Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log PLEASE HELP DIAGNOSE


  • This topic is locked This topic is locked
20 replies to this topic

#1 sailor67

sailor67

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 13 November 2004 - 03:07 AM

THIS IS THE PROBLEM THAT I'M HAVING:
Intermittently, at no particular juncture in the proceedings, my computer will shut down, while online. This started happening when I went to check my email (MSN). It later started happening at ANY time that I was online. Just reading something, boom, a shutdown. The website, or sites (I use MyIE2) that I visited didn't seem to have a bearing on the event (this was after getting rid of coolwwwsearch, which shut me down every time I tried a site that would get rid of it). I use SpyBot (which will find something every now and then), AVG Free, AdAware, SpywareBlaster, CWShredder, SecretMaker, BHODemon and CCleaner.
I have checked my registry, quite often, and deleted a veritable host of entries from HKEY/Current User/Sofrtware/Microsoft/Windows/Current Version/Internet Settings/P3P/History - these entries are mostly porno site entries, that have not been visited. I delete them time and again, (sometimes, but not always, in safe mode) and they keep coming back. They don't always return right away, but eventually they return. Also, in the registry, go back from P3P to Internet Settings, then to Zone Map and then Domains, There are HUNDREDS of porno web sites listed. I delete them and when they return there are ALWAYS more than the time before. All this has been going on for about three weeks, and I'm getting very frustrated. I will really appreciate help.
This log was after deleting all the junk from the registry and running SpyBot.
Thank you.


Logfile of HijackThis v1.98.2
Scan saved at 1:40:44 AM, on 11/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PowerPanel\upssrv.exe
C:\PowerPanel\upsio.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Ascentive\ActiveTime\AT.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\Program Files\Free Surfer\fs20.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SECRETMAKER\secretmaker.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\SNDVOL32.EXE
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MYIE2\MyIE.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Documents and Settings\fran\Local Settings\Temporary Internet Files\Content.IE5\22B949DC\ccsetup115[1].exe
C:\WINDOWS\System32\notepad.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8082
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\fran\Application Data\Mozilla\Profiles\default\f2lfmdmj.slt\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099291606514

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:52 AM

Posted 13 November 2004 - 06:58 AM

Hi sailor67

Your log looks clean.

I have checked my registry, quite often, and deleted a veritable host of entries from HKEY/Current User/Sofrtware/Microsoft/Windows/Current Version/Internet Settings/P3P/History - these entries are mostly porno site entries, that have not been visited. I delete them time and again, (sometimes, but not always, in safe mode) and they keep coming back. They don't always return right away, but eventually they return. Also, in the registry, go back from P3P to Internet Settings, then to Zone Map and then Domains, There are HUNDREDS of porno web sites listed. I delete them and when they return there are ALWAYS more than the time before. All this has been going on for about three weeks, and I'm getting very frustrated. I will really appreciate help.


All these entries are set by SpywareBlaster to protect you. It is not a good idea to delete them :thumbsup:. These were set to block cookies from those websites.

Internet Explorer 6 added a Privacy tab to give users more control over cookies. There are different levels of privacy on the Internet zone, and they are stored in the registry at the same location as the security zones.

You can also add a site to allow or to block cookies based on the site, regardless of the privacy policy on the Web site. Those registry keys are stored in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
Listed under this key are domains that have been added as a managed site. These domains can carry either of the following DWORD values:
0x00000005 - Always Block
0x00000001 - Always Allow


It is not a good idea to edit your Windows Registry. Incorrect changes to the registry can result in permanent data loss or corrupted files.

In my opinion you are using redundand protection software.
Let's enumerate your collection:
Antivirus software
Grisoft\AVGFREE
AVPersonal

Anti-spy
ewido
Spy Sweeper
Spybot S&D TeaTimer
BHODemon

Pop-up Stopper
Free Surfer
SECRETMAKER

Is this your complete log ? Did you fix anything with HijackThis before posting this log ? I think some startup entries are missing.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 13 November 2004 - 01:14 PM

Well, that explains why those entries keep coming back. I'll leave them. However, how do you explain, or, can anyone explain, why I keep shutting down while online (and actually it isn't a shutdown, it's a restart)? And, NO, I did not fix anything with Hijackthis before running this log. I ran SpyBot and deleted the entries that I told you about.
Thanks again

#4 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:52 AM

Posted 13 November 2004 - 06:25 PM

how do you explain, or, can anyone explain, why I keep shutting down while online (and actually it isn't a shutdown, it's a restart

I can not explain.

Do this:

Click Start --> right click My Computer --> select Properties --> click the Advanced tab --> in the Startup and Recovery section press the Settings button.

Uncheck Automatically restart.

Press the OK button.

You will get the "BSD" - Blue Screen of Death and the error. Post it here when it happens. Could be a software or a hardware problem.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#5 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 13 November 2004 - 10:32 PM

before I do this 2 things:
1; if I'm going to get the Blue Screen of Death how do I then get out of the BSD and back into my machine?
2; I assume that when you say that I'm a bit redundant in the protection department that I DON'T need all of those anti-this and anti-that programs I've installed. Do you have a suggestion on which ones to keep and which to dump? A friend suggested Avast, and I had that at one time and deleted it for some reason that I can't recall at the present, but I do remember that ther was some reason that I preferred AVG Free over Avast. If I'm not mistaken you need to remove most other anti-whatever programs when you use Avast.
Again, thanks.

#6 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 13 November 2004 - 10:50 PM

One other question: in the P3P/History key the values for all those sites is 5, but in Current User/Software/Microsoft/Windows/Current Version/Internet Settings/Zone Map/Domains those sites have a value of 0x00000004 (4). Is that the value that those should be set at?
Thanks!

#7 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:52 AM

Posted 14 November 2004 - 04:58 AM

if I'm going to get the Blue Screen of Death how do I then get out of the BSD and back into my machine?

There should be a reset button. If not, there is always a shutdown button (power button).

Do you have a suggestion on which ones to keep and which to dump

I would keep AVAST. You can scan anytime your HDD online: Trendmicro, Panda, ...
Keep only one pop-up blocker, disable the other one, or better install a toolbar like Google or MSN (popup blocking is included).
Keep Spy Sweeper and disable the other three.

You don't need to uninstall the programs, you can keep them and use them when you wish to scan yopur computer.

User/Software/Microsoft/Windows/Current Version/Internet Settings/Zone Map/Domains those sites have a value of 0x00000004 (4). Is that the value that those should be set at?

This is another story. 4 means Restricted Sites Zone. (sites you cannot acces with Internet Explorer). Other possible values are below:
0 My Computer
1 Local Intranet Zone
2 Trusted sites Zone
3 Internet Zone
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#8 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 November 2004 - 12:44 PM

Thanks for all the help. It is really appreciated. I only have SpySweeper on the 30 trial basis (11 or 12 days left on that) and since I'm currently unemployed I don't plan on buying protection when there are so many good free programs available.
Thank you.

#9 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 November 2004 - 12:46 PM

One other thing AGAIN!
I'm thinking of installing Opera and eliminating a lot of these Explorer problems that way. Any comments or suggestions?
Thanks AGAIN!

#10 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:52 AM

Posted 14 November 2004 - 12:47 PM

Good idea :thumbsup:

There is also FireFox : http://www.mozilla.org
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#11 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 November 2004 - 02:15 PM

cyro,
Ok, I followed your instructions, to the letter, not that they were that difficult, on unchecking the Auto Restart, and I DID NOT get the BSD. What I dd get was an alert bar from System Control Panel Applet. Its message was: "If the pagefile on volume C: has an initial size of less than 0 megabytes, then the system may not be able to create a debugging information file if a STOP error occurs. Continue anyway?" And there were the choices; yes or no.
I've continbued on, I've done this in Safe Mode, done it checked and unchecked, done it going to START and doing a RESTART and a TURN OFF, and nothing has happened. It has acted as if this has made no difference whatsoever.
So...
you earlier asked if that was the entire file from Hijackthis and if I had removed anything with Hijackthis. I have, in the course of owning this computer and running antiviral and antipsyware and etc. programs DELETED files that were infected with viurses and etc. I got to the point with one virus, and I don't remember which one it was, it may have been one that I had to download a specific removal tool to get rid of it with, that if it asked "do you want to delete this file?" I just went ahead and deleted, and I wasn't writing down which files they were. But I do know that it render the "Help and Support" button on the START MENU inoperative and I had to go find SYSTEM RESTORE in the program files and make a shortcut to the desktop to be able to use that function.
So...
her is the latest Hijackthis file. I just ran it while I was typing this up.

