I have been having some problems with loading some programs in XP pro in that when I load Eudora, msconfig etc. the loading banner is displayed in the bottom middle of the screen instead of the centre as it used to. In the case of Eudora it hogs the window and does not allow other windows to display over its own window. I have to minimize it to see the window beneath it. I have reloaded it but not change. Some other programs also misbehave. I have done the scans etc and msconfig diags but to no avail. Things seem to work normally in safe mode with its inherent limitations of course. Lately IE 7 won't display even though the my email is working and it does seem to work OK in safe mode only. I have reset it etc. . But something is blocking it in the normal mode (Firefox does not work either).

Many thanks for any help.

cdg

Here is the message, when I check the connection but there is no home page or any other for that matter very strange???

Last diagnostic run time: 06/18/07 21:34:58
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info
HTTP: Successfully connected to www.microsoft.com.
info
FTP (Passive): Successfully connected to ftp.microsoft.com.
info
HTTPS: Successfully connected to www.microsoft.com.

Here is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:56:55 PM, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Program Files\LightsOut\Lights Out.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe
D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
D:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
D:\Program Files\MouseLaunch\Launcher.exe
D:\Program Files\Scalogic\My Schedule\myschedule.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Quick ShutDown\qsd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\My Documents\Eudora Mail\Eudora.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Powermarks\pm.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\PROGRA~1\FRESHD~1\FRESHD~2\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - D:\PROGRA~1\POWERM~1\iec.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - D:\PROGRA~1\FRESHD~1\FRESHD~2\fdiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - D:\PROGRA~1\POWERM~1\iec.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - D:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - d:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [TotalRecorderScheduler] "d:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Lights out] D:\Program Files\LightsOut\Lights Out.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Scalogic My Schedule] D:\Program Files\Scalogic\My Schedule\myschedule.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Clipboard Recorder] "D:\Program Files\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe" -startup
O4 - HKCU\..\Run: [Active Desktop Calendar] D:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: IntelligentWakeUp.lnk = D:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
O4 - Global Startup: MouseLaunch.lnk = D:\Program Files\MouseLaunch\Launcher.exe
O4 - Global Startup: My Schedule.lnk = D:\Program Files\Scalogic\My Schedule\myschedule.exe
O4 - Global Startup: PrintScreen.lnk = C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - Global Startup: qsd.lnk = C:\Program Files\Quick ShutDown\qsd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: FreshDownload - {F0C7BFA8-F7B8-442A-A91F-EEE0E42EB87B} - D:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: eReference - {4ACF862B-61A9-441f-A743-15B8610D304B} - C:\Program Files\eRef\Ahd41.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {894B8712-11F1-48A7-899F-36D6C695D9D8} (CodeBabyObject Object) - http://service.sympatico.ca/codebaby/core/codebaby.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: intu-qt2006 - {13834D94-C631-4CD1-963D-9B5F4593B127} - D:\QuickTax 2006\QT2006\ic2006pp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: pdfFactory Pro Dispatcher v2 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /service (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Recommended Answers

All 18 Replies

cdg, for you as user the internet start page setting is blank:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
So set a new one as home page. There are no obvious problems in your log, when I see problems such as you describe the first thing I suspect are OS problems. If you have your M$ or OEM installation CD I suggest you run this to check the integrity of some system files:
Go start, run, type or paste:
sfc /scannow -and press Enter. Insert the CD, be available to press Enter, maybe many times as it runs. When completed it just closes, no fanfare.
If you still have problems, do these in this order and call back:
ATF Cleaner:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

Many thanks for this gerbil, will do and get back. I did find that the internet issue was due to MS KB933566 IE7 update. Removing this allowed my internet access as before. For those not aware IE7 installation support from MS is free till Nov. 2007.

Really appreciate such a detailed resoponse.

cdg

cdg, for you as user the internet start page setting is blank:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
So set a new one as home page. There are no obvious problems in your log, when I see problems such as you describe the first thing I suspect are OS problems. If you have your M$ or OEM installation CD I suggest you run this to check the integrity of some system files:
Go start, run, type or paste:
sfc /scannow -and press Enter. Insert the CD, be available to press Enter, maybe many times as it runs. When completed it just closes, no fanfare.
If you still have problems, do these in this order and call back:
ATF Cleaner:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

cdg, for you as user the internet start page setting is blank:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
So set a new one as home page. There are no obvious problems in your log, when I see problems such as you describe the first thing I suspect are OS problems. If you have your M$ or OEM installation CD I suggest you run this to check the integrity of some system files:
Go start, run, type or paste:
sfc /scannow -and press Enter. Insert the CD, be available to press Enter, maybe many times as it runs. When completed it just closes, no fanfare.
If you still have problems, do these in this order and call back:
ATF Cleaner:
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

gerbil, while downloading active x module Avast intercepts it as malware Win32:CTX

http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL

Is this normal? have aborted this scan for the the time bing.

thanks

cdg

Panda is safe to download, cdg. It enjoys a good reputation. Quite a number of valid tools and scanners are interpreted as suspicious because of their capabilities, but that is how they have to be. But it is wise to check each case.
Oh, by the way, I am proudly? IE7 ignorant. Totally. IE6 works for me, when I use it. Go, FF n Opera.

