Posts by dlh6213

Asianpanthers, first you need to go to Window Update to get the Critical Updates for your computer. Hold off on SP2, however, until your system is clean.

Next, you are currently running hijackthis from a temp folder; you need to put hijackthis into it's own permanent folder (like c:\hjt\hijackthis.exe). The reason for this is part of cleaning your system may require all temporary folders to be cleaned out; also, hijackthis puts it's backups into the same folder where it is installed, so your backups will be at risk of being deleted as well.

After you put hijackthis into it's own folder, close all browser windows, scan with HJT, and post a new log please.

I have no idea where this comes from. I don't see it in my thread crunchie. Who is tomoliveri anyway?

Tomoliveri was just a spammer that posted in your thread (as well as others); crunchie deleted his post.

Glad to hear your computer is working properly now! :D

You need to go to Windows Update to get the Critcal Updates for your system as soon as possible.

Using Task Manager, end the process on these:
wsxsvc.exe
vmss.exe
defragfat32abc.exe
svchostings.exe
qfoqbq.exe

Go to Add/Remove Programs in your Control Panel and remove (if found):
WeatherBug
180solutions

Close all browser windows, scan with HJT, and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O4 - HKLM\..\Run: [Dvx] C:\WINNT\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [vmss] C:\WINNT\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\system32\defragfat32abc.exe
O4 - HKLM\..\Run: [Start Upping] svchostings.exe
O4 - HKLM\..\Run: [cXsost0Y2] C:\WINNT\qfoqbq.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\WINNT\iWeatherBug\MiniBug.exe 1
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\RunServices: [Start Upping] svchostings.exe
O4 - HKCU\..\Run: [Start Upping] svchostings.exe
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A58E3176-5A6E-4D54-B3FA-F5A457AE7259}: NameServer = 203.21.66.2,203.21.66.10
O19 - User stylesheet: (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing)

If you don't wish to have pcworld as your Home Page, have HJT fix these as well:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pcworld.idg.com.au
O14 - …

This should fix your startup error:
http://www.cryer.co.uk/brian/windows/ie_artehodywtd.htm

Can't help with the display problem though :(

None of those links you provided worked for me, so I'll make a guess as to your intent.

SpySweeper is a good (and legitimate) program. SpyBot Search and Destroy is also a good product, and it's free :). If you want to know about a particular spyware program, it's best to check it out at this site:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

I've never purchased any of liutilities products, but their online information is very useful to me (http://www.liutilities.com/products/wintaskspro/processlibrary/)

Hijackthis is a very useful program -- when used with the assistance of someone familiar with it (http://www.spywareinfo.com/~merijn/downloads.html) There are hijackthis tutorials (http://www.bleepingcomputer.com/forums/index.php?showtutorial=42), but even with that knowledge hijackthis should be used with caution.

I hope this is close to what you were asking for :)

Are you absolutely certain they should be deleted? Did you try it from Safe Mode? You can right-click on the dll and go to Properties, that may give you a clue as to what program is using it.

Those two entries
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
are related to Microsoft's language packs for complex characters (such as Japanese, Hebrew, etc).

http://www.liutilities.com/products/wintaskspro/processlibrary/tintsetp/
http://computercops.biz/startuplist-3868.html

Don't forget to get an antivirus program installed and get your Windows Updates :)

I'm still not sure why your computer seems to be running slow -- nothing in the log that would indicate a problem. Since whoever you bought it from didn't include the latest updates, I wonder if they installed the latest drivers for the motherboard and other devices. You may want to look into that possibility.

As caperjack said in Post #5, you need to get the Critical Updates for your computer from Windows Update. There are also updates for Media Player which may correct your problem.

It's been too long since I've worked with Netscape; I don't remember where the Bookmarks are stored. You may have better luck posting that question in the Software forum. And the Media Player too, if the Updates don't work.

What email program are they using (Hotmail, Outlook, Yahoo, ...)?

Is there any message that comes up when they try to send an email?

If so, what does it say?

Has the computer been scanned recently for adware and spyware (not just antivirus)?

The advice in this thread may be helpful:
http://www.daniweb.com/techtalkforums/thread5690.html

You'll find links to what Danniboy suggested as well as other useful advice in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

After following the suggestions there, post a hijackthis log here (make sure you get version 1.99.0)

I believe you will find them in these locations (but it depends somewhat on your OS):
HKEY_LOCAL_MACHINE, Software, Microsoft, Run and RunServices;
HKEY_CURRENT_USER, Software, Microsoft, Run and RunOnce

where can i download windows movie maker 2 now, without having to dl SP2?

The only other way I'm aware of is to order the SP2 CD (free), and then just install what you want from it.
You can order the CD here:
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx

doesnt XP need at least 128MB to even run?

According to Microsoft (http://www.microsoft.com/windowsxp/home/upgrading/sysreqs.mspx), XP will run on 64MB of RAM.

I actually used a laptop that had 64MB & XP, and believe me, you don't want to use it that way! I don't even think 128 is enough, I find it works best with at least 256MB.

Of course it didn't go as expected; that's the law.

Murphy's Law ("If anything can go wrong, it will")

Everything seems to be back to normal now :D

Try emptying the temp folders while in Safe Mode (you'll be going there in a bit anyway).

This is just a quick review because I know you've been waiting; I'm sure there is more, but I've gotta get some sleep.

Close all browser windows, scan with HJT, and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe

Reboot into Safe Mode

Go to:
C:\WINDOWS and delete dxsetu.exe
All Temp and Temporary Internet folders for all users and empty them.

Do a full system scan with NAV; let us know if it finds something it can't fix (and it's location)

Reboot normally, close all browser windows, scan with HJT, and post a new log please.

Apparently c:\Program Files\Fen\fen.dll is related to Flashtrack Flashenhancer

Reboot into Safe Mode

Go to Add/Remove Programs in your Control Panel and remove (if found):
TV Media
Fen
Flashtrack
Flashenhancer
Flash Extender
bcpc
websearch

Do a search for aoltpspd.exe; it should be in C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe; if you find it in a Temp folder, delete it and anything else in the Temp folder. If you find it anywhere else, let us know where.

Also do a search for g181511.exe and delete it, along with anything else that is in the same Temp folder.

While still in Safe Mode, scan with HJT, and have it fix the following entries:
F2 - REG:system.ini: Shell=Explorer.exe winsock.scr
O2 - BHO: Flash Extender - {95795B67-BBAB-47d0-8A9F-069E8242C0E5} - c:\Program Files\Fen\fen.dll
O4 - HKLM\..\Run: [dxset.exe] C:\WINDOWS\dxsetu.exe
O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [System Toolkit] C:\WINDOWS\Systools.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\g181511.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"
O4 - HKLM\..\Run: [DirectX64] C:\WINDOWS\System32\DirectXset.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Fichiers communs\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [BCPC] "C:\Program Files\bcpc\bcpc.exe"
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - Global Startup: updater.lnk = C:\Program Files\Common files\updater\wupdater.exe

Go to
C:\Program Files and delete the Fen folder
C:\Program …

Another suggestion:
Before posting a new HJT log, go here:
http://forums.skads.org/index.php?showtopic=80, look in Post #3 for the remv3.zip file and click on it to download. Put it in it's own permanent folder (like c:\freshbarfix).

Reboot into Safe Mode

Open the folder that you put remv3 into and double-click on remv3.bat, this will start a scan for all files possibly related to freshbar. Do not delete any files found! Some may be legitimate. In the upper left-hand corner, click on File, Save As, and save it in a folder you will be able to find later (probably the same folder you put remv3 in).

Reboot normally, and post the remv3 log along with a new HJT log.

The Freshbar takes a bit of work to get rid of (I know because I recently had it).

Scan with HJT and have it fix all the entries that say about:blank, all the O17 entries, and the O15 entry.

Reboot into Safe Mode

Search for, and delete the following, if found:
Unlodctl.exe
Nlsfuncs.exe
Pentxpl.exe
Openconf.exe
Iecust.exeNlsfuncs.exe
Openconf.exe
Iecust.exe
Msij.dll
Msvw.dll
Spnping.dll
Icust.dll
Dnsauth.dll
Qappsrvc32.exe
Taskopen.exe
Dx9vbc.dll
Mwx.dll
Hdon.dll
Dte.dat
Menu.txt
(Most will probably be in your c:\windows\system32 folder)

Go to
Start, Run, and type in regedit

Go to
HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, CurrentVersion, Run.
Click on Run and look in the right-hand pane for taskopen and hdon
Right-click on these two, if found, and delete them -- and nothing else!
Exit regedit

While still in Safe Mode, do a full system scan with your antivirus program and fix anything it finds, or let us know what you can't fix.

Reboot normally.

Do a full system scan with TrendMicro's free online scan (http://housecall.trendmicro.com/housecall/start_corp.asp)

Again, fix what it finds or let us know what can't be fixed.

Go to Windows Update and get the Critical Updates for your computer. Hold off on SP2, however, until your system is clean.

Close all browser windows, scan with HJT, and post a new log.