Logfile of HijackThis v1.98.2
Scan saved at 1:04:20 PM, on 11/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PowerPanel\upssrv.exe
C:\PowerPanel\upsio.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Ascentive\ActiveTime\AT.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\Program Files\Free Surfer\fs20.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MYIE2\MyIE.exe
C:\WINDOWS\system32\cidaemon.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8082
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\fran\Application Data\Mozilla\Profiles\default\f2lfmdmj.slt\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099291606514

and
THANKS AGAIN!!!!

#12 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:52 AM

Posted 15 November 2004 - 07:59 AM

Hi

First check your virtual memory size and the space available on your HDD:

Click Start --> Run, and then type sysdm.cpl in the Open box. Press the OK button.

System properties windows will open.

In the General tab look for RAM size - should be the last line: for example 256 MB of RAM. Write down the RAM size.

Click the Advanced tab, and then click Settings under Performance.

Click the Advanced tab, and then click Change under Virtual memory.

Under Drive [Volume Label], click the c: drive (or the drive that contains the paging file, most probably it is the C: drive).

Write down and post in your reply:
1. Space available
2. Under Custom size: Initial size and Maximum size

Click several times Cancel to exit.

Note: Do not change the virtual memory settings if you don't know what you are doing. The recommended minimum size is equivalent to 1.5 times the RAM on your computer, and 3 times that figure for the maximum size. For example, if you have 256 MB of RAM, the minimum size is 384 MB, and the maximum size is 1152 MB.
For best performance, do not set the initial size to less than the minimum recommended size under Total paging file size for all drives. The recommended size is equivalent to 1.5 times the RAM on your computer. It is good practice to leave the paging file at its recommended size. However, you may increase its size if you frequently use programs that use much memory.
Microsoft strongly recommends that you do not disable or delete the paging file.

Next:
Go to Start --> Run, and type cmd in the Open box, then click OK to open a command prompt.
Type sfc /scannow, note the space after sfc.

Insert you original Windows CD in the CD-ROM drive. This will restore your protected system files on your computer.

When finished visit again Windows Updates and install all available critical updates.

Your log looks clean. Post only your RAM size, space available on HDD, Initial VM size and Maximum VM size (see above). (VM = virtual memory)

Edited by cryo, 15 November 2004 - 08:00 AM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#13 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 15 November 2004 - 02:21 PM

cyro,
Ram size: 256MB
Space Available: 69571 MB
Initial Size: box is empty
Maximum Size: box is empty

Have performed the cmd and sfc /scannow functions and am on my way to Windowa updates.

Thank you,
Jim L

#14 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:52 AM

Posted 16 November 2004 - 02:15 AM

Hi

Set your virtual memory settings:
Select Custom size and set:
Initial size (MB): 384
Maximum size (MB): 1152

Press the Set button and OK. Press OK several times to exit.
If it asks to reboot, reboot your machine.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#15 sailor67

sailor67
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 16 November 2004 - 05:33 PM

cyro,

set the #'s for INITIAL and MAXIMUM sizes, restored protected files, went back and tried to get BSD. that still didn't work. same reaction as last time: nothing. went to windows and tried to update. the only update that was available was KB842773, which is the BITS 2.0 and the WinHTTP 5.1 updates. downloaded the update and it tried to install the update. that has failed 2x. I have NEVER installed SP2 and it didn't offer that it was available to me. checked my update history and every update I've tried since sometime in July seems to have failed to install. still get nothing when I try the
HELP AND SUPPORT icon on the START MENU.

here is my latest HIJACKTHIS log



Logfile of HijackThis v1.98.2
Scan saved at 4:18:33 PM, on 11/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PowerPanel\upssrv.exe
C:\PowerPanel\upsio.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Ascentive\ActiveTime\AT.exe
C:\Program Files\Propel Accelerator\propelac.exe
C:\Program Files\Free Surfer\fs20.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MYIE2\MyIE.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8082
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\fran\Application Data\Mozilla\Profiles\default\f2lfmdmj.slt\prefs.js)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099291606514

Do I have something terribly screwed up, or what???
I have not had a a "restart" (shutdown) while I've been online since I've done the first things that you've told me to do, but I also haven't had a successful BSD by unchecking AUTOMATIC RESTART, nor have I had a successful windows update.
Believe, if I have time tomorrow a.m. that I'm going to download a different browser. You mentioned Mozilla when I said Opera. Do you prefer Firefox over Opera? If so, why?
So...
until I hear from you again, ...
thanks AGAIN
Jim L




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users