Hey Crunchie, it's me again, it took me hours to post the last thread, I'm having big problems on my system, posting, sending emails and things of that nature and I'm sure it's a system problem not an internet connection error cos my other system works fine on the same connection...food for thought...thanks a million again..praise..praise...praise to you

Hey Crunchie, I just thought I'd let you know that I can post and send emails OK now so it was probabaly just a temporary glich and I was probabaly being paranoid on that one

No, the recovery console is a different process .

==

Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

O4 - HKCU\..\Run: [rrqcvqca] C:\WINXPSP2\system32\xktctkpa.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\Antivirus 2008\Antvrs.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Hi there Crunch, how's life in the Land Downunder? Well the PC seems to be

working great, so hopefully I'll beable to return it to my friend in better

shape than it was in when I got it....I can't believe he didn't have any

antivirus installed. Well at least I'm not feeling so guilty now.
I just want to give you a massive shout out for being so dedicated to my post

and for all your fab advise... you're a dude... a much appreciated super cool

dude...so thanks a million and hopefully I can mark this thread as

solved..what do you think??




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:33 ب.ظ, on 2008/05/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINXPSP2\System32\smss.exe
C:\WINXPSP2\system32\winlogon.exe
C:\WINXPSP2\system32\services.exe
C:\WINXPSP2\system32\lsass.exe
C:\WINXPSP2\system32\svchost.exe
C:\WINXPSP2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXPSP2\system32\spoolsv.exe
C:\WINXPSP2\system32\svchost.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINXPSP2\Explorer.EXE
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\WINXPSP2\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINXPSP2\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -

C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program

Files\GetRight\xx2gr.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -

C:\Program Files\E-Book Systems\FlipAlbum 6 Pro Eval\fplaunch.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-

716BA50C19C7} - C:\Program Files\Google\Web

Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}

- C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [MRTKLOX] C:\WINXPSP2\Win2Farsi\ClockMRT\MRTclock.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program

Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-

Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXPSP2\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!

\Messenger\ypager.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXPSP2\system32\CTFMON.EXE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXPSP2\system32\CTFMON.EXE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXPSP2\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXPSP2\system32\CTFMON.EXE (User

'Default user')
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program

Files\GetRight\getright.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program

Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program

Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program

Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-

0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal

Shield 4.0\US30Service.exe

--
End of file - 6265 bytes

Life is great down here . Just approaching winter and starting to cool down.
Log looks like crap again, but not to worry .

========


Congratulations! Your log looks clean.

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Download CCleaner and install, then run it. It will clear out your temp folders.

1. Uncheck "Cookies" under "Internet Explorer".
2. Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
3. Close when finished.

====

An alternative to Ccleaner is ATF Cleaner.
Download ATF (Atribune Temp File) Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

====

Use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera, which in my opinion, is better still.

====

Use a firewall. It is an essential part of your computers security. There is a link to a good, free firewall in my signature.

====

Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D.
Run them all on a regular basis, following the maker's recommendations.

====

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

====

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

=====

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run and type msconfig and press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

Thaks for everything Crinchie, I did everything you said and I am returning my friend's tower. My own system is working fine, I think, but it is a bit slow sometimes so I might post up a HJT log for my system soon just to check it out, in the meantime I'll mark this thread as solved and say THanks again and have fun Crunchie....XX

You are welcome .

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.