Using Task Manager, End Process on:
ndllzxy.exe
omniscient.exe
olehelp.exe

Go to Add/Remove Progams in your Control Panel and remove (if found):
WindowsSA

Close all browser windows, scan with HJT, and have it fix the following entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccljyyiltdfh] C:\WINDOWS\System32\ndllzxy.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://65.83.242.101/sdccommon/download/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://65.83.242.101/sdccommon/download/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download...094_hd3ptdm.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

Reboot into Safe Mode

Go to
C:\WINDOWS and delete olehelp.exe
C:\WINDOWS and delete …

You've got plenty there to fix, but before you do so, you need to move Hijackthis into it's own permanent folder (like c:\hjt\hijackthis.exe). Right now you have it in a Temp folder and part of the process of getting your computer clean will be to delete all temporary files, if we did that now, your HJT would be gone. Also, HJT puts it's backups in the same folder it's in, so your backups would also be gone.

After you put HJT into another folder, close all browser windows, scan with it, and post a new log. Then we'll be able to help you out.

According to this site, WeatherNetwork is not a pest:
http://research.pestpatrol.com/Analyses/2004-10-14_175914.asp
And I can't find anything indicating it is.

Attina, you really need to get your Critical Updates. You can probably get SP2 now, but you need to at least get SP1. You can find out more about SP2 here that may help you decide:
http://www.daniweb.com/techtalkforums/thread10031.html

I would also recommend getting SpywareBlaster and/or SpywareGaurd, links to both are in DMR's signature.

That's quite a class you're taking on! Good luck with it :) And tell your classmates about DaniWeb!

The N3 entries that were in your log were for Netscape, but I don't see them there now, did you 'fix' them with HJT? If so, you should be able to restore them:

How to restore items mistakenly deleted.
HijackThis comes with a backup and restoral procedure in the event that you erroneously remove an entry that is actually legitimate. If you have configured HijackThis as was shown in this tutorial, then you should be able to restore entries that you have previously deleted. If you have had your HijackThis program running from a temporary directory, then the restoral procedure will not work.

If the configuration setting Make backups before fixing items is checked, HijackThis will make a backup of any entries that you fix in a directory called backups that resides in the same location as Hijackthis.exe.

If you start HijackThis and click on Config, and then the Backup button you will be presented with a screen. You will have a listing of all the items that you had fixed previously and have the option of restoring them. Once you restore an item that is listed in this screen, upon scanning again with HijackThis, the entries will show up again. Once you are finished restoring those items that were mistakenly fixed, you can close the program.

After you've restored those (if they were actually removed by HJT), scan again with HJT, and have it fix the following entries:

O2 - BHO: (no name) …

Please put hijackthis in it's own permanent folder (like c:\hjt\hijackthis.exe). Right now you have it in a temp folder so that's where it will save it's backups -- and they could easily be deleted from there.

Also, have all browser windows closed when you scan with HJT.

After you put in a new folder, close all browser windows, scan again, and post a new log please.

Amatures don't annoy us, we're all amateurs of some sort :)

You still need to get your Critical Updates from Windows, that may fix your Hotmail problem.

Close all browser windows, scan with HJT, and have it fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

That's all I see. In addition to your Windows Updates, you should also get SpywareBlaster and/or SpywareGaurd; links to both can be found in this thread (along with other helpful advice):
http://www.daniweb.com/techtalkforums/thread5690.html

Looks good to me now :)

Don't forget to get the Critical Updates from Windows.

You should also get SpywareBlaster and/or SpywareGaurd; links to both can be found in this thread (along with other useful advice):
http://www.daniweb.com/techtalkforums/thread5690.html

As long as you use P2P programs (like KazaaLite), you're likely to encounter problems.

Use Task Manager to end the process on these:
ope205.exe
poet.exe

Close all browser windows, scan with HJT, and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topfivesearch.com/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
F2 - REG:system.ini: Shell=
O3 - Toolbar: 411 Ferret Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\411Ferret\toolbar.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Poet] C:\WINDOWS\system32\Inf\poet.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O8 - Extra context menu item: &411 Ferret Toolbar search - res://C:\Program Files\411Ferret\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/170f159...ip/RdxIE601.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.laredoute.fr/XUpload.ocx

I couldn't find any info …

That 'Walla' seems to like it here. If it is not your ISP, have HJT fix this:
R3 - URLSearchHook: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - C:\PROGRAM FILES\WALLA\ONLINE\LIB\SEARCHHOOK.DLL

Here is a link to a hijackthis tutorial (but there are others):
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#RDiag

Try here for your Windows Updates:
http://www.microsoft.com/windows98/downloads/default.asp

Close all browser windows, scan with HJT, and have it fix the following entries:

O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVU/launcher.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O20 - AppInit_DLLs: apitrap.dll;

Is your computer running better now? Is Norton working properly?

You also need to go to Windows Update to get the Critical Updates for your system.

Another addition: NEVER use filesharing programs like Kazaa and NEVER visit sites distributing warez or other pirated stuff.

All of them (and their products) come loaded with all kinds of nasties. It's hard enough for experts to prevent getting infested and infected when testing those things to see how they can be countered, for the uninitiated it's nigh on impossible unless they get extremely lucky.

You're so right! Thanks for adding that!

Here are complete instructions for XP:
http://www.daniweb.com/techtalkforums/thread6632.html

This thread has instructions for a dual-boot, but for Win98, just use the first part:
http://www.daniweb.com/techtalkforums/thread11350.html

Sorry for the slow response. Scan with HJT, check the following entries, and hit Fix.

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2656dad...RdxIE601_es.cab

If you're still having a problem, please post a new log.

Sorry for the slow response. If seticon is showing up in your Services, you can't set it to start manually (not that I know of anyway), your only option would be to disable it in MSCONFIG. To do that, click on Start, Run, type in msconfig, and click OK. Click on the Startup tab, find seticon in the list on the left side, and remove the checkmark from the box. Click on Apply, and then OK. You will probably ask if you wish to Reboot now and you should let it. When it starts back up, you may get a message telling you something about starting is Selective Startup; you can either leave this unchecked as a reminder that you have something disabled (you will get the message each time you start your computer), or you can check the box so the message no longer comes up.

Go to Windows Update and get the Critical Updates for your system. Hold off on SP2, however, until your system is clean.

Open Task Manager & end process on bitnelt.exe

Go to C:\windows and delete bitnelt.exe manually.

Scan with hijackthis, check the boxes next to all the following entries, make sure you close all browser and explorer windows, and then hit the "Fix checked" button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dr-search4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dr-search4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dr-search4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dr-search4u.com/index.htm
O4 - HKCU\..\Run: [wurpowh] c:\windows\vscffef.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/insta.../sinstaller.cab

While still in hijackthis, go to config\misc tools\delete a file on reboot
paste 'c:\windows\vscffef.exe' into the line and click OK.

Once rebooted, close all browser windows, scan with HJT, and post a new log.

I don't see anything else bad in your log, but I don't see an antivirus program running either. Do you have one? If not, you need to get one ASAP! If you do, make sure it's enabled.

In addition, try (free) online scans from TrendMicro
http://www.trendmicro.com/en/home/us/enterprise.htm
and Panda
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
as different programs can find different things.

Go to Windows Update and get all the Critical Updates for your system! If this is a new computer, it should have at least come with SP1 :confused:

Just noticed this has already been solved. :o

The EULA for Windows XP Home states that you can install it on one single processor machine, at any one time. Basically, you can install it on another machine, activate it just as normal, and you'll never notice anything. However, if you ever load up your other machine running XP Home, it will want to reactivate, which will result in the other machine needing to reactivate next time... etc.

XP Pro's EULA is about the same, with the exception of Network installs, multiprocessor systems, and the number of network connections it can have. As far as I know, you can upgrade XP Home or Pro until the cows come home, too, provided the upgrade is a "Valid" upgrade path. Like, upgrading from XP Home to Server 2003 wouldn't be a valid upgrade-- you'd have to reformat and reinstall, and you'd likely need retail media.

So long as you're within the confines of the EULA with terms of how many copies you have running (one at a time for a single license), it doesn't matter how many times you've installed it in the past either. I've got an MSDN license (10 users per copy) of XP Pro, and I've at least done 20 reinstalls with it now, and I've had no problems.

Okay, ALC is right and I was wr-wr-wro-incorrect (hey, it happens!). The one exception being if your XP is an OEM version, in which case Microsoft has this to say "OEM licenses are single-use …

I only see one thing, but this seems to be a pretty short log, was it done from Safe Mode? Have you fixed anything with Hijackthis already?

Close all windows, scan with HJT, and have it fix this entry:

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

...I tell everyone I know about DaniWeb!!
Karki ;)

So it's your fault it's been so busy lately!! :D

It's that time of year again; I'm going to pin this thread during the month of January in case there's anyone out there that can find the information helpful, useful, or at least interesting :) . For more specific help, see the links in my signature block at the bottom. HAPPY HOLIDAYS!!

“What does ‘Crackers for Christmas’ mean, you may ask, “and what does it have to do with my computer?

“Crackers is the correct term for what are commonly known as “Hackers. While a Hacker's primary intent is to gain access to computers to see if it can be done and to gain knowledge about them – and to possibly play some harmless pranks – a Cracker's (term from the old ‘safe cracking’ days?) primary intent is to gain access for malicious intent, i.e. installing various types of viruses, setting up adware and/or spyware, keystroke loggers, etc.

“Okay, so Crackers are bad for computers; how did my brand new computer – that I just hooked up – get so messed up already?

Crackers work overtime during the holiday season, starting around Thanksgiving, coming up with new ways to attack the new, unsuspecting, users that will be coming online soon – they know a new computer is most vulnerable the first time it comes online. Unfortunately, as with any new gift, the recipient is anxious to get their new computer set up and to start “surfing the Net as quickly as possible. But the Net, or …

Unfortunately, nothing is going to protect you completely.

Merriam-Webster should not be a problem; I've heard a few complaints about the google toolbar, but I think it should be okay.

You can find more suggestions for keeping your system clean and protected in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html,
in particular the free online virus scans and either SpywareBlaster or SpywareGaurd (or both).

The only possible thing I see in your log is this, unless you know what it's for:
O23 - Service: iPlanet Directory Server 5 (01hw053624) - Unknown - C:\iPlanet\Servers/bin/slapd/server/ns-slapd.exe

Please follow the suggestions in Post #2 for anything not related to your ISP.

Go here for a free online antivirus scans:
http://www.trendmicro.com/en/home/us/enterprise.htm and
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Then try to Enable NAV again. If it still doesn't work, go to Add/Remove Programs in your control panel and uninstall it, and then reinstall it.

Do a search for 'slave.exe,' don't do anything with it, just tell us where you find it (all instances of it if there are more than one).

Close all browser windows, scan with HJT, and post a new log please.

Just so you know, this is part of webshots and it does monitor your browsing habits:
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
(http://www.liutilities.com/products/wintaskspro/processlibrary/launcher/)

If Freeserve is not your ISP, have HJT fix these two:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
(Remember to close all browser windows before fixinging anything with HJT)

Your win min problem may be resolved by updating IE (Internet Explorer) at http://windowsupdate.microsoft.com, or you can get the free security update CD from Microsoft:
http://www.microsoft.com/security/protect/cd/order.asp

You may also find more suggestions here:
http://search.experts-exchange.com/search.jsp?query=win+min&searchType=all&Submit.x=13&Submit.y=6

HAPPY NEW YEAR (10 minutes to go!!)

Unfortunately I had purchased PCorion before I found out about spywarewarrior and their ratings of the program. The good news is that although the techs at Pcoriion said they cannot fix the problem, they have given me a refund.

Well, that's a good sign -- if they gave you a refund, maybe they actually have cleaned-up their act. :) And the fact that their techs even replied to you is noteworthy.

First of all, to Enable NAV, open it, and then click on Options button at the top. In the menu that pops up, click on Norton AntiVirus. In the new window that comes up, look at the bottom for the three buttons that say OK, Cancel, and Page Defaults. Click on Page Defaults, then make sure it put check marks in all three boxes under "How to stay protected.' If it didn't, then check them yourself, and then click OK. NAV should now be enabled.

I don't see Slave.exe in your log anymore; did you try to fix the other stuff or did you determine you needed it?

You can find a link to Hijackthis (aka HJT), as well as other useful advice in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Make sure you get the latest version of HJT (1.99) and post it in the Viruses, Spyware, and other Nasties forum (formerly known as the Security forum)

Did you install the motherboard drivers? And up-to-date drivers for all the other hardware in your computer? Sounds like motherboard drivers to me, do you have the floppy or CD that came with the motherboard (or computer)?

The way I understand it is:

XP Pro can only be reinstalled on another computer one time, after it has been removed from the original computer.

XP Home can only be installed on one computer, ever.

Using your old number won't matter because when you go to activate it, you will get a message to call Microsoft; in which case you will need to explain to them what you are doing and if you have Home, they won't allow you to activate, and if you have Pro, you will have to deactivate your original.

But you can use XP for 30 days at a time without activating it! So just reinstall everything every month! (just kidding, though it is possible :) )

Sorry, but this seems to have been overlooked. If you still need assistance, could you please post a new log?

According to this it can:
http://www.lavasoftsupport.com/index.php?showtopic=54599

There's more info about it here, but it doesn't address Windows Updates:
http://www.pestpatrol.com/PestInfo/V/VX2.asp