I've had a toshiba laptop with XP for about 4 years now. I got a D-Link router, set it up with help of a tech (hooked to my desktop) and then got the laptop going. I sure don't remember assigning a password, but it is a secured network. And I'm sure I would have written it down. Now I have a new Toshiba with windows 7. When I connect to the secured network, it shows a password with the astericks, but has a check box to show the characters. I check it, and it shows a 10 digit character. It will not connect for some reason. But it will connect to an unsecured network, which must be a neighbors, and connection seems to be pretty good. I was just wondering it the 10 digit password it shows is correct. My other laptop connects automatically, and I hate to disconnect and the password not be correct. Thanks for any help. Just trying to see if it is a password issue.
thanks again Caperjack. Still no luck. I apply and OK and restart, and it still opens in Linux (I think that's what it is) May be something to do with the "incorrect drive A Type" it shows at the start up. I don't think I should have to select "Boot" or "Computer Setup", it should just open in Windows. May be too complicated problem, possibly professional help that cost $. If you have another idea, let me know. Thanks for your help!
Caperjack, I tried......... this is what I got
Cannot find the file 'msconfig'. Make sure the path and filename are correct and that all required libraries are available.
I put it in search and got nothing. Any idea what's going on? Thanks Caperjack.
my friends laptop which recently had a hard drive installed, has Auditor as the default OS. I have to select Windows during the boot process. When I first turn it on, it shows everything OK, except the last line:
02B2:Incorrect Drive A type - run SETUP
has a box with F1 Boot, and another with F10 Computer Setup. I select F1, and it shows:
Debian GNU/Linux, Kernal 2.6.11-auditor-10 Default
Debian GNU/Linux, Kernal 2.6.11-auditor-10
Windows 2K/XP/2003 (ndal)
I use the arrow to go down to Windows, enter, and it boots up in Windows 2000 Professional.. Does anyone know how I can change it to Windows as the default? Thanks in advance.
Friend has a laptop that has Windows XP, but someone put in a new hardrive and every since she can't get the computer to come up. I'm not a tech kinda guy, but she wanted me to mess with it. When it comes up, I have to hit enter when to boot. When it comes up, it's an operating system called "auditor" or something. It's set as the default. I can switch it to windows in the startup, and it opens Windows NT. Apparenty it doesn't have XP anymore. I was wondering if I could burn my Windows folder on a DVD and put it on hers. Would that work? Or is her only option to purchase XP or Vista? She's at the point where she would rather buy a new laptop before spending a lot on this one. Thanks in advance!
anytime I open a video file, or play a DVD, the player, whether it be Windows Media Player, Intervideo WinDVD, or InterActual - the video automatically opens in full screen and plays. The only way to stop the video is to Ctrl Alt Del over & over till it goes away. Always before, I would have to switch to full screen mode, and even then I had "clicking" control. Is there a video options somewhere I've missed. I can't find in the player options anywhere where its set to automatically open full screen. Thanks a bunch for any replies!
and sorry for posting here.......... I got lost. Moving to another forum.
anytime I open a video file, or play a DVD, the player, whether it be Windows Media Player, Intervideo WinDVD, or InterActual - the video automatically opens in full screen and plays. The only way to stop the video is to Ctrl Alt Del over & over till it goes away. Always before, I would have to switch to full screen mode, and even then I had "clicking" control. Is there a video options somewhere I've missed. I can't find in the player options anywhere where its set to automatically open full screen. Thanks a bunch for any replies!
I have just got my first cell phone with bluetooth capability. My laptop is Toshiba Satellite A105 with Windows XP Service Pack 2. It's 1 year & 2 months old. I've been trying to set up bluetooth on it so I can view the cell phone cam pics, 1.3 Megapixel so I'd like to see the quality. Anyway, I can't find any bluetooth options on the computer. My internet searches have shown that Service Pack 2 has a bluetooth setup wizard, and I have Service Pack 2........but no bluetooth. So do I have to download Service Pack 2, or is there a way I can download the bluetooth setup wizard only? Thanks for any help. I appreciate it.
Rjeffers
Thanks for all your help, Dlh.......actually I have not seen a popup since id did the first cleaning after posting a HJT log. All seems to be fine. I was wanting to get rid of the BHO No Name entries, just because they were there, and wouldn't go away. I searched for the first one in the registry, and it found it in the Internet Explorer folder, in a subfolder titled "Browser Helper Objects". It was there, along with the other files I hadn't searched for yet. I tried to delete, and I got "cannot delete 06CBB302-3027-2876-B64E-B7FB3EDC4AF2, error while deleting key". I'll try something else if you have a suggestion, but if you want me to move on since the original problem has seemed be solved, that's ok too. I appreciate your time so far.
rjeffers
Thanks Dlh........no authz859 was found after cleaning........those BHO no name's won't seem to go away though.........Here's new log
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HIJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06CBB302-3027-2876-B64E-B7FB3EDC4AF2} - (no file)
O2 - BHO: (no name) - {098B2816-B4D3-3673-D079-F2C9806EDCDE} - (no file)
O2 - BHO: (no name) - {B333FFD7-73DB-5379-54CF-1EF25F8EC6AF} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BE709C45-AFC1-EC7A-3096-3BB6E6204E4F} - (no file)
O2 - BHO: (no name) - {CAD9FD7F-C0C0-F76C-BF7B-0F88956FE05A} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Thanks Dlh..........done all, a few files were'nt found. As for the authz859.exe, there was no information in the properties. All I know is it was created 9/13/04. I tried to delete it, but access denied. So I deleted it in safe mode. Here's a new HJT.......thanks again
Logfile of HijackThis v1.99.1
Scan saved at 11:10:21 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\HIJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06CBB302-3027-2876-B64E-B7FB3EDC4AF2} - (no file)
O2 - BHO: (no name) - {098B2816-B4D3-3673-D079-F2C9806EDCDE} - (no file)
O2 - BHO: …
Iv'e just purchased Norton 2005, installed, updated, scanned, and cleaned........plus updated Spybot, AdAware, ran both and cleaned. I'm in good shape, except for 9 popups. They don't bombard me while I'm surfing, usually just when it sets idle for a few hours (I'm on cable). Popups include "Interclick.com / adopt.hbmediapro.com / partypoker.com / SearchInquire / ShopAtHome Select / adopt.hotbar.com / ad.yeildmanager.com" to name a few. I'm also using Firefox only. Popups appear in IE. Thanks in advance for any help.........
rjeffers
Logfile of HijackThis v1.99.1
Scan saved at 9:21:12 PM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\authz859.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\basesrv2.exe
C:\WINDOWS\System32\ndupinwx.exe
C:\WINDOWS\System32\dkfqomrq.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\System32\??chost.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 …
Thanks DMR.......sorry for the late reply, but I've been waiting on it to come up again, but it hasn't showed up. Only when I don't want it to. From what I remember, it says "Server Busy"........and has a "Switch to" and a "Retry" button. If i click "Switch to" it opens the start menu........if I click "Retry", it just comes up again in 1/2 a second. Now I seem to have a few popups. I didn't have a problem with popups until I cleaned my system with Norton. I'm not bombarded with them while I'm surfing, just usually when it sets idle for a few hours. An average of nine will come up.....Inclucing Interclick.com / adopt.mediapro.com / partypoker.com / Search Inquire / ShopAtHome Select ...........I'm gonna post a HJT log in a new post. Thanks again........rjeffers
I should be running pretty clean, yesterday I did a Norton scan, Ad-Aware scan, and Spybot scan. Everything seems OK, but sometimes I get a "Server Busy" window, with a "retry" and a "switch to" option. Neither one will get rid of it. The only way to get it off the screen is to open Task Manager, Processes, and end the svchost.exe "owner" process.
Is svchost.exe a valid file, or spyware related? I shows up as owner, system, or network service in the processes. If I kill the "system" process, I get a blank screen with only the background visible, then I have to reboot to get anything back.
Thanks in advance for any feedback.
rjeffers
Thanks RGPHNX, I just read your reply (I'm at work) I was able to uninstall it through Device Manager, and reinstall by Add Hardware, and it was back to normal (although I didn't try running a disk). But later on it started running again, only difference was that the light was green instead of orange. I uninstalled it again and just left it, but when I restart or boot up it finds new hardware and trys to install it. I cancel the installation and everything is fine, as long as I don't need to use a CD. It's a HP CD-R/DVD drive that's about 2 1/2 years old. Let me know if I just need to check anything else. It's an internal drive by the way. I do have an external
CD-R drive I can use, although it's 4 years old and only 16X Speed. Thanks for your help.
Rjeffers
My CD/DVD Rom is continually running, and doesn't show up as a drive anymore. It's an HP running Windows XP. How can I uninstall it, and reinstall it (drivers?) I have a recovery drive only, and no recovery CD.
It runs continuous, with the led light glowing orange instead of green. It won't open when I push the button. It causes the computer to lock up for about 15 seconds, and it does it about every 2 minutes.
Thanks, any help appreciated
Rjeffers
Hello all, this may be wrong place for posting this, but here goes. I'm looking for a good design program with good fonts, nice effects such as gradients, drop shadows, outlines, etc. Whether your creating a lable, greeting card, or whatever, I like to draw a text box, enter text, grab the corners or sides and drag it to any size or move it to any place I want. I had a simple program with my Cannon printer on my old computer called Cannon Creative. It was excellent. But it hasn't been updated to XP, with no plans to do so.
I've wasted a few bucks on Print Perfect Gold, since you can't tell what your getting by reading the jewel case. So thats why I'm asking you guys. I'll spend 30 bucks........maybe up to 50. I'm considering getting Photoshop off of file sharing, but I'm not into file sharing, especially downloading huge files.
Any suggestions?
Thanks in advance.
hello all.........I'm bad about skipping the windows updates, but a couple of days ago I installed the updates, and since then I've noticed some changes. Me and my wife are the only users of this computer, so I've never set up other users. Now when I start up, I had to click on "Owner", because "Guest User" had been added. I deleted the guest user, and now I get the password box. I just click "ok" and it continues, since I've never set up a password before. Also, when I shut down or restart, I get a drop down men that I have to select from, instead of just clicking the restart or shutdown button. Is any chance that the update made this change, because the top of the window says "windows security", plus is there a way to change it back to the way it used to be? I guess that I'm just not one for change.
By the way, anyone know anything about any of those uninstaller programs like "your uninstaller"? I was just wondering if they were a good thing, or could cause any problems. I know I've got bit n pieces of stuff all over my computer. It claims to clean it up, plus improve your speed. Any thoughts?
Thanks to any and all replys.
This may be the wrong place to bitch........but I bought a hp 7760, looks great and has great features. First day out of the box, it rejects right hand ink cartridge, says its not compatible. 45 minutes later after long support phone call, I have to wait 10 days for a new cartridge to arrive. Next day, install software, action failed. install, uninstall, new hardware wizard, round and round, and still no ink on paper. Also says that the software has not passed Windows Logo Testing........I dowload a newer version (34 MB worth) and still nothing. Next night, 1 hour and 20 minutes on the phone (not so good english speaking rep) and still no ink on paper. Right now it's back in the box and tomorrow it will be back at Office Max.
So, my point is........what is a good photo printer for 200 bucks? I want the viewfinder screen and the media card slots. The 7760 was $129........I would have kept it if the cartridge problem was solved, and I'd get another one if I knew the software would load. (Windows XP, by the way) Any you folks have a good printer suggestion? $400 digital camera needs a good printer.
Hello all, I hate to post someone else's problem, but my friend has an Active X problem on his homepage. Macromedia Flash Player 7 tries to install plugin, and slows everything down. He's ran Adware and spy subtract to no avail. He's posted a HJT log in Tom Coyotes forum with no replies in 3 days. I'm gonna do him a favor, cause this is by far the best place for answers. When it's all clean, it will be Firefox time for him. Thanks for any and all responses!............
Need help with this problem. I can't seem to get this off my computer. My computer is running slow with this Active X program I seem to have had "leech" onto my computer. Your help would be greatly appreciated in removing this from my computer. I have tried Ad-Aware and Spy Subtract but nothing seems to work! Thank You. Here is my spyware log:
Logfile of HijackThis v1.99.0
Scan saved at 11:36:55 PM, on 1/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
…
I've recently switched to Firefox. I was getting the popup for the diet patch, the one that pops up and starts to talk. And a couple other ones too. Before going with Firefox, I ran Adaware, Spybot, and Registry Mechanic, all updated and latest versions. Then I installed Firefox, and everything seems fine, except the popups are still around. They don't seem as frequent though. Usually when I'm away from the computer for an extended amount of time. I haven't used IE since. Only the popups open in Explorer. If I get rid of this, I'm hoping the future will be bright.........here's my HJT log,
Logfile of HijackThis v1.99.0
Scan saved at 9:51:22 PM, on 12/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\authz859.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\Tqi4b5er.exe
C:\WINDOWS\System32\RekO4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.766\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program …
I'm using internet explorer, and fighting spyware and all the other little nasties out there. I noticed in the security forum that some folks have started using Firefox, and problem solved. I've been a bit scared to change something I'm used to, but now at work we are switching to Firefox (I haven't yet, at work) it's works better with our browser base accounting system.
So before I switch at home, will it interfere with anything I used to do on IE, and will my registry be new and fresh, or will the old registry just transfer over? It seems if it's so good, then everybody would do it.
Just wondering if it's a good idea. I'm on a PC at home, and a Mac at work. Thanks,
Randy
I finally got rid of the midaddle trojan, after going to a link I found on this forum (great place, might I add). The midaddle main file is easy to find and delete, but it has two backups that replace the main file when connected to the internet. I deleted the main file through HJT, and then did a search for all .exe files, and looked for the 2 files created the same exact time and date, with a unrecognizable name (gibberish), and deleted them. Problem solved. Although I deleted some other files that I was unsure of, but the time of creation was the same.
Now my question. If it happens again, I should be able to delete the main file with HJT. Reconnect to the internet, and let the backups replace the main fiel. Disconnect.......delete the main file again, then delete the two .exe files that were created at time of re-connection to the internet? That way I would know exactly which ones they were, and not have to delete others that only look suspisious. By the way, the backups names are change daily to prevent adaware and spybot from recongizing them.
Just wondering in case I have to do it again. It was a bitch to remove the first time, so I'll be ready next time. Thanks for any insight.
how do you delete a folder or application when it says
"access is denied. Make sure the disk is not full or write protected and that the file is not currently in use"
I though maybe you could stop the process in the Task Manager, but it doesn't show to be running.
Thanks for any help.
Sorry I'm not answering your question, but I've been looking for a registry cleaner too. Actually I'm looking for a free one. So far they're free.......for the scan. It won't fix anything for free though. Some will fix some, but in my case only about 2 of 150 errors. The Error Nuker is a free scan, but I think thats all thats free. If you wish not to fix anything now, Error Nuker is yours to keep just for reviewing their product. I hope you get an answer. Sorry to reply with no answer.
I've got pop-up driving me crazy. I'm using Pop-up Blocker from Panicware that I've very satisfied with, but I have some that get by it. Mainly "Warning - Your computer may be infected with spyware", and Netzero, a couple different real player music downloads, PowWow web, and all the free dates and romances I could ever ask for. Also, now Pop-up Blocker blocks my internet explorer, so I have to hold the Ctrl button when I open. I've ran Adaware, Spybot, and I have Spywareblaster updated and running. I'm gonna remove Weatherbug, just as soon as I make this post. Thanks for any help..........here's the HJT log.
Logfile of HijackThis v1.97.7
Scan saved at 9:26:42 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\documents and settings\owner\local settings\temp\xrhA.exe
C:\documents and settings\owner\local settings\temp\p.exe
C:\documents and settings\owner\local settings\temp\h6E.exe
C:\documents and settings\owner\local settings\temp\9MCkC.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\documents and settings\owner\local settings\temp\TDnIWi.exe
C:\documents and settings\owner\local settings\temp\Fxcx.exe
C:\WINDOWS\System32\cmpbk324.exe
C:\documents and settings\owner\local settings\temp\K.exe
C:\documents and settings\owner\local settings\temp\Wr9AG.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program …
Crunchie.........I did the Panda online virus scan, and fixed 6 viruses. Seems to have in fixed at the moment. But I don't trust it. I appreiciate all your time and effort. Thanks a bunch. If there's more I need to do, just let me know!
Well crunchie, i did everything you asked.........except on Start.bat I get an error......"can't find reg. keys" or something like that.
Scanning with HJT, I check the boxes and click fix. The about:blank search page is still there, even after changing it back to msn.com.
Anyway, here's the latest HJT log. Thanks for everything so far. Maybe I'll get this licked...........
Logfile of HijackThis v1.97.2
Scan saved at 1:38:33 PM, on 6/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} …
--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--
--==***@@@ ORIGINAL BY FREEATLAST @@@***==--
Sat 06/05/2004
11:24 AM
System Info:
Microsoft Windows XP [Version 5.1.2600]
C: "HP_PAVILION" (E435:BD0F) - FS:NTFS clusters:4k
Total: 54 615 855 104 [51G] - Free: 35 440 762 880 [33G]
*IE version and Service packs:
6.0.2600.0 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\notepad.exe
*Media Player version :
8.0.0.4477 C:\Program Files\Windows Media Player\wmplayer.exe
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;Q822925;Q330994;
Locked or 'Suspect' file(s) found...
Scanning for main Hijacker:
File found was C:\WINDOWS\System32\OAGFC.DLL
Md5 tested As C995A71D17696B228F2B43B2C772A6DA
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4454AB5-8734-43D3-993A-E544B474EC01}]
REGEDIT4
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-icq]
"CLSID"="{db40c160-09a1-11d3-baf2-000000000000}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{C1217EEE-AD15-4F3F-BC76-75943BD2858B}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{C1217EEE-AD15-4F3F-BC76-75943BD2858B}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
*Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Effective permissions for Registry key …Address has only........about:blank. Homepage is now a search engine that just says "Search for..." Here's the log. Thanks for any help!
Logfile of HijackThis v1.97.2
Scan saved at 11:29:41 PM, on 6/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\twain_32.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\oagfc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F4454AB5-8734-43D3-993A-E544B474EC01} - C:\WINDOWS\System32\oagfc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
…
Thanks alot DMR.......I think I've got it solved. I checked disk for errors, and I believe that solved it, plus it picked up my computers preformance. I've been battling spyware and viruses, and think now that I've got them licked. By the way, it would lock up without any applications running. When you move the mouse or hit a key, the screensaver would freeze. Thanks again.....
anybody know? Sometimes I have to hit ctrl-alt-delete to to get the screen back. Computers been running slow latey anyway. Thanks alot...
Just wondering if there was any way to clear it out. When you go to change your homepage, and you type the first w in www., it pop open a list of sites that have either been your homepage at one time, or sites you have visited. I don't think its a problem, but some of them I would never want as a homepage, and I would rather not see them pop up at all. Thanks for any insight.........
Thanks a bunch Crunchie.......seems to have worked. I deleted the mplv7.dll file. I think you said it was exe., but all i found was the .dll file. After rebooting I was prompted to switch back to Normal Start-up mode, which I did. I did not get the bridge error this time. Thanks again. Now finally my wife will quit accusing me of messing up the computer.
It seems to be a popular error............I appreciate the help. Let me know if I can do anything to help you guys. I'm not up on computers enough to be a help to anyone. BTW, I'm not using Limewire or Kazaa anymore. I have a good feeling thats where my problem came from. Thanks again. Here's the log:
Logfile of HijackThis v1.97.2
Scan saved at 10:45:04 PM, on 5/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\mplvw7.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 216.177.73.139 ieautosearch
O1 - Hosts: 217.116.231.7 aimtoday.aol.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll