[Jonesiegirl]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:59 PM, on 7/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\dmadmin.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://71.9.57.2:50000/JpegInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dianehardy
O17 - HKLM\Software\..\Telephony: DomainName = dianehardy
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dianehardy
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dianehardy
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dianehardy
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

--
End of file - 7421 bytes

[Cookiegal]

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

If she has no Google programs, delete this folder:

C:\Program Files\Google

Otherwise, just delete this one:

C:\Program Files\Google\Google Toolbar

She doesn't seem to have Adobe Reader or Flash installed but she has only this:

Adobe Flash Player ActiveX

Do you know if she uninstalled Adobe?

Perhaps in favour of ABBYY FineReader? I'm not sure what that program does but it seems to have something to do with reading .pdf documents.

Finally, have you noticed any difference in the performance of the machine?

[Jonesiegirl]

Hi Karen,

I'm the one who took Adobe Reader off of here. I think it's bloated software and as few resources that this Gateway has, I was attempting to free up space. My intention was to install Foxit Reader. Haven't done so, yet.

Should I run HJT again and remove the Adobe Flash Player ActiveX?

I'd like to uninstall the ABBYY FineReader, as well. Diane has pulled out all stops... we're allowed to get rid of anything that we want, other than her ipod programs, and itunes programs.

The performance seems much better.

[Cookiegal]

No, it's listed in Add/Remove Programs in the Control Panel so you should uninstall it from there:

Adobe Flash Player ActiveX

The same goes for ABBYY FineReader if you want to uninstall it.

I also recommend running Secunia from the following link. It will scan programs and report on which ones are outdated and have vulnerabilities and suggest what action should be taken.

http://secunia.com/vulnerability_scanning/online/

[Cookiegal]

You can also uncheck the following in msconfig so it doesn't start up. I'm sure you know how to do that but let me know if you need instructions.

SunJavaUpdateSched

[Jonesiegirl]

ABBYY FineReader is giving me that same wonky error. DriveE error upon installation. I can't uninstall it... nor the AdobeFlashPlayer ActiveX.

[Cookiegal]

Do you know what drive E is on this computer? Is it and external drive?

[Jonesiegirl]

Yes, drive E is her external drive.

Also... I went to the Secunia website. The java applet wouldn't load. I don't know what the deal is, other than I think this pc needs the java runtime environment on it, because it did the same thing at Kasperkys. Remember, I had to go get a fresh download of the java runtime, and then Kasperskys worked? *Shrugs*

[Jonesiegirl]

Good Morning, Karen.

Just wanted to let you know that I never got Secunia to run for me last night.

The good news is that this machine is booting up fast.

It's fairly slow to browse and load pages, but I think that's because it doesn't have much go power in it.

[Cookiegal]

Try connecting the external drive when uninstalling the programs giving you the invalid drive error. It may be looking for the installer on that drive.

[Cookiegal]

Try uninstalling Java then reboot the machine and then reinstall the Java again and see if you can get Secunia to work.

[Jonesiegirl]

Plugging the external in, did the trick. ABBYY FineReader is now history! But, what's strange is that Adobe and a few of it's extensions are now back in the add/remove, without a "remove" option.

Took care of Java, as well...

I'm off to try Secunia, again.

[Jonesiegirl]

Secunia hangs at 2 minutes, 14 seconds, when it starts scanning for missing security updates from Microsoft. I've tried it twice, back to back.

For what it's worth, it didn't find any problems in those 2 minutes, 14 seconds.

[Cookiegal]

Try resetting IE back to default settings. It's possible the security settings are too high. Then see if Secunia will complete the scan.

Also, try running the Windows Installer CleanUp Utility and remove those programs with it. This should not be run if Office 2007 is installed but it's not listed in the uninstall list.

http://support.microsoft.com/kb/290301

[Jonesiegirl]

It's just been since I plugged the external drive in that it's reappeared. I was browsing through the files on the external, and they've got jpegs in there that open with adobe. Weird. I'm gonna go install irfanview and see if that'll help, and set it as the default program.

I think Diane has Office '03... not sure, will check before I run the the tool in the link above.