5. Run Ewido Security Suite:
  • Open Ewido Security Suite.
  • Click on the "scanner" button on the left hand side of the window.
  • Click on "Complete System Scan".
  • After the scan is completed, save the logfile from the scan.
6. Restart your computer normally to return to normal mode.
7. Prepare in your reply:
  • Please post a fresh HijackThis log.
  • Please post the Ewido Security Suite log.
In addition, let me know in detail how your computer system is running after performing the above steps. :)

#23 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 28 March 2006 - 11:29 AM

Rambro,

Since you have Microsoft Antispyware software on your computer, you can uninstall the following program through the Add/Remove programs via the Control Panel:

Yahoo! Anti-Spy


Yahoo's anti-spy has been removed :D

I also went into IE settings and made the recommended changes you suggested :D

Went and got the tril version of the Ewido Security Suite and ran the scan and saved the logfile.

Here is the results from the Ewido scan:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:45:17 AM, 3/28/2006
+ Report-Checksum: C95F18F8

+ Scan result:

C:\Documents and Settings\Beth\Cookies\beth@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Beth\Cookies\beth@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup


::Report End

**********************

Here is a fresh new scan log of Hijack This for you also:


Logfile of HijackThis v1.99.1
Scan saved at 12:10:51 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - http://www.geocities...ranslate1.0.txt
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128681248901
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

**************************************************************

My browser and computer system seem to be operating and running smoothly with no hangups or slowness as I had noticed before. :D I have sent an email to my uncle about getting me the upgrade memory module. I'm sure he'll have no prob getting that for me and installing it for me. I'm also going to contact my ISP and find out if I can get a newer modem for my DSL connection.

Once you give me a clean bill of pc health I believe I am going to go ahead and get the Firefox browser as well. I bought another graphic program yesterday, Scrapbook Factory Deluxe. I also use Paint Shop Pro. I'm waiting to install the new program until my pc has the memory upgrade. I do get the windows notice about "windows is low on virtual memory" sometimes when running my Paint Shop program, so I think I should wait on the Scrapbook program installation til that memory is installed. Once the memory is installed, I shouldn't get that windows message any longer, right??? :scratchhead:

I did notice yesterday that the quicktime thing showed up again on my pc in the startup log. I had Hijack this remove it again as you instructed earlier in a previous reply. Why does that keep coming back? It is still listed in add/remove. Should I uninstall that completely from add/remove?? I do run the Ad Aware SE periodically since installing that and it always finds cookies that are questionable. I remove them and I'm assuming these keep coming back due to IE's vulnerabilities?? :scratchhead:

I hope I haven't strayed off track here with you and I do most assuredly appreciate all of your help, advice and recommendations :D

I'll await further instruction, thanks!!
Beth
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#24 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 28 March 2006 - 04:02 PM

Dear hayleyscomett, :)

I do get the windows notice about "windows is low on virtual memory" sometimes when running my Paint Shop program, so I think I should wait on the Scrapbook program installation til that memory is installed. Once the memory is installed, I shouldn't get that windows message any longer, right???


See the following article on "Low Virtual Memory": http://www.askbobran...ual_memory.html.
***************************

I did notice yesterday that the quicktime thing showed up again on my pc in the startup log. I had Hijack this remove it again as you instructed earlier in a previous reply. Why does that keep coming back? It is still listed in add/remove. Should I uninstall that completely from add/remove??


Go to Start -> Run -> type "msconfig" (without the quotes) -> The "system configuration utility" dialog box should pop up.
In the "System Configuration Utility" dialog box -> Choose the "Startup" Tab and uncheck the "qttask" checkbox and if their the "iTunesHelper" checkbox.
Click the "OK" and then restart your computer. This shold prevent the quicktime application from starting at windows startup.
**************************************

I do run the Ad Aware SE periodically since installing that and it always finds cookies that are questionable. I remove them and I'm assuming these keep coming back due to IE's vulnerabilities??


To cover myself, here are things you might want to use in the future:

Clean your IE cookies and cache:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
*********************

Clean other Temporary files + Recycle bin:
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
or

Do a Disk Cleanup frequently on your computer system: See the followin link: http://www.theelderg...nup_utility.htm.
Make sure the following checkboxes are checked:

Temporary Files
Temporary Internet Files
Recycle Bin
********************

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the top of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
or

In the Tools -> Options dialog box in the FireFox browser their is a button called "Settings". Press this button. A "Clear Private Data" dialog box will popup. I usually have the following checkboxes checked.

In the "Private Data" section check the following checkboxes:
  • Browsing History
  • Saved Form Information
  • Download History
  • Cookies
  • Cache
  • Authenticated Sessions
In the "Settings" section check the following checkboxes:
  • Ask me before clearing private data.
Then press the "OK" button to get out of the "Clear Private Data" dialog box.
Then press the "OK" button to get out of the "Options" dialog box.

Then in the FireFox browser, go to Tools -> choose the "Clear Private Data" option -> the Clear Private Data dialog box will pop up and choose the "Clear Private Data Now" button.

#25 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 28 March 2006 - 04:04 PM

Dear hayleyscomett, :)

(Note/Disclaimer: Hi hayleyscomett, in this next post, I would like you run another antivirus scan. When you download and install this application, it likes to install itself in a temporary folder by default, which is not a good idea. The thing is that if you ever tried to do a Disk Cleanup of your system (which is a good idea and should be done frequently) these files will be deleted and the program will not run. My instructions below, will give you a way to install this program, without it installing itself (by default) in a temporary folder which could be deleted (you probably should have the winzip application on your computer to install the application to a different directory.). See also the link on removing temporary files: http://www.tech-reci...cipes&rx_id=463. Good Luck!) :)

I would like you to download a program to your computer that will check for bad, hidden, files that the HijackThis program may not recognize.

Please create a folder on your desktop and rename it to something like "MWAV or MWAV application".

Please download the free MWAV antivirus tool from here: ftp://ftp.microworldsystems.com/download/tools/mwav.exe.

Save the downloaded "executable file" to this folder and "extract it" to this folder. Do a search for a file called mwavscan.com and double click on this file. The MWAV antivirus tool application should run.

(Note #1: The application will ask you if you want to purchase this product say "NO".)

Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

(Note #2: When you run the MWAV antivirus tool scan, I do not want the log produced when pressing the view log button. When you run this application to scan your computer, you will see two panes or panels. By pressing the "view log button" it will give you the information in the top pane or panel. I want you to post the information in the bottom pane or panel. The title for the bottom pane/panel should say: Virus Log Information. Please post the information in the bottom pane/panel in a reply to this post.)

(Note #3: Some users were having trouble copying the information in the bottom pane or panel. To copy the information from the bottom pane or panel, highligt the information in the "bottom pane/panel" with your mouse then on your keyboard press the following keys simultaneously: Ctrl + c. This will copy the information in the bottom pane to your clipboard. Then open up your notepad application, and paste the information from your clipboard into notepad and save the notepad file as "mwav.txt". Or you can past the contents of the clipboard directly into your next post using the paste function or pressing the following keys on your keyboard simultaneously, Ctrl + v.)

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#26 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 11:34 AM

rambro ....

"Go to Start -> Run -> type "msconfig" (without the quotes) -> The "system configuration utility" dialog box should pop up.
In the "System Configuration Utility" dialog box -> Choose the "Startup" Tab and uncheck the "qttask" checkbox and if their the "iTunesHelper" checkbox.
Click the "OK" and then restart your computer. This shold prevent the quicktime application from starting at windows startup."


I do this all the time! It still comes back!! In fact, it used to be listed in startup in msconfig only once, but now, it's listed twice!! The one instance is unchecked and remains that way, the othre instance of it, I go in, uncheck it, do a restart and then a day or two later, I notice it boots up again. I go to msconfig and sure enough, it's got a checkmark in it again!

Not only qttask thing, but now I have 2 of those dumprep0-k things also! Now, I also have dumprep0-u. I just don't undersand what those are. I went to the link you supplied earlier on that and read, but still don't understand them. What they're for and why they're there etc...

Here's a screen shot of what my msconfig looks like, so you can see the 2 qttasks and the 2 dumprep things:

Edited by hayleyscomett, 01 April 2006 - 11:35 AM.

" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#27 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 11:45 AM

I have to download and install yet another virus scanner :gasp: That makes how many now? Trojan Hunter, Ewido SS, Ad Aware Se, and now this one? :scratchhead: Plus I have HJT and went to at least 2 or 3 online places, panda etc... already and scanned. Why is all this necessary? :huh: I'm going to lose track of what I need to go and remove and what to keep. I don't think I have a virus anywhere on my pc. Another one, ooookaaaay .... I have printed your instructions and will now go and do the MWAV one........... sorry, just a bit frustrated today.... I will keep you posted on results. :blink:
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#28 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 12:12 PM

Dear hayleyscomett,

On your Quicktime problem, you have two options:

Option #1

Looking at your screenshot for the System Configuration Utility:

Have both checkboxes for qttask unchecked (i.e. uncheck both checkboxes for qttask).

Option #2

Go to your Add or Remove Programs via your control panel and uninstall your "Quicktime" application.
**************************

In your System Configuration Utility leave the following alone: dumprep 0 -k and dumprep 0 -u, they are safe entries (i.e. don't worry about it).
****************************

The MWAV antivirus tool scan might be a "little" overkill, but if it can spot any bad, hidden, malware files, then I am going to have you run it. It is better to be safe then sorry!!!.

Dear hayleyscomett, go to google and do some research on "dumprep 0 -k" and "dumprep 0 -u", if it bothers you, but I am telling you they are good entries. You are doing good job so far, keep up the good work and let me see that MWAV antivirus tool scan. :thumbsup:

rambro :)

Edited by rambro, 01 April 2006 - 12:17 PM.


#29 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 12:13 PM

sorry, duplicate post.

Edited by rambro, 01 April 2006 - 12:14 PM.


#30 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 12:46 PM

hi rambro :D

Okay, I will leave the dumprep0-k thingy's alone then. I believe you, I do! I was just freaked when I saw that now I had 2 of them.

I did the mwav scan, here is the log you wanted from the bottom panel of virus log information:: It said total errors 1 and total critical objects 6 : as follows :

Object "007guard.com hijacker Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.


***********

I guess it did find something, huh? What now?

***********

I will go and run a fresh HJThis now and post the results from that next :D

Thank you for all your help, and I apologize if my frustration sounded directed at you, it wasn't. I appreciate all your doing for me!

Beth
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#31 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 12:51 PM

rambro ...

Here is my latest HJThis log from running it just now. I am going to go remove that qttask thing now.

*****

Logfile of HijackThis v1.99.1
Scan saved at 1:48:13 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Hi Jack This\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - http://www.geocities...ranslate1.0.txt
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128681248901
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#32 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 02:06 PM

Dear hayleyscomett, :)

This is a FYI item, see the following link about a "memory dump": http://www.answers.c...pic/memory-dump
*******************************

You need to disable your system restore, because if you go back in time with "System Restore", it's possible that you will be infected again. Here is how to do that:

(Note: By disabling "System Restore", all existing restore points will be deleted. However, if these existing restore points contain spyware, then you should follow the rest of these instructions).

To turn off Windows XP System Restore

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
4. Click Apply.
5. A dialog message box should pop up asking you, Do you want to turn off System Restore? Click Yes to do this.
6. Click OK.
7. Restart Windows.

To turn on Windows XP System Restore

Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.

See the following link as a reference: http://service1.syma...src=sec_doc_nam

Please restart your computer and then post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

#33 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 02:07 PM

Dear hayleyscomett, :)

In my previous post, I had you clear out (remove) your system restore points from your computer. In this post I would like you to create a "restore point". This is how it is done:

To create a restore point:

1. All Programs->Accessories->System Tools->System Restore
2. Press Create a restore point and press Next.
3. In the Restore point description box, type a descriptive name to append to the date and time.
4. Press Create.

Let me know in a reply to this post when the "restore point" has been created. :)

#34 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 03:17 PM

rambro :cool:

Okay, followed your steps, turned off system restore, restarted pc, then turned system restore back on, then restarted again.

My pc has never been restarted so many times, lol! I don't see how turning it off, restarting and then turning it back on and then restarting again gets rid of what that mwav scan found, but okay. It takes my pc anywhere from 10 to 15 minutes to toally restart. And, the windows thing loads before my Norton does so I always see a windows notification " your computer may be at risk, Norton Antivirus is turned off (which it's not) click this balloon to fix this problem ". Then, Norton fully loads and that message disappears, is that normal? Anyhow.......

Here is new Hijack This log:

********************

Logfile of HijackThis v1.99.1
Scan saved at 4:15:22 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hi Jack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delphiforums.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128681248901
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gatew...h/weblaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

**************

I will now go and follow your instructions to create a restore point :thumbsup:
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#35 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 03:21 PM

Rambro ........ Restore point has been created! :D
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#36 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 06:11 PM

Dear hayleyscomett, :)

And, the windows thing loads before my Norton does so I always see a windows notification " your computer may be at risk, Norton Antivirus is turned off (which it's not) click this balloon to fix this problem ".


