Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91680 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved]áNeed help again, nasty attacks


  • This topic is locked This topic is locked
85 replies to this topic

#16 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 19 October 2009 - 01:25 PM

Now i'm confused. When I asked you to check the Properties of eapsvc32.dll, did you find it or not? You stated it was a Microsoft file, which I presumed meant you had located it, rather than a similarly named one.
Death to the salad eaters!

    Advertisements

Register to Remove


#17 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 19 October 2009 - 06:16 PM

Sorry, I did find it and it did say it was a Microsoft file. I also ran both the Jotti's and the Virus total and came up with nothing. 0-41 on the Virus total and the same as I posted on the Jotti's. Sorry for the confusion, I guess I was just looking at too many file names at the time. :blush:

#18 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 20 October 2009 - 02:24 PM

We'll have a little clean-up of stuff to see if we can get a bit more speed out of the PC, and then take a look for anything else nasty onboard:

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download TFC by OldTimer from here and save it to your Desktop.
  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.
3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it, and find a linky, here - it's free too!

5) Download and run StartUp Inspector.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Once you've done the above, and let me know how it went, do the below and post accordingly:

Download a copy of DDS by sUBs from one of the following locations: Link1; Link2; Link3
  • Double click the tool to run it.
  • You can read the screen that appears, or not - the tool runs anyway.
  • When the tool has finished, two Notepad windows will appear.
  • You need to save both as they will disappear when closed.
  • File > Save As... from the Toolbar will allow you to do this.
  • Copy and Paste both logs into your next reply.
  • Please check after posting that both logs are complete.

Death to the salad eaters!

#19 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 24 October 2009 - 05:11 AM

Done, Done, Done, Done, and Done. All went fine with the possible exception of the Startup thingy. It worked ok but I think I deleted some stuff I use. I think I've got everything going in the right direction now. I think I messed up your directions though, I was supposed to post back before I ran the dds but I've already ran it. I was trying to finish this morning as I've been trying to get it done all week without success. Things seem to be running pretty well now, machine is not so sluggish now although I haven't did much with it except the service stuff this week. I'll try to use it more this morning as it is Sat. and I can rummage around a little this morning. The dds logs follow and I'll add to this post if anything weird crops up today before you look at the logs and get back to me. Thanks as always for all the help, it is much appreciated. DDS (Ver_09-09-29.01) - NTFSx86 Run by Owner at 6:18:29.28 on Sat 10/24/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 ============== Pseudo HJT Report =============== uStart Page = hxxp://www.buckeyeplanet.com/forum/ uDefault_Search_URL = hxxp://ie.search.msn.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = uInternet Connection Wizard,ShellNext = hxxp://us9.hpwis.com/ uInternet Settings,ProxyOverride = localhost uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: {03dc87ec-20c4-4b2d-a172-c5db8d522792} - c:\windows\system32\dmcompos32.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll Trusted Zone: hgtc.edu\wavenet.administrative DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165073630062 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\2fptymhg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.buckeyeplanet.com/forum/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\2fptymhg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}(2) FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-10-22 18:43 <DIR> --d----- c:\docume~1\owner\applic~1\wsInspector 2009-10-22 16:26 <DIR> --d----- c:\program files\Startup Inspector for Windows 2009-10-22 06:20 <DIR> --d----- c:\docume~1\owner\applic~1\Auslogics 2009-10-22 06:20 <DIR> --d----- c:\program files\Auslogics 2009-10-14 12:25 236,544 a------- c:\windows\PEV.exe 2009-10-14 12:25 161,792 a------- c:\windows\SWREG.exe 2009-10-14 12:25 98,816 a------- c:\windows\sed.exe 2009-10-11 15:14 <DIR> --d----- c:\program files\ESET 2009-10-07 12:09 <DIR> --dsh--- c:\windows\system32\LocalService 2009-10-03 06:09 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache ==================== Find3M ==================== 2009-10-18 17:23 33,792 a------- c:\windows\system32\eapsvc.dll 2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll 2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll 2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll 2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-23 09:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe 2006-12-25 09:37 382 ac------ c:\docume~1\owner\applic~1\internaldb1942.dat 2006-12-25 06:54 49 ac------ c:\docume~1\owner\applic~1\internaldb41.dat 2006-12-22 10:34 69,632 ac------ c:\docume~1\owner\applic~1\internaldb2516.dat 2006-12-22 10:34 151 ac------ c:\docume~1\owner\applic~1\internaldb7852.dat 2006-12-22 10:34 0 ac------ c:\docume~1\owner\applic~1\internaldb4312.dat 2006-11-17 12:47 0 ac------ c:\docume~1\owner\applic~1\internaldb922.dat 2006-11-13 09:41 0 ac------ c:\docume~1\owner\applic~1\internaldb6480.dat 2006-11-13 09:41 0 ac------ c:\docume~1\owner\applic~1\internaldb8144.dat 2006-11-07 13:04 9,216 ac------ c:\docume~1\owner\applic~1\internaldb2633.dat 2006-11-07 13:04 0 ac------ c:\docume~1\owner\applic~1\internaldb7134.dat 2006-11-07 13:04 0 ac------ c:\docume~1\owner\applic~1\internaldb3407.dat 2005-10-29 07:01 784 ac------ c:\docume~1\owner\applic~1\mpauth.dat 2004-02-15 14:11 0 ac-sh--- c:\windows\sminst\HPCD.sys 2004-02-07 11:11 56 ---shr-- c:\windows\system32\7616F2B6AF.sys 2008-10-01 08:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100120081002\index.dat ============= FINISH: 6:21:54.79 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 10/18/2003 1:01:59 PM System Uptime: 10/24/2009 4:51:50 AM (2 hours ago) Motherboard: ASUSTeK Computer INC. | | P4G533LA Processor: Intel® Celeron® CPU 2.60GHz | PGA 478 | 2590/100mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 32 GiB total, 16.933 GiB free. D: is FIXED (FAT32) - 6 GiB total, 0.968 GiB free. E: is CDROM (CDFS) G: is Removable H: is Removable I: is Removable J: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP2044: 9/6/2009 12:34:51 PM - System Checkpoint RP2045: 9/7/2009 12:53:35 PM - System Checkpoint RP2046: 9/8/2009 1:33:57 PM - System Checkpoint RP2047: 9/9/2009 2:08:55 PM - System Checkpoint RP2048: 9/9/2009 7:43:41 PM - Software Distribution Service 3.0 RP2049: 9/11/2009 1:08:04 PM - System Checkpoint RP2050: 9/12/2009 1:53:20 PM - System Checkpoint RP2051: 9/13/2009 2:52:09 PM - System Checkpoint RP2052: 9/14/2009 2:53:06 PM - System Checkpoint RP2053: 9/15/2009 3:18:55 PM - System Checkpoint RP2054: 9/16/2009 4:11:19 PM - System Checkpoint RP2055: 9/17/2009 4:39:23 PM - System Checkpoint RP2056: 9/18/2009 5:10:13 PM - System Checkpoint RP2057: 9/19/2009 5:14:57 PM - System Checkpoint RP2058: 9/20/2009 5:20:05 PM - System Checkpoint RP2059: 9/21/2009 6:13:44 PM - System Checkpoint RP2060: 9/22/2009 6:29:56 PM - System Checkpoint RP2061: 9/24/2009 5:04:59 PM - System Checkpoint RP2062: 9/25/2009 5:52:46 PM - System Checkpoint RP2063: 9/26/2009 6:04:53 PM - System Checkpoint RP2064: 9/27/2009 7:05:18 PM - System Checkpoint RP2065: 9/28/2009 8:03:18 PM - System Checkpoint RP2066: 9/30/2009 12:33:15 PM - System Checkpoint RP2067: 10/1/2009 12:52:18 PM - System Checkpoint RP2068: 10/1/2009 7:32:57 PM - Software Distribution Service 3.0 RP2069: 10/3/2009 5:25:41 AM - System Checkpoint RP2070: 10/4/2009 