1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Power dowm and shut down .

Discussion in 'Windows XP' started by washton, Jan 19, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. washton

    washton Thread Starter

    Joined:
    Jun 24, 2004
    Messages:
    217
    :eek: Powerdown and Shutdown very slow.I had reasons to repair XP.Since ,It does not respond to shutting very well.It takes up to 1 minute to powerdown and 1 minute to finally shut down.Any one any help please?

    running SP2
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Did you uninstall SP2 from Add/Remove Programs before you did the in place repair of XP?

    And, if you did uninstall SP2 first, have you gone to Windows Updates again and done all the Critical/security updates?

    We would still like to see a Hijackthis log, please do this:

    Without closing anything, use the link below, follow the downloading directions,
    when it says you are to open a Reply, use the Post Reply at the top of the thread

    Click here to download HJTsetup.exe
    • Save Hijackthis.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • At the top of the Notepad HJT log screen, hit EDIT then SELECT ALL then click EDIT and then click COPY, doing that copies the text to the clipboard, you won't see it yet....
    • Open a TechSupportGuy forum Reply window for this thread, to have ready to paste the Hijackthis log into. Click once to place the typing cursor in the reply window.
    • At the top of your TSG/browser window, hit EDIT then PASTE
    • You should see your copied Hijackthis log appear in the reply space....then, submit the reply
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. washton

    washton Thread Starter

    Joined:
    Jun 24, 2004
    Messages:
    217
    Logfile of HijackThis v1.97.7
    Scan saved at 6:29:10 PM, on 1/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    E:\Setups & Appls\gcasServ.exe
    C:\Program Files\Blue Security\bluefrog.exe
    E:\Express MailMate\Mailmate.exe
    E:\Setups & Appls\SetPoint\SetPoint.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\oodag.exe
    E:\Setups & Appls\gcasDtServ.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\internet explorer\iexplore.exe
    E:\TOOLS and THINGS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [gcasServ] "E:\Setups & Appls\gcasServ.exe"
    O4 - HKCU\..\Run: [Blue Frog] C:\Program Files\Blue Security\bluefrog.exe
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [Express MailMate] E:\Express MailMate\Mailmate.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Setups & Appls\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136396791765
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: bwh0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwh0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll"
    O18 - Protocol: offline-8876480 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
     
  4. washton

    washton Thread Starter

    Joined:
    Jun 24, 2004
    Messages:
    217
    Logfile of HijackThis v1.97.7
    Scan saved at 6:29:10 PM, on 1/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    E:\Setups & Appls\gcasServ.exe
    C:\Program Files\Blue Security\bluefrog.exe
    E:\Express MailMate\Mailmate.exe
    E:\Setups & Appls\SetPoint\SetPoint.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\oodag.exe
    E:\Setups & Appls\gcasDtServ.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\internet explorer\iexplore.exe
    E:\TOOLS and THINGS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [gcasServ] "E:\Setups & Appls\gcasServ.exe"
    O4 - HKCU\..\Run: [Blue Frog] C:\Program Files\Blue Security\bluefrog.exe
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [Express MailMate] E:\Express MailMate\Mailmate.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Setups & Appls\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136396791765
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: bwh0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwh0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll"
    O18 - Protocol: offline-8876480 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)


    Edit | Quote | Quick Reply

    washton
    View Public Profile
    Send a private message to washton
    Find all posts by washton
    Add washton to Your Buddy List



    --------------------------------------------------------------------------------




    Web TSG
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    YOu did not do as instructed - that is a year's old verson of HiJack
     
  6. washton

    washton Thread Starter

    Joined:
    Jun 24, 2004
    Messages:
    217
    Hi "Distinguished Member",
    The early part of our reply solved the problem. I Installed all the critical downloads and all is well now. Sorry about the "Hijack It" but the INSTRUCTIONS were too much for me.However I have downloaded v.1.99.1.for future.
    Thanks a mill.
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I suggest you post a new log
     