When the above happens, click the balloon and tell me in detail what happens. :)

#37 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 09:12 PM

good evening rambro :wave:

That happens most everytime, not always, when I restart. The notification shield will show up first, before my Norton Antivirus and my Norton Internet Security icons load down there by the clock in the taskbar.
It's Windows security shield, like in Windows xp security center. As for what happens, nothing really, it's like a red shield icon (it's normally blue if you look in windows security center) and a balloon bubble will come up that says "your computer may be at risk. Your anti virus is turned off - click this balloon to fix this " or something like that very similiar. After a minute or two then my Norton icons appear and it goes away. I have clicked on it before, but at the moment I'm drawing a blank as to what it said. Something about getting virus protection and that not all anti virus programs being compatible or something like that.

I can reboot right now and try to capture a screen shot of it to share with you. What I normally have down there by the clock is (from left to right) Norton Int. Sec. then Norton Antivirus then my scanner icon and then my volume icon and that's it. (Microsoft antipspyware used to come on also, but during all of these procedures with you we have that off and not loading at startup right now).

I'll go restart and try to capture a screen shot for you.
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#38 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 09:21 PM

Dear haleyscomett, :)

I just want to know what you see after you click the balloon.

rambro :)

#39 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 09:33 PM

Dear haleyscomett, :)

I was re-reading your last couple of posts. I want you to do the following.

Open up your windows security center program (it is located in your control panel). See if the "virus protection" section is turned on. If it is not turned "on", see if you can turn it on in the windows security center. Let me know in detail what happens.

rambro :)

#40 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 09:45 PM

Yes, it's on. It states that my virus protection is on. I just think it doesn't recognize my antivirus right away or something. Since that comes on (loads) before my NIS icons do. I took a screen shot for you to see when I just now rebooted. I use NIS 2004, maybe that's why?? I don't have the $$ to upgrade right now, but when renewal for my definitions comes due in Sept. I will probably upgrade to the latest one then.

Here's what I found out through the security center:

Which antivirus and firewall programs does the Security Center detect?The Security Center can detect if you are using firewall or antivirus software on your computer. However, it can't detect all firewall and antivirus solutions.

There are some antivirus and firewall solutions that the Security Center does not detect at all. This group includes all hardware firewall solutions, such as network routers. For more information, click Related Topics.
Some antivirus and firewall programs are designed so that information about the programs can be reported to the Security Center. Such programs can provide specific information about their status, such as whether or not an antivirus signature file is out of date.
The Security Center can detect the presence of some other firewall or antivirus programs, even if they don't provide information about their status. However, the Security Center can only detect whether or not such a program is installed on your computer; it can't report the status.
If you're unsure about the status of your antivirus or firewall solution, or if you receive a Security Center alert that seems incorrect, please check with your antivirus or firewall vendor to find out if the software you're running is supported in the Security Center.

****************************

Like I said previously, first my volume icon loads, then my scanner, then I see that red shield (see attached picture), then I see my Norton AV icon and then finally my Norton IS icon. Once the anti virus one pops up, that red shield goes right away.

:scratchhead:
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#41 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 09:50 PM

""Dear haleyscomett,

I just want to know what you see after you click the balloon.""

When I do click that balloon, since everything isn't fully loaded, it takes a long time before anything comes up. By the time the windows security center window does come up by then Norton has loaded and it reports that its on then.

Like now, the red shield is gone, both my Norton icons are there and enabled and all is well.
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#42 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 09:55 PM

Dear hayleyscomett, :)

Ok, I understand the situation. As long as the windows security center says that your antivirus is turned on, then that is very good. It took me a couple of posts to find out, but I don't see any problems with that balloon popping up. Their is no problem here. Now for my next post....

rambro :)

#43 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 09:56 PM

sorry, duplicate post.

Edited by rambro, 01 April 2006 - 10:00 PM.


#44 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 10:00 PM

I must have really confused you ... you're repeating yourself :p

lol (you posted the same post twice)

Sorry, it's late, I'm punchy, too much caffeine! :blink:

Anxiously awaiting further instructions ... glad to know the security center thing is not a big deal, whew!

What's next? Are you sorry you took my case? :D
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#45 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 10:08 PM

Dear hayleyscomett, :)

I gave this following post to another user, it might also apply to you.

On your computer you really need only one antivirus program and one firewall program to keep you protected.

Your Norton antivirus software (manufacturered by Symantec) is better than having "no" antivirus software at all; however, it is "not" the only antivirus software around. Their are better antivirus software programs out there.