8:11:17 AM - System Checkpoint RP2071: 10/5/2009 10:25:02 AM - Avg8 Update RP2072: 10/5/2009 10:35:43 AM - Avg8 Update RP2073: 10/6/2009 11:23:12 AM - System Checkpoint RP2074: 10/7/2009 12:14:22 PM - Avg8 Update RP2075: 10/8/2009 1:00:31 PM - System Checkpoint RP2076: 10/9/2009 1:31:27 PM - System Checkpoint RP2077: 10/10/2009 1:44:06 PM - System Checkpoint RP2078: 10/11/2009 1:52:02 PM - System Checkpoint RP2079: 10/12/2009 2:41:14 PM - System Checkpoint RP2080: 10/13/2009 3:00:01 PM - System Checkpoint RP2081: 10/14/2009 4:08:45 PM - System Checkpoint RP2082: 10/14/2009 6:23:16 PM - Software Distribution Service 3.0 RP2083: 10/15/2009 6:25:23 PM - System Checkpoint RP2084: 10/16/2009 7:20:46 PM - System Checkpoint RP2085: 10/17/2009 9:48:00 AM - Avg8 Update RP2086: 10/18/2009 9:59:41 AM - System Checkpoint RP2087: 10/19/2009 11:03:18 AM - System Checkpoint RP2088: 10/20/2009 1:45:56 PM - System Checkpoint RP2089: 10/21/2009 10:01:30 AM - Avg8 Update RP2090: 10/22/2009 10:05:21 AM - System Checkpoint RP2091: 10/23/2009 10:17:19 AM - System Checkpoint ==== Installed Programs ====================== ACDSee for PENTAX Ace Utilities Adobe AIR Adobe Flash Player 10 Plugin Adobe Media Player Adobe Reader 8.1.6 Adobe Shockwave Player 11.5 AGEIA PhysX v2.4.4 Apple Software Update Auslogics Disk Defrag AutoUpdate AVG 8.5 Blackhawk Striker from Hewlett-Packard Desktops (remove only) Blasterball 2 from Hewlett-Packard Desktops (remove only) Blasterball 2 Remix from Hewlett-Packard Desktops (remove only) Bounce from Hewlett-Packard Desktops (remove only) Cannonballs from Hewlett-Packard Desktops (remove only) Championship Bass CreativeProjects Critical Update for Windows Media Player 11 (KB959772) Crystal Maze from Hewlett-Packard Desktops (remove only) D-Link DMP-110 2.01.004 Dale Earnhardt 1951-2001 Director DivX DivX Content Uploader DivX Player DivX Web Player EA Network Play System Enhanced Multimedia Keyboard Solution ESET Online Scanner v3 Excavation from Hewlett-Packard Desktops (remove only) Five Card Frenzy from Hewlett-Packard Desktops (remove only) GdiplusUpgrade GemMaster 3 from Hewlett-Packard Desktops (remove only) GoldWave v4.26 Google Earth Google Gmail Notifier Google Video Player GSpot Codec Information Appliance HijackThis 2.0.2 Honeycombs from Hewlett-Packard Desktops (remove only) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Deskjet Preloaded Printer Drivers hp instant support HP Organize HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1200 series HP Photo and Imaging 2.0 - hp psc 2200 series HP Photo and Imaging 2.0 - Photosmart Cameras hp psc 1200 series hp psc 2200 series HP Update HPImageZone HPIZ Fix2 hpmdtab HpSdpAppCoreApp HPSystemDiagnostics Impossible Golf Indeo« software InfraRecorder InstantShare Intel® Extreme Graphics Driver IntelliMover Data Transfer Demo Java DB 10.3.1.4 Java™ 6 Update 14 Java™ 6 Update 6 Java™ 6 Update 7 Java™ SE Development Kit 6 Update 6 JFK Reloaded 1.1 LimeWire 5.1.2 Liv Tyler LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Malwarebytes' Anti-Malware Mars Rover from Hewlett-Packard Desktops (remove only) Marx Brothers Screen Saver Media Manager for WALKMAN 1.2 Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2003 Microsoft Money 2003 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Premium Microsoft Plus! Digital Media Edition Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works 7.0 Monty Python Screen Saver Mozilla Firefox (3.5.3) MSN Music Assistant MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Multimedia Card Reader MyDSC NASCAR Racing 1999 Edition NVIDIA Gart Driver NVIDIA Windows 2000/XP Display Drivers OmniPass OptiPix Pro Orbital from Hewlett-Packard Desktops (remove only) osu-fiesta-screensaver Otto from Hewlett-Packard Desktops (remove only) PC-Doctor for Windows Phoenix Assault from Hewlett-Packard Desktops (remove only) PhotoGallery Photosmart 140,240,7200,7600,7700,7900 Series Pinball Master Polar Bowler from Hewlett-Packard Desktops (remove only) PrintScreen PS2 PSShortcutsP Python 2.2 combined Win32 extensions Python 2.2.1 QFolder Quicken 2003 New User Edition QuickProjects QuickTime RecordNow! S3Display S3Gamma2 S3Info2 S3Overlay Sarah Michelle Gellar Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Sierra Utilities SkinsHP1 SkinsHP2 Slyder from Hewlett-Packard Desktops (remove only) SMG 01 SopCast 1.1.2 STX from Hewlett-Packard Desktops (remove only) Super Granny from Hewlett-Packard Desktops (remove only) TaxCut Deluxe 2005 toolkit TrayApp TurboTax Deluxe 2004 Uninstall Startup Inspector Unity Web Player Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Updates from HP Virtual Warfare from Hewlett-Packard Desktops (remove only) VLC media player 1.0.1 Web Savings from Ebates WebFldrs XP Weblink WexTech AnswerWorks WildTangent GameChannel (remove only) WildTangent Web Driver Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Service Pack 3 WinRAR archiver XviD MPEG-4 Video Codec ==== Event Viewer Messages From Past Week ======== 10/21/2009 10:03:19 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service. 10/21/2009 10:02:45 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service. 10/20/2009 7:39:59 PM, error: Service Control Manager [7034] - The Softex OmniPass Service service terminated unexpectedly. It has done this 1 time(s). 10/20/2009 7:39:59 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 10/20/2009 7:39:59 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 10/20/2009 7:39:58 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 10/19/2009 5:42:14 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified. 10/19/2009 5:42:14 PM, error: Service Control Manager [7000] - The D-Link DMP-110 NtJCMp3.Sys MP3 USB driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ==== End Of File =========================== Thanks again for the effort...