  8. washton

    washton Thread Starter

    Joined:
    Jun 24, 2004
    Messages:
    217
    Logfile of HijackThis v1.99.1
    Scan saved at 4:56:34 AM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    E:\Setups & Appls\gcasServ.exe
    C:\Program Files\Blue Security\bluefrog.exe
    E:\Express MailMate\Mailmate.exe
    E:\Setups & Appls\SetPoint\SetPoint.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\oodag.exe
    E:\Setups & Appls\gcasDtServ.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\program files\internet explorer\iexplore.exe
    c:\program files\internet explorer\iexplore.exe
    E:\TOOLS and THINGS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [gcasServ] "E:\Setups & Appls\gcasServ.exe"
    O4 - HKCU\..\Run: [Blue Frog] C:\Program Files\Blue Security\bluefrog.exe
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [Express MailMate] E:\Express MailMate\Mailmate.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Setups & Appls\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136396791765
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: bw+0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw+0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw-0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw-0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw00 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw00s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw10 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw10s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw20 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw20s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw30 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw30s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw40 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw40s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw50 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw50s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw60 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw60s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw70 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw70s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw80 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw80s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw90 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw90s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwa0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwa0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwb0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwb0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwc0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwc0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwd0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwd0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwe0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwe0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwf0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwf0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwg0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwh0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwh0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download http://www.atribune.org/downloads/HSFix.zip and place it on desktop

    Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Now Unzip the hsfix.zip to desktop and double click the Hsfix.bat file inside the hsfix folder it will create there

    Your taskbar will disappear and the icons on the desk top and in Sys tray will vanish but will return when the fix is complete

    If the sys tray icons don't all come back and sometimes in XP they won't immediately, then reboot & that will restore them.

    ===================

    Fix these with HJT – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

    O18 - Protocol: bw+0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw+0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw-0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw-0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw00 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw00s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw10 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw10s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw20 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw20s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw30 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw30s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw40 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw40s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw50 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw50s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw60 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw60s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw70 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw70s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw80 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw80s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw90 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bw90s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwa0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwa0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwb0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwb0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwc0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwc0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwd0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwd0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwe0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwe0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwf0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwf0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwg0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwh0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwh0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwi0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwj0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwk0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwl0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwm0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwn0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwo0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwp0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwq0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwr0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bws0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwt0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwu0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwv0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bww0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwx0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwy0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)
    O18 - Protocol: bwz0s - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)

    O18 - Protocol: offline-8876480 - {55E7D816-DAD3-47CA-A7C6-6B9312ED3318} - (no file)

    O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.



    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  10. washton

    washton Thread Starter

    Joined:
    Jun 24, 2004
    Messages:
    217
    Sorry ,I couldnt understand everything.(I know I'm thick)but I user Hijack It to fix the files you mentioned,emptied Recycle bin and temporary files and restarted.every thing works OK.
    Thanks,
    This is the new Hijack It:Logfile of HijackThis v1.99.1

    Scan saved at 2:56:01 PM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    E:\Setups & Appls\gcasServ.exe
    C:\Program Files\Blue Security\bluefrog.exe
    E:\Express MailMate\Mailmate.exe
    E:\Setups & Appls\SetPoint\SetPoint.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\oodag.exe
    E:\Setups & Appls\gcasDtServ.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\internet explorer\iexplore.exe
    E:\TOOLS and THINGS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://myplace.westnet.com.au/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myplace.westnet.com.au/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [gcasServ] "E:\Setups & Appls\gcasServ.exe"
    O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] E:\Setups & Appls\gcASCleaner.exe
    O4 - HKCU\..\Run: [Blue Frog] C:\Program Files\Blue Security\bluefrog.exe
    O4 - HKCU\..\Run: [Express MailMate] E:\Express MailMate\Mailmate.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Setups & Appls\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136396791765
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Not thick at all

    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435592

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice