1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Here for a checkup, plus a ?

Discussion in 'Virus & Other Malware Removal' started by Virginian17, Apr 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Virginian17

    Virginian17 Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    45
    Hi again,

    I think I may have gotten rid of what was ailing my computer by running Spybot and Ad-aware, but I want to make sure. Computer was running slow (seems better now). In addition, I would occasionally get an auditory pop-up that didn't seem connected with whatever site I was on at the time. All of a sudden the computer would offer, "Type what you want me to say!" No, I am not having auditory hallucinations, but I would like a checkup.

    Can you please check my HT log and make sure it's okay?

    Also, I saw in a post below someone else having trouble because they kept getting a message that the printer ink had run out. I get the same message, even though I have refilled all ink cartridges. I can still print, but the copier function won't work as a result. Maybe my printer/copier doesn't like the inexpensive refills (I bought those ones with ink and a syringe), but it's annoying, because the ink cartridges are clearly full.

    In the post below, the person was told to do something with the Gateway InkMonitor entry on his or her HT log. However, I don't think my log has such an entry. Is there any way I can bypass the ink monitor function on my machine? I don't see any way to control it on the printer's (Xerox WorkCentre) program. When I do a search for files containing the words Ink monitor on my Gateway computer, I get NS0, NS1, NS2, NS3, DAT, and RSC files (I don't know what that means at all). I don't see any file called GWInkMonitor.exe, which is what the person below was told to find. Even if I could find such a file, I wouldn't know what to do with it. Can you help, using very simple English?

    Thanks in advance for any help you can give.
    Virginian17

    Logfile of HijackThis v1.95.0
    Scan saved at 11:49:45 AM, on 04/22/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\XWMSAPI.EXE
    C:\PROGRAM FILES\XEROX\CONTROLCENTRE 2.0\TEXTBRIDGE PRO 9.0\BIN\INSTANTACCESS.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\XEROX\CONTROLCENTRE 2.0\PAGIS\MONITOR.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NORTON~4\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
    O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [XWMSUSBAPI] XWMSAPI.exe
    O4 - HKLM\..\Run: [ControlCentreTray] C:\PROGRAM FILES\XEROX\CONTROLCENTRE 2.0\XWCTRAY.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\XEROX\CONTRO~1.0\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\XEROX\CONTRO~1.0\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\XEROX\CONTRO~1.0\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Pagis Schedule Monitor.lnk = C:\Program Files\Xerox\ControlCentre 2.0\Pagis\Monitor.exe
    O4 - Startup: PowerReg Scheduler.exe
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://a320.g.akamai.net/7/320/1456/v4114c/www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {E344ADA2-75B6-4E7E-B221-0A04FD5B0165} (MaxisPublishX Control) - http://thesims.ea.com/us/teleport/MaxisPublishX.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.6937268519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
  3. Virginian17

    Virginian17 Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    45
    Now I do see an ink monitor! Can I do something with that?

    Thanks for looking at my log.
    Virginian17


    Logfile of HijackThis v1.97.7
    Scan saved at 4:56:45 PM, on 04/22/2004
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\XWMSAPI.EXE
    C:\PROGRAM FILES\XEROX\CONTROLCENTRE 2.0\TEXTBRIDGE PRO 9.0\BIN\INSTANTACCESS.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\XEROX\CONTROLCENTRE 2.0\PAGIS\MONITOR.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
    C:\PROGRAM FILES\XEROX\CONTROLCENTRE 2.0\XWCTRAY.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NORTON~4\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\POProxy.exe
    O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [XWMSUSBAPI] XWMSAPI.exe
    O4 - HKLM\..\Run: [ControlCentreTray] C:\PROGRAM FILES\XEROX\CONTROLCENTRE 2.0\XWCTRAY.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\XEROX\CONTRO~1.0\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\XEROX\CONTRO~1.0\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\XEROX\CONTRO~1.0\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Pagis Schedule Monitor.lnk = C:\Program Files\Xerox\ControlCentre 2.0\Pagis\Monitor.exe
    O4 - Startup: PowerReg Scheduler.exe
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://a320.g.akamai.net/7/320/1456/v4114c/www.pulse3d.com/players/english/PulsePlayerAxWin.cab
    O16 - DPF: {E344ADA2-75B6-4E7E-B221-0A04FD5B0165} (MaxisPublishX Control) - http://thesims.ea.com/us/teleport/MaxisPublishX.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_0.ocx
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37875.6937268519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
     
  4. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Okay, that's better. There's really not much of anything pest-wise. You can fix these two entries.

    Close your browser and check the following entries in HJT. Click Fix and then REBOOT.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


    Rather than using HJT to fix your ink monitoring problem, just disable it from running on startup.

    O4 - Startup: Pagis Schedule Monitor.lnk = C:\Program Files\Xerox\ControlCentre 2.0\Pagis\Monitor.exe


    Go to Start > Run > MSCONFIG > Startup tab > then find that entry in the list and uncheck it. You'll need to reboot for the change to take effect.

    :)
     
  5. Virginian17

    Virginian17 Thread Starter

    Joined:
    Jun 25, 2003
    Messages:
    45
    All done now. Thanks very much for your help, buckaroo! You guys run a great place here.
     
  6. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    You're welcome! (y) ....and don't forget to visit the gift shop on your way out.

    :)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Here checkup plus
  1. dnnspnglnn
    Replies:
    1
    Views:
    340
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222920

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice