|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
05-20-2005, 01:54 PM
|
#31 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup programs
when i restarted my pc i got this message:
you have used the system configuration utility to make changes to the way window starts. the system configuration utility is currently in diagnostic or selective start up mode, causing this message to be displayed and the utility to run everytime window starts. choose normal start up mode on the general tab to start windows normally and undo the changes you made using system configuration utility. what shall i do? when i choose normal mode ill be having those 50 start up programs again. |
|
|
|
05-20-2005, 02:04 PM
|
#32 |
|
Moderator
Staff
Premium Member
Join Date: May 2004
Location: Baltimore, MD
Posts: 2,941
 |
IIRC, there's a checkbox on that dialog that you can toggle to make it so it doesn't pop up that message at every startup.
__________________
Computer: Intel Core i5-750 2.66 GHz quad-core processor @ 3.71 GHz | Asus P7P55D-E motherboard | Crucial 4 GB DDR3-1333 RAM | nVidia GeForce 8600GT | 2x WD Caviar Black WD1501FASS 1.5TB hard drives in RAID 1 | Antec Sonata III case with Antec EarthWatts 500-watt PSU | Dual Dell UltraSharp 2408WFP 24" widescreens | Windows 7 Ultimate 64-bit Other: 2005 Subaru Legacy 2.5GT sedan 5MT | Samsung Epic 4G Smartphone | Mamiya M645 1000S medium-format SLR with 55mm f/2.8, 70mm f/2.8, 210mm f/4, teleconverter, 120 and 220 film backs | Olympus E-PL1 Micro-4/3s DSLR with 14-42mm and 40-150mm lenses |
|
|
|
|
05-20-2005, 02:18 PM
|
#33 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup programs
i toggled the checkbox already. is my system safe and sound now?
|
|
|
|
|
05-20-2005, 02:28 PM
|
#34 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
I wouldn't count on it, we need to make more checks first.
Is the system starting up ok now? does the utility box appear when you boot up? is the system running any faster/smoother? and how many checks do you have in MSCONFIG start up now?
__________________
Niwa no niwa ni wa, niwa no niwatori wa niwaka ni wani o tabeta. |
|
|
|
05-20-2005, 02:56 PM
|
#35 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup programs
yes the system is starting normally now. the utility box does not appear anymore. i got 2 checked items on my msconfig. i did noticed that opening applications seem faster now than before and my cpu usage is in 30 to 40% unlike before its always in the 80s. i seldom hear whirring sound in my cpu now.
|
|
|
|
|
05-20-2005, 03:19 PM
|
#36 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
If you are up for it, a little spring cleaning should improve matters even more.
In your situation now this is what I would do. Update AVG7. Update Microsoft antispyware. Install and update with the latest definitions Adaware 1.05 from here and spybot search and destroy from here. Completely uninstall all of your Norton products, it is not a good idea to have two antivirus programs running and of the two AVG is better it uses less resources. By default windows will not delete a program or anything else that is open or in use in any way, now that you have shut down the dreaded "fifty" you may have stopped some of your "nasties" from starting up and after updating the programs I have mentioned it would be well worth running them all imediately after update. Once you have done this we can talk about running an online scan at trendmicro, and hopefully we will be a little closer to getting control back of that machine. |
|
|
|
|
05-20-2005, 04:18 PM
|
#37 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup programs
i have my norton AV removed already. shall i remove my norton personal firewall too? whats the difference between adaware 6.0 and adaware 1.5? i have 6.0 installed.
|
|
|
|
|
05-20-2005, 04:24 PM
|
#38 | |
|
Moderator
Staff
Premium Member
Join Date: May 2004
Location: Baltimore, MD
Posts: 2,941
|
Quote:
|
|
|
|
|
|
05-20-2005, 04:29 PM
|
#39 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
According to your HJT log you have already got SP2 installed so there is no real need for the Norton firewall and again they will probably conflict with one another.
As Fulton says 6.0 is outdated and no longer supported so upgrade to adaware 1.05 SE. Do you have icons for Security Center and Windows Firewall in your control panel? |
|
|
|
|
05-20-2005, 04:53 PM
|
#40 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup programs
my norton personal FW has already been removed. i alreday installed adaware 1.5. i scan my system with:
avg - no virus found spybot - 5 items found (DSO EXPLOIT) removed adaware - 2 items found (tracking cookies) removed MS antispyware - no item found |
|
|
|
|
05-20-2005, 04:54 PM
|
#41 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup programs
yes, i do have the icons in my control panel.
|
|
|
|
|
05-20-2005, 05:31 PM
|
#42 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
With those two icons in your control panel that means SP2 is installed and the windows firewall should be working.
With those results from the scans that means we are getting close to a clean machine. One last scan for now, housecall from trend micro, this is a really good online scanner. http://housecall.trendmicro.com Select the free online scan and when prompted allow the active X control to be installed, check My Computer and auto clean, then click scan. What is your cpu usage like at the moment? |
|
|
|
|
05-20-2005, 07:29 PM
|
#43 | |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,163
|
Quote:
|
|
|
|
|
|
05-20-2005, 07:34 PM
|
#44 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup programs
i just had my norton peronal FW removed and did a housecall online scan. the result is clean.
|
|
|
|
|
05-20-2005, 07:35 PM
|
#45 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
cpu usage
the cpu usage during the scan is 3 - 52% with 33 processes in it.
|
|
|
|
|
05-20-2005, 08:02 PM
|
#46 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
This is good news, now that we have cleaned out the infection its time to heal the wounds and take some preventative medicine.
Download "Easycleaner" here this is a registry cleaner and unwanted/ unnecessary file remover. This is the latest version that will clean up your registry, clear out your temporary internet files and clean up your cookies, use it to remove any unnecessary files but do not use the duplicate file remover, this tool can be a little hazardous to your system files and is capable of destroying your XP. Quote:
Last edited by rjfvillarosa; 05-20-2005 at 08:07 PM. |
|
|
|
|
|
05-20-2005, 08:23 PM
|
#47 | ||
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Compare this.
Quote:
Quote:
|
||
|
|
|
|
05-20-2005, 10:02 PM
|
#48 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
easycleaner
i just had my hard disk defragged. when i ran the easy cleaner i have 3 temp files that cant be removed. it says that the file is in used.
|
|
|
|
|
05-20-2005, 10:09 PM
|
#49 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Quote:
How is the system running now? What you need to do now is use your all in one and your webcam to make sure they are working ok even though they are switched off in msconfig. Do you use msn messenger? |
|
|
|
|
|
05-20-2005, 10:33 PM
|
#50 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
easy cleaner
yes they are in the unnecessary file remover. the system is running smoothly now.. windows open faster than before same with my internet browser. i tried to test my webcam and printer and they are working properly. im using yahoo messenger.
|
|
|
|
|
05-20-2005, 10:41 PM
|
#51 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
In your first post I noticed that messenger is running, this is probably messenger 4.7 which comes bundled with XP and is meant for talking to people on your LAN not for internet use, it is worth getting rid of it as it is another resource hog.
Cut and paste this whole script into your "run" dialog box, where you type msconfig and 4.7 will be uninstalled. RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove If you ever want 4.7 back for any reason you can reinstall it from your XP disk. Keep an eye on the start up list make sure nothing adds itself after you use it like your all in one or webcam, there is another one to look out for aswell in "start up" qttask, this is the media player quick time and again some people consider it to be spyware. When you are happy your machine is running OK and responding reasonably quickly we can talk about some registry tweeks to make things even smoother. |
|
|
|
|
05-20-2005, 10:52 PM
|
#52 | |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
system cleaning
Quote:
i had the msn messenger removed. what is qttask? i have quick time installed because i think its bundled with ipod software. shall i uninstall it? |
|
|
|
|
|
05-20-2005, 10:59 PM
|
#53 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
There is no need to uninstall it but what you will notice is any time you view a quicktime video file in IE or whatever it will re-enable it self in the start up list, my main machine has 1.5 gig of ram, it makes editing my website easier, but an old Pentium 3 processor, the machine runs great, but only because I am fanatical about watching what is in the start up list, it doesn't take a lot to cause this old processor to breakout in a sweat.
Can you post a new HJT log? |
|
|
|
|
05-20-2005, 11:03 PM
|
#54 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
startup list
shall i always maintain the 2 checked items (avg) in my start up?
|
|
|
|
|
05-20-2005, 11:04 PM
|
#55 |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Yes and UdReg (windows automatic update)
|
|
|
|
|
05-20-2005, 11:06 PM
|
#56 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
latest logfile
heres my HJT log now:
Logfile of HijackThis v1.99.1 Scan saved at 11:04:04 PM, on 5/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\Messenger\YPAGER.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\RunOnce: [DeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\WINDOWS\Temp\DeleteMe.bat" O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/...or/Outside.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos8.msn.com/r/neutral/con....cab?9,0,917,0 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322 O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE |
|
|
|
|
05-20-2005, 11:11 PM
|
#57 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
windows update
richard, i cant find UdReg in my msconfig startup list. i cant enable it.
|
|
|
|
|
05-20-2005, 11:16 PM
|
#58 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
That looks pretty clean to me, I also cut and pasted it into the analyser on the HJT website and the only things it came back with was your AOL and Google toolbars, but I wouldn't worry about them too much.
On a personal note I never use any toolbars I think they are all hiding something, but as long as your CPU is running nice and low and your machine is responsive leave well alone. I think it's time to sit back and give yourself a pat on the back, it looks good to me. Quote:
Last edited by rjfvillarosa; 05-20-2005 at 11:19 PM. |
|
|
|
|
|
05-20-2005, 11:22 PM
|
#59 |
|
Member (6 bit)
Join Date: May 2005
Posts: 41
|
aol toolbar
im not using aol now and i already uninstall it. why there is still aol toolbar in my system?
|
|
|
|
|
05-20-2005, 11:24 PM
|
#60 | |
|
Staff
Premium Member
Join Date: Sep 2004
Location: Cardiff, Wales. UK
Posts: 6,555
|
Quote:
Never mind just stick with the two AVG ones. |
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