#20 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 24 October 2009 - 02:37 PM

It worked ok but I think I deleted some stuff I use.

Any idea what?
Death to the salad eaters!

#21 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 25 October 2009 - 06:53 AM

My g-mail notifier is the biggest one. I can still run it from the programs menu, just can't get it to run on startup again. If it's not good to run it on startup that is fine, it's a small price to pay for the machine to be running much better. Also, I think i've got some other old stuff I probably don't need running on startup but I don't know what the programs do. I guess I'm just not very good with using that startup inspector program. I've tried other ones in the past with no success either. Anyway, the AVG alerts are way down, very few the last few days and as I said, the machine is running much better. No redirects or IE explorer openings when using the computer normally. I still cannot use Google from the toolbar. Every time I click on a link it redirects. This mornings test was a search for Onkyo ( I need to replace my home theater receiver). Clicking on the Onkyo USA link provided in Google led me to a online virus test site. Switching to Yahoo the same search and the same link worked correctly, again no huge deal although I'm sure the people at Google wouldn't be too happy..

#22 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 25 October 2009 - 01:40 PM

OK, we'll start by getting Gmail back to it's best:

1) Create a Restore Point - this is standard procedure before making any registry changes.
A tutorial for System Restore is available here.

2) Copy the contents of the following box into Notepad. (Start > All Programs > Accessories > Notepad)
Make sure that you have no blank lines at the beginning, and one blank line at the end:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe"

Save it to your Desktop with the following name, including the quotation marks: "Regfix.reg"

3) Locate Regfix.reg on your Desktop and double click it.
Click on Yes in the confirmation window.

Should you have any unexpected problems after this fix run System Restore, selecting the Restore Point you have just created, and things should be back to normal.
reboot the PC and check that things are back to normal before you proceed. if they aren't, then let me know and don't continue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):
Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***
  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

Your version of Adobe Reader is out of date. You can get the latest version jhere.

Your version of VLC Media Player is also out of date. While I don't know that this poses a security risk, you can get the latest version here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Update the first two for security reasons, and the third if you wish, then reboot the PC and let me have a fresh HJT log and i'll look at removing some of the junk that you don't need at start-up manually.
Death to the salad eaters!

#23 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 25 October 2009 - 06:04 PM

Notifier did not start on reboot after 2 tries. The machine booted fine, albeit a little slow, and worked ok. Do you want me to do the other updates? Or do the restore first.

#24 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 26 October 2009 - 02:30 PM

Just let me have a fresh HJT log and we'll see what, if anything, actually happened with the regfix.
Death to the salad eaters!

#25 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 26 October 2009 - 05:46 PM

You've got it. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:48 PM, on 10/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buckeyeplanet.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {03DC87EC-20C4-4B2D-A172-C5DB8D522792} - C:\WINDOWS\System32\dmcompos32.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://wavenet.administrative.hgtc.edu
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165073630062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6127 bytes

    Advertisements

Register to Remove


#26 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 27 October 2009 - 02:16 PM

When you double clicked the reg file you created, what exactly happened?
Death to the salad eaters!

#27 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 27 October 2009 - 04:46 PM

If I remember correctly it asked if I wanted to change the registry, to witch I agreed then it asked something else, not sure what. I still have the desktop file if it would help to run it again.

#28 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 27 October 2009 - 04:47 PM

Double post , sorry

Edited by coastalbuck, 27 October 2009 - 04:50 PM.


#29 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 27 October 2009 - 04:58 PM

Run it again and see if the "something else" happens again and let me know what that is.
Death to the salad eaters!

#30 coastalbuck

coastalbuck

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 27 October 2009 - 05:13 PM

It wasn't really something else, first it asked if I wanted to add C:..... to the registry. When I clicked OK it just confirmed that it was added.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users