Thanks gerbil, sorry did not get back earlier, got side tracked with work. Ok have included the activescan from Panda. Amazing it found many more than Avast!. Also ran sfc /scannow and ATF cleaner, this helped with the speed of the XP too - thanks although sfc did not seem to do anything but maybe it did help some where I can't tell. As you say "no fanfare" indeed! Unfortunately, the programs are still misbehaving...

Will have to try FF again, last I used it there seemed to be some page displaying issues.

cdg

Panda is safe to download, cdg. It enjoys a good reputation. Quite a number of valid tools and scanners are interpreted as suspicious because of their capabilities, but that is how they have to be. But it is wise to check each case.
Oh, by the way, I am proudly? IE7 ignorant. Totally. IE6 works for me, when I use it. Go, FF n Opera.

Umm... wow! cdg...
First, if the files in your cache are not corrupted sfc will not prompt you if it has to copy any over into other protected areas - it only prompts if it needs to copy from cd into the cache.
Now. Panda showed up some problems, and although it points out spyware unfortunately that scan only disinfects viruses. But now we know.
Some advice : cracks could reasonably be called that cos they are cracks which let in malware/viruses, and you collected plenty that way. Cracks... well you cannot ever know what is in them unless you submit em for a scan first. Some groups are proud of their cracks and they are clean as, others load them maliciously, others do it for profit -they are paid for the spyware content. Same with code generators - you fire em up... only the programmer knows what happens next. Risky game.
I have attached the list of real problems..... but nothing we cannot clean. Do these things in this order:
CCleaner:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
ComboFix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
AVG - AS:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes, press Yes to bypass System Restore.
- On the Windows Advanced Options Menu, select Safe Mode with Command Prompt and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using your account if an administrator, otherwise use the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan.
-save the log file. Post the log file.
Combofix:
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
== Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:.. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!
Okay....that will keep you busy. Post those three logs.

Umm... wow! cdg...
First, if the files in your cache are not corrupted sfc will not prompt you if it has to copy any over into other protected areas - it only prompts if it needs to copy from cd into the cache.
Now. Panda showed up some problems, and although it points out spyware unfortunately that scan only disinfects viruses. But now we know.
Some advice : cracks could reasonably be called that cos they are cracks which let in malware/viruses, and you collected plenty that way. Cracks... well you cannot ever know what is in them unless you submit em for a scan first. Some groups are proud of their cracks and they are clean as, others load them maliciously, others do it for profit -they are paid for the spyware content. Same with code generators - you fire em up... only the programmer knows what happens next. Risky game.
I have attached the list of real problems..... but nothing we cannot clean. Do these things in this order:
CCleaner:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
ComboFix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
AVG - AS:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes, press Yes to bypass System Restore.
- On the Windows Advanced Options Menu, select Safe Mode with Command Prompt and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using your account if an administrator, otherwise use the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan.
-save the log file. Post the log file.
Combofix:
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
== Open the SmitfraudFix folder and double-click smitfraudfix.cmd, select option #1 - Search [type 1 and Enter]; a text file will appear which lists infected files (if present). It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:.. Please paste the report in your next reply. DO NOT RUN OPTION 2 YET!!!
Okay....that will keep you busy. Post those three logs.

Many thanks gerbil, after a number of reboots the sw problems now seem to have cleared up. However, I will try to follow up on your suggestions in due course to make the system squeaky clean and get back. It sure will keep me busy... Again many many thanks for all the help and knowledge you are impart so graciously. On on another vain maybe you can visit my web page as I try to do the same with alternate health and energy... http://www.newmediaexplorer.org/chris/

Don't just try - do it. You have some real pests still at large in your sys. A dialler, a hack tool.... plus adware, spyware.

Agree. Am planning to do soon.

OK gerbil, survived your instructions attached are the 3 reports.... Also do you know of a utility that lets you know when everything has finished loading at start up?

Many thanks

Hi, cdg.... you survived, huh? Good practice though, cos you missed one very important lil piece of the instructions... Work through this and we'll catch it up.
==Run the clean option with smitfraudfix:-
- Check that a Restore point has been made.
- Go into safe mode.
- Start Smitfraudfix as before and press 2, Enter.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
Restart in safe mode.
==Good-oh, now for the bit you missed: "-under Scanner/ Settings please set Recommended actions to Quarantine," it IS important, that bit, cos otherwise all AVG does is look and report. So....
Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to QUARANTINE!!!!!, and run the complete system scan.
-save the log file. Post the log file, and that Smitfraudfix log.
Heh.... and no, I don't know of such a utility....

Hi, cdg.... you survived, huh? Good practice though, cos you missed one very important lil piece of the instructions... Work through this and we'll catch it up.
==Run the clean option with smitfraudfix:-
- Check that a Restore point has been made.
- Go into safe mode.
- Start Smitfraudfix as before and press 2, Enter.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
Restart in safe mode.
==Good-oh, now for the bit you missed: "-under Scanner/ Settings please set Recommended actions to Quarantine," it IS important, that bit, cos otherwise all AVG does is look and report. So....
Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to QUARANTINE!!!!!, and run the complete system scan.
-save the log file. Post the log file, and that Smitfraudfix log.
Heh.... and no, I don't know of such a utility....

Many thanks again gerbil, sorry could not respond earlier - was away (long wkd in Canada). Will do per you instructions and send the logs soon.

Hi gerbil, here are the files you requested. Apparently, when I ran AVG last time I did not run the action button, then the report does not show the quarantined items it seems???

Thanks again.

cdg

Sooo many people miss the advice to set recommended actions to Quarantine.... and yeah, if you don't, all AVG does is look.
Okay. Crack tools.... some you have are infected, others are just detected as infected but are non-harmful. I think some software manufs deliberately put out bad cracks, keygens, other groups do it for profit -they sell the adware space.... a few are proud of what they do and are genuinely clean. If you must use them, scan them first, then run them in a sandboxed environment.
You may wish to remove from quarantine some of those - I am not advising cos pretty much if AVG put them in there, they're bad.
D:\Program Files\Tweak-XP Pro 4\tweak-xp.exe : restore this one from quarantine.... and delete the remainder.

Now search for these files, folders and delete them:

c:\windows\system32\1024
c:\windows\system32\cache32_rtneg
c:\windows\EliteSideBar
E:\ION bu
D:\My Documents\My Zinio Library
D:\My Documents\work - you may wish to check contents of this one first, but it did have malware in it...
And delete all of these too [paying attention to notes on last few]:

Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Chris\Cookies\chris@888[2].txt
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\abasa5jrp.ini
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\hochkaod3.ini
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\u6f6uftuc.ini
Adware:Adware/WUpd Not disinfected D:\My Documents\My Downloads\Files\Download Studio\wsi=30231.html
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope.v.2.6.rar[crack\calendarscope_2_6.exe]
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[1].6.rar[calendarscope_2_6.exe]
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[1].6.Warezpost.net.rar[Calendarscope_v2.6.Warezpost.net\calendarscope_2_6.exe]
Virus:Malware Generic Not disinfected D:\My Documents\My Downloads\Files\DSclock\Calendarscope_v2[2].6.Warezpost.net.rar[Calendarscope_v2.6.Warezpost.net\calendarscope_2_6.exe]
Spyware:Spyware/New Not disinfected D:\My Documents\My Downloads\Files\RM Recorder\WarezP2P_CWS.exe
Adware:Adware/Aureate-Radiate Not disinfected E:\ION bu\Work backup\N110294\Files.zip[Files/aarfree1.zip][SETUP.EXE]
Dialer:Dialer.JYO Not disinfected E:\ION bu\Work backup\N110294\gc.zip[gc/Serials 2000/s2k_060102.zip][Handy.exe]
Adware:Adware/SAHAgent Not disinfected G:\WINDOWS\system32\abasa5jrp.ini
Adware:Adware/SAHAgent Not disinfected G:\WINDOWS\system32\hochkaod3.ini
Adware:Adware/SAHAgent Not disinfected G:\WINDOWS\system32\u6f6uftuc.ini

==These two I do not know.. so I leave them up to you [they are valid Nero dls, but I don't know why they are shown as containing MyWebSearch which is a guaranteed pest]:
Potentially unwanted tool:Application/MyWebSearch Not disinfected D:\My Documents\My Downloads\Files\Nero\Nero 7\Nero-7.7.5.1_eng_trial.exe[Toolbar.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected D:\My Documents\My Downloads\Files\Nero\Nero 7\Nero-7.7.5.1_eng_update.exe[Toolbar.exe]
...and removing this one may break "your" ABBYY :)
Virus:Generic Trojan Not disinfected D:\My Documents\My Downloads\Files\ABBYY\ABBYY 8\ABBYY.FineReader.Professional.v8.0.706.Activation.FIX-TWK.rar[twkf8fix.rar][twk-fr8fixpatch.zip][twk-fr8fixpatch.exe]

Okay... now run CCLeaner again, then panda and lastly AVG. We shall see what is left. Some comments on your sys would be nice...

Ah, thanks, cdg, it's so long since AVG AS picked up anything in my sys that I am starting to forget how it works with its log and actions! So you did have it set to quarantine, but because you did not press Apply all Actions it did not reflect that in the log.
Missed this bit - you should do this before you repeat those scans.
System Restore Points Clearance:
==You MUST clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.

Ah, thanks, cdg, it's so long since AVG AS picked up anything in my sys that I am starting to forget how it works with its log and actions! So you did have it set to quarantine, but because you did not press Apply all Actions it did not reflect that in the log.
Missed this bit - you should do this before you repeat those scans.
System Restore Points Clearance:
==You MUST clear all your system restore points because some have been infected.... AVG may have cleaned them, but we cannot be sure it found everything. So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.

Hi gerbil, have been tied up to my ying yang, tried sending you info on my system but keep getting BSOD when I try to print or save the file. the error is something like: Stop: 0x000000C4 (0x00000081, 0x86B17760, 0x00000082, 0x00000000) will try to sort it out and send in due course... again many thanks

Thanks gerbil, will get back soon hopefully.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.