 |  |  |  |  |  |  |  |
Modem keeps dialling when i open files
 |
•
•
Join Date: Feb 2005
Posts: 56
Reputation: 
Solved Threads: 0
Junior Poster in Training
Thanks, i'm very greatful to you caperjack.
please could you tell me why I am doing this? Is there anything in the Hijack This log that indicates that I should do this? I have run a virus scan with NIS and scanned with Spy Sweeper - which killed some stuff as I have noted. I have also scanned with Spy Sweeper again an hour ago and nothing was found. Unless you can tell me you have worked out a specific threat/cause from the Hijack This log i can't really see the point of using Spybot ad Adaware. Especially because these two have caused untold problems to me in the past - on an XP machine at work. They are more trouble than they are worth.
If you can show me why this is necessary I will do it.
I await your command, fine good samaritan!
cheers! x
please could you tell me why I am doing this? Is there anything in the Hijack This log that indicates that I should do this? I have run a virus scan with NIS and scanned with Spy Sweeper - which killed some stuff as I have noted. I have also scanned with Spy Sweeper again an hour ago and nothing was found. Unless you can tell me you have worked out a specific threat/cause from the Hijack This log i can't really see the point of using Spybot ad Adaware. Especially because these two have caused untold problems to me in the past - on an XP machine at work. They are more trouble than they are worth.
If you can show me why this is necessary I will do it.
I await your command, fine good samaritan!
cheers! x
•
•
Join Date: Aug 2003
Posts: 10,275
Reputation: 
Solved Threads: 558
no not really just a general cleanup ,don't use them if you don't want to .
I have run them on at least 50 different computers from win95 to win xp pro and have never had a problem with them,and consider them the best to cleanup before really getting into picking apart the hijackthis log , .that why i suggest them ,but the choice is yours.
I could offer some advice but i don't know if you would follow it so i won't get to deep into the log but i would fix for sure
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab.
I have run them on at least 50 different computers from win95 to win xp pro and have never had a problem with them,and consider them the best to cleanup before really getting into picking apart the hijackthis log , .that why i suggest them ,but the choice is yours.
I could offer some advice but i don't know if you would follow it so i won't get to deep into the log but i would fix for sure
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab.
Is your computer is ready for Win7, xp mode.
http://www.microsoft.com/windows/vir.../download.aspx
Going with the Flow ,but the water is low and the rocks are Hard
http://www.microsoft.com/windows/vir.../download.aspx
Going with the Flow ,but the water is low and the rocks are Hard
•
•
•
•
Originally Posted by caperjack
I have run them on at least 50 different computers from win95 to win xp pro and have never had a problem with them,and consider them the best to cleanup before really getting into picking apart the hijackthis log , .that why i suggest them...
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Go to Add/Remove Programs in your Control Panel and remove (if found):
MYWEBSEARCH
GSP
Scan with hijackthis and have it fix the following entries:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: GSP Menu.lnk = C:\Program Files\GSP\GSPMENU.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...B_ZNxmk27868GB
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
Make sure all windows other than HJT are closed before you hit the Fix button.
Reboot into Safe Mode
Go to these folders and delete the highlighted folder:
C:\PROGRAM FILES\MYWEBSEARCH
C:\Program Files\GSP
Reboot normally
Did you set up the 'freeserve' stuff yourself, or is that something you need to get rid of?
Close all browser windows, scan with hjt, and post a new log please.
MYWEBSEARCH
GSP
Scan with hijackthis and have it fix the following entries:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - Startup: GSP Menu.lnk = C:\Program Files\GSP\GSPMENU.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...B_ZNxmk27868GB
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
Make sure all windows other than HJT are closed before you hit the Fix button.
Reboot into Safe Mode
Go to these folders and delete the highlighted folder:
C:\PROGRAM FILES\MYWEBSEARCH
C:\Program Files\GSP
Reboot normally
Did you set up the 'freeserve' stuff yourself, or is that something you need to get rid of?
Close all browser windows, scan with hjt, and post a new log please.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
Join Date: Feb 2005
Posts: 56
Reputation:
Solved Threads: 0
Junior Poster in Training
Right, thankyou again everyone and what a helpful website you have caperjack! Cool!
LATEST
I've followed dlh6213's instructions and the new log is below for u (below) but I have some more clues that may - or most probably may not - be of help.
The Freeserve stuff is there because that's my default email (Wannadoo let us keep the old name and settings) and there is an old freeserve there too, from when Freeserve changed their settings. Should I remove something here?