When your yearly subscription expires for Norton Antivirus, I suggest you switch to a different Antivirus software. Norton Antivirus software is a big and bloated antivirus software program and really does not do a good job protecting your system from infection (however, it is better than no antivirus at all). I would also stay away from McAfee Antivirus software. I suggest switching to antivirus products like Nod32, AVG or TrendMicro.

If you do decide to install a different antivirus software program, here are instuctions on how to do this:

Here are the steps you should take to install your new antivirus software:1. Create a folder on your desktop and name it "Antivirus"
2. Download the .exe or .zip file to this folder but do not run the executable or zip files respectively at this time.
3. Restart your computer, without connecting to the "Internet".
4. Uninstall your old antivirus software through the "Add/Remove" programs via your Control Panel (in your case, uninstall your Norton Antivirus software).
5. Install your new antivirus software, without connecting to the "Internet".
6. Restart your computer and re-connect to the "Internet" and run your new antivirus software and fix anything it finds.


#46 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 10:14 PM

Dear hayleyscomett, :)

RE-ENABLING MICROSOFT ANTI-SPYWARE

Open Microsoft Anti-Spyware.
Click on the Options menu, then Settings.
Select "Real Time Protection" from the left column.
Check "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
Click the Save button.
***********************************

Everything looks great --- your HijackThis log appears to be clean. :)
Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :p

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

IE-Spyad
IE-Spyad blocks access to malicious websites so you cannot be redirected to them from an infected site or email.
A tutorial on using IE-Spyad may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here: http://www.mozilla.o...oducts/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm or Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D

#47 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 10:14 PM

It's interesting that you should suggest that because I was just now reading other threads here at SWI and a thread of interest was one called Norton, is it worth it, or something like that. Most suggesting that Norton is just a resource hog and not as good as it once was. I believe I agree. I just may get something else once my subscription runs out next Sept. I've read alot of complaints on Norton lately and this just proves it to me. Why should anyone shell out the kind of $$ for a program such as Norton only to have it be compromised and not reliable.

Okay, aside from that, because as you said, it's better then no antivirus.......... I will make a switch when the time comes.


Now, what's my next step here? How was my last Hijack This log? What about the items that the MWAV scan found?? Is our time here together over? lol
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#48 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 10:29 PM

Okay, printing out your latest set of instructions for me to take and follow. Thank you very much for being so patient with me and helping me out. I cannot thank you enough. :thumbsup:

As for the windows update, I have my pc set to get them automatically and I believe last time I checked, maybe two weeks ago or so, there were no critical updates for me. :thumbsup:

You had me download the Ad Aware SE earlier, and I believe I will keep this one on :D

I already have Spybot S&D and use it regularly, so that's good. :rolleyes:

The other 3 I'll have to go and get. (SpywareBlaster-SpywareGuard-IE-Spyad) thanks for the recommendation. :D

I am going to go ahead and give Firefox a try, thanks for that also!! :D

My Norton (for what it's worth) :grrr: updates and runs regularly every day. :unsure:

As for a firewall, I didn't realize you could have another one put on a pc. Doesn't windows come with one? And, my 2wire portal (dsl connection modem) has a firewall also. Can ya run all those and not have compatability issues?? :scratchhead:

I will most certainly have a look at the article on how I got infected in the first place, you can count on it :D
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#49 hayleyscomett

hayleyscomett

    Advanced Member

  • Full Member
  • PipPipPip
  • 199 posts

Posted 01 April 2006 - 10:50 PM

rambro ........

Just curious, I still have the 6 critical objects that the MWAV scan found:

Object "007guard.com hijacker Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "broadcastpc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.


How exactly do I get rid of these?? It also found 1 error, but it doesn't tell me where the error is or any details on it.

Thanks!
" If we all can't live together, then we're going to die alone. " ~ Jack Shephard ~ LOST ~ The best show on television!

#50 rambro

rambro

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 1,180 posts

Posted 01 April 2006 - 10:57 PM

Dear haleyscomett, :)

As for a firewall, I didn't realize you could have another one put on a pc. Doesn't windows come with one? And, my 2wire portal (dsl connection modem) has a firewall also. Can ya run all those and not have compatability issues?? headscratch.gif


I would not use the firewall provided by windows XP. It is good that your dsl connection modem comes with a firewall, but I would invest in a "Third Party" firewall software program. Stay away from "Sygate" Firewall, only because "Symantec" which manufactures "Norton Antivirus" bought the company that manufactures the Sygate Firewall.

rambro :)




Member of UNITE
Support SpywareInfo Forum - click the button