Some more clues I must include -
1) the fault varied yesterday, and today, for a while, in that it suddenly started to allow me to right-click on icons (and press a key on a highlit icon). But the fault remained on Word file icon - as soon as I click to open the file it goes bananas. But the right-click problem has come back also (twice).
2) every kind of icon is affected by the right-click problem (as soon as I right-click on it, the modem dials-up), but if I highlight the icon with a single left click there is no problem BUT when I press a key, such as 'delete', it starts dialling! AND YES - THIS HAPPENS EVEN IN SAFE MODE!
3) it seems that I can open any file other than Word with a normal left double click, but not with right click.
4) opening a Word file makes it mad. Its a battle, it tries and tries and tries to diall-up the web, while I click 'cancel, cancel, cancel...' It takes two whole minutes to open a Word file! It's like it is mistaking the Word icon for an IE icon, or Outlook Express or something.
5) two or three years ago a strange phenomenon started hitting my computer regularly - usually after being online. Some of my icons would change, randomly. Sometimes Word files would display as webpages, or jpegs would appear as Adobes or whatever. They still worked, though. They would remain like this until I restarted the computer. This would happen quite regularly - not all the time, but regularly. I forget when it stopped happening - it just sort of wore itself down over a year or two so I didn't notice when it stopped completely. But it has started again recently, though not as frequently and not for at least a week before this dialling problem started (so I guess maybe they're not connected, but I thought I may as well tell you just incase it could shed some light on the matter?).
Any way, here is the log
Logfile of HijackThis v1.99.0
Scan saved at 23:40:30, on 07/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\HAMPANEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [HaMFrontPanel] C:\WINDOWS\hampanel /B
oftware\Intel\HaM
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL
LATEST
I've followed dlh6213's instructions and the new log is below for u (below) but I have some more clues that may - or most probably may not - be of help.
The Freeserve stuff is there because that's my default email (Wannadoo let us keep the old name and settings) and there is an old freeserve there too, from when Freeserve changed their settings. Should I remove something here?
Some more clues I must include -
1) the fault varied yesterday, and today, for a while, in that it suddenly started to allow me to right-click on icons (and press a key on a highlit icon). But the fault remained on Word file icon - as soon as I click to open the file it goes bananas. But the right-click problem has come back also (twice).
2) every kind of icon is affected by the right-click problem (as soon as I right-click on it, the modem dials-up), but if I highlight the icon with a single left click there is no problem BUT when I press a key, such as 'delete', it starts dialling! AND YES - THIS HAPPENS EVEN IN SAFE MODE!
3) it seems that I can open any file other than Word with a normal left double click, but not with right click.
4) opening a Word file makes it mad. Its a battle, it tries and tries and tries to diall-up the web, while I click 'cancel, cancel, cancel...' It takes two whole minutes to open a Word file! It's like it is mistaking the Word icon for an IE icon, or Outlook Express or something.
5) two or three years ago a strange phenomenon started hitting my computer regularly - usually after being online. Some of my icons would change, randomly. Sometimes Word files would display as webpages, or jpegs would appear as Adobes or whatever. They still worked, though. They would remain like this until I restarted the computer. This would happen quite regularly - not all the time, but regularly. I forget when it stopped happening - it just sort of wore itself down over a year or two so I didn't notice when it stopped completely. But it has started again recently, though not as frequently and not for at least a week before this dialling problem started (so I guess maybe they're not connected, but I thought I may as well tell you just incase it could shed some light on the matter?).
Any way, here is the log
Logfile of HijackThis v1.99.0
Scan saved at 23:40:30, on 07/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\HAMPANEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\HPHMON05.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [HaMFrontPanel] C:\WINDOWS\hampanel /B
oftware\Intel\HaMO4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\SYSTEM\HPHMON05.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [Nisum] C:\Program Files\Norton Internet Security\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\PROGRAM FILES\HP\HPCORETECH\COMP\HPUIPROT.DLL
•
•
Join Date: Aug 2003
Posts: 10,275
Reputation:
Solved Threads: 558
•
•
•
•
Originally Posted by natasha
Right, thankyou again everyone and what a helpful website you have caperjack! Cool!
Is your computer is ready for Win7, xp mode.
http://www.microsoft.com/windows/vir.../download.aspx
Going with the Flow ,but the water is low and the rocks are Hard
http://www.microsoft.com/windows/vir.../download.aspx
Going with the Flow ,but the water is low and the rocks are Hard
•
•
•
•
Originally Posted by caperjack
...our long lost daughter
:mrgreen:
natasha,
You're log looks clean now; can you get the latest virus definition updates for NIS and run a full system scan to to see if it comes up with anything please? If not, the weird dialing behaviour may be the result of some sort of (non-malicious) registry/file-association corruption or the like.
I doubt we'll find the answer here, but do the following (if your computer will let you):
1. Open Windows Eplorer.
2. Click the View menu button and then chose the Folder Options item.
3. In the resulting windows, click the File Types tab, locate and hilight the ".doc" file extension, and then click Edit. Don't change anything; just look through the the file-association information; Is there anything in it that would indicate that Word documents (.doc files) are linked to anything other than Microsoft Word?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Feb 2005
Posts: 56
Reputation:
Solved Threads: 0
Junior Poster in Training
nope. everything looks normal there.
And I updated NIS yesterday.
i'm beginning to think it's supernatural! :eek:
how would I go about sorting out the corruption?
do you think my hardrive is on its way out? It's a really old computer now, nearly 5 years! I've been getting more and more problems recently, crashes, freezes, lack of memory, unstable notices, and I'm definately going to upgrade VERY soon.
but what a weird problem eh?
well, all I can say is a very BIG thankyou to you guys, you really have been good. I'll defo be recomending this site, quick answers, no surrenders, resourceful experts who know what they're talking about tec.
Nice one!
And I updated NIS yesterday.
i'm beginning to think it's supernatural! :eek:
how would I go about sorting out the corruption?
do you think my hardrive is on its way out? It's a really old computer now, nearly 5 years! I've been getting more and more problems recently, crashes, freezes, lack of memory, unstable notices, and I'm definately going to upgrade VERY soon.
but what a weird problem eh?
well, all I can say is a very BIG thankyou to you guys, you really have been good. I'll defo be recomending this site, quick answers, no surrenders, resourceful experts who know what they're talking about tec.
Nice one!
Given the bizarre nature of the problems you're describing and the fact that we can't have a physical look at your system, it's difficult to say where the cause(s) lie. Diagnostic and repair utilities like Norton Systemworks, Registry Mechanic, etc. might be able to help, but those utilities do cost money and there's no guarantee that they'll work.
In terms of your drive going bad, that's always a possibility. However, if you haven't done a clean reinstallation of ME in a while, it's just as likely that your software has gotten "ragged around the edges" over time and it's time to back up your data, reformat, and reinstall Windows from scratch. If you took that route though, I'd highly suggest installing something other than ME.
In terms of your drive going bad, that's always a possibility. However, if you haven't done a clean reinstallation of ME in a while, it's just as likely that your software has gotten "ragged around the edges" over time and it's time to back up your data, reformat, and reinstall Windows from scratch. If you took that route though, I'd highly suggest installing something other than ME.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Caperjack, I think Natasha was referring to the links in your signature (though I could be wrong about that)
DMR, I agree with you about the Windows ME!
Tasha, a trip to Window Update may help, it will at least get you the Critical Updates for IE to help prevent unwanted intrusions. You could also try reinstalling Word. And, if you haven't done so already, backup all your important files! Then if your drive does fail, at least you won't lose the stuff you want to keep.
You can also get updates for software, that may help too. Here is a link to the US page, but you will probably need a different one:
http://office.microsoft.com/en-us/of...e/default.aspx
DMR, I agree with you about the Windows ME!
Tasha, a trip to Window Update may help, it will at least get you the Critical Updates for IE to help prevent unwanted intrusions. You could also try reinstalling Word. And, if you haven't done so already, backup all your important files! Then if your drive does fail, at least you won't lose the stuff you want to keep.
You can also get updates for software, that may help too. Here is a link to the US page, but you will probably need a different one:
http://office.microsoft.com/en-us/of...e/default.aspx
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Spybot S&D Final - what's this?
- Next Thread: Tool Bar that won't go away.
Views: 4745 | Replies: 28
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
access adobe alert analysis apple array attack avg botnet botnets c++ center child-protection children china chip-and-pin code combofix commercial connect control crypto ddos dialler domains dumbass email encryption europe exploit explorer fake firefox fraud google government hack hacking halloween hijack hosting hosts ibm ie8 internet iphone kneber links login malware mcafee mega-d mozilla msn news norton panel pc phishing police pop porn pro problem redirect redirecting regedit report rogueantivirus rootkit rsa safety samhain search security seopoisoning sites software spam spyware survey system trojan unwanted update virus viruses vista volume vulnerability warning win windows windowsxp worm xp xp_antispyware_2010 yahoo zero-day zeus
