This is just ridiculous.

[EQPlayer]

Alright, I'll start with the usual. I've got a Dell Latitude C840 Laptop. P4 2.2GHz, 1024mb RAM, GeForce 4 440 Go, 40 Gig HD. Running Windows 2000.

My problem is that at the moment, the computer is completely choked even when idling on the desktop. No running applications on Task Manager. If I go to Performance, the CPU usage graph looks like a jagged mountain range, with long periods of being pegged at 100%. This is, once again, with nothing running. So of course, when I try to run something, usually WoW, it bucks, skips, and jerks around horribly, quite unplayable. I've defragged the HD, run Symantec Antivirus (both in safe mode). I've repeatedly cleaned the system with Spybot and Ad-Aware, and the computer simply _won't_ idle properly. You know how you can hear the computer "thinking"? That whiney, squeely noise that is usually loudest at startup? Yeah, my laptop is always that way. I just can't figure out what they heck is wrong with it. Any ideas?

[Statica]

A few things you can do are:
1) Check with something other than Symantec (like http://housecall.antivirus.com )
2) Check your startup services and start programs using msconfig, and disable anything that you can
3) Do some housecleaning of your computer :
- Clean out Temp files from (C:\Documents and Settings\Your username\Local Settings\Temp
- Clean out temp internet files
- Clean out your recently used document list (c:\Documents and Settings\your username\Recent)
- Clean out the prefetch directory: C:\WINDOWS\Prefetch
- Do some maintenance on your desktop, remember that if you've got too many files on your desktop, its an added stress to your computer.

I've seen issues where simply cleaning out the Recent document list seems to help the hard drive from thrashing around.

[EQPlayer]

Quote:

Originally Posted by Statica A few things you can do are: 1) Check with something other than Symantec (like http://housecall.antivirus.com ) 2) Check your startup services and start programs using msconfig, and disable anything that you can 3) Do some housecleaning of your computer : - Clean out Temp files from (C:\Documents and Settings\Your username\Local Settings\Temp - Clean out temp internet files - Clean out your recently used document list (c:\Documents and Settings\your username\Recent) - Clean out the prefetch directory: C:\WINDOWS\Prefetch - Do some maintenance on your desktop, remember that if you've got too many files on your desktop, its an added stress to your computer. I've seen issues where simply cleaning out the Recent document list seems to help the hard drive from thrashing around.

Well, I know about msconfig, but for some reason, when I try use Run to open it, Windows comes back with "Cannot find the file "msconfig" (Or one of it's components) blah blah blah...."

Not a clue what that is about.

[EQPlayer]

Alright, there was something weird about that link in your post. I use Maxthon, but the scanner never loaded on that page. So, I opened it with IE, but when I got to the page, it said "Your security settings prevent using AvtiveX controls on this page. As a result, the page may not load correctly". Of course, nothing showed up. Now, it does the same thing on My Computer. I click it, and the same emssage pops up, and my drives won't show. Completely blank. Bah.

[EQPlayer]

Alright, so I just restarted the computer. After logging in, the same ActiveX message popped up, and 3/4 of the desktop is a giant white space. Not the start bar, just the wallpaper. Ugghhhh.

[glc]

Win2000 does not have msconfig. You can copy msconfig.exe from a XP box, drop it into c:\windows, and use it.

Take a look in the Security forum at the sticky thread, and get HijackThis. If you need help with it, post a log after doing the prerequisites.

EDIT: Just remembered - Dell Latitudes with Win2000 have issues with the original MS04-011 security patch.

http://www.microsoft.com/technet/sec.../MS04-011.mspx

I'd look in add/remove programs for KB835732 and uninstall it - then reinstall SP4 and go to Windows Update to get the rest of the hotfixes.

[EQPlayer]

Alrighty, here is my log.

Logfile of HijackThis v1.99.0
Scan saved at 11:32:34 AM, on 2/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\syspi32.exe
C:\Program Files\Dual-Band Wireless A+G Notebook Network Adapter\WPC55AG.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\Bzntyp.exe
C:\WINNT\system32\sysib32.exe
C:\WINNT\system32\qpws32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\winlogons.exe
C:\WINNT\system32\wipv6.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINNT\system32\winlogons.exe
C:\Documents and Settings\Nick\Application Data\trdb.exe
C:\WINNT\system32\r?ndll.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\DOCUME~1\Nick\LOCALS~1\Temp\19.tmp
C:\WINNT\system32\tibs5.exe
C:\WINNT\system32\cmd.exe
C:\Documents and Settings\Nick\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\veyxx.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\veyxx.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\veyxx.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\veyxx.dll/sp.html#27130
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\veyxx.dll/sp.html#27130
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\veyxx.dll/sp.html#27130
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\veyxx.dll/sp.html#27130
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B630A5BA-B310-A0B3-8744-11C964484AC9} - C:\WINNT\system32\ipxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WMP55AG.exe] C:\Program Files\Dual-Band Wireless A+G Notebook Network Adapter\WPC55AG.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WIN32 Configuration Loader] win32help.exe
O4 - HKLM\..\Run: [13.tmp] C:\DOCUME~1\Nick\LOCALS~1\Temp\13.tmp.exe 2 10001
O4 - HKLM\..\Run: [tibs5] C:\WINNT\system32\tibs5.exe
O4 - HKLM\..\Run: [version] C:\WINNT\system32\Taooqg.exe
O4 - HKLM\..\Run: [secure] C:\WINNT\system32\Bzntyp.exe
O4 - HKLM\..\Run: [sysib32.exe] C:\WINNT\system32\sysib32.exe
O4 - HKLM\..\Run: [WDrvr32SSL] qpws32.exe
O4 - HKLM\..\Run: [Windows Logon Authority] winlogons.exe
O4 - HKLM\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKLM\..\Run: [19.tmp] C:\DOCUME~1\Nick\LOCALS~1\Temp\19.tmp.exe 1 10001
O4 - HKLM\..\RunServices: [WIN32 Configuration Loader] win32help.exe
O4 - HKLM\..\RunServices: [WDrvr32SSL] qpws32.exe
O4 - HKLM\..\RunServices: [Windows Logon Authority] winlogons.exe
O4 - HKLM\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [WDrvr32SSL] qpws32.exe
O4 - HKCU\..\Run: [Windows Logon Authority] winlogons.exe
O4 - HKCU\..\Run: [Windows IPv6 Drivers] wipv6.exe
O4 - HKCU\..\Run: [Brct] C:\Documents and Settings\Nick\Application Data\trdb.exe
O4 - HKCU\..\Run: [Khxoeuqn] C:\WINNT\system32\r?ndll.exe
O4 - HKCU\..\RunServices: [WDrvr32SSL] qpws32.exe
O4 - HKCU\..\RunServices: [Windows IPv6 Drivers] wipv6.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to AD Hunter - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/beta_reg/soesysinfo.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...15/mcfscan.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: qhgudnx - Unknown - \\152.15.232.147\Documents and Settings\Winzip32.exe (file missing)
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: OfficeScanNT Listener - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe
O23 - Service: yiuoau - Unknown - \\152.15.232.147\Documents and Settings\Winzip32.exe (file missing)
O23 - Service: Network Security Service - Unknown - C:\WINNT\system32\sysmv32.exe (file missing)

[glc]

You did not follow the procedures in the sticky thread. You have a ton of spyware and stuff, you must run the directed scans before posting a log. I'm not even going to try to analyze that log. A cursory look at that, and I'd be reformatting. It will be quicker than trying to clean that mess up. You have not been keeping up with the Windows critical updates (you DO have SP4, but your IE has never been updated, and this tells me that you have NO post-SP4 hotfixes, there are currently 41 critical items since SP4, and IE6 SP1 will be the first to install), and you have some spyware that's very difficult to remove.

[digitalfreedom64]

I really hate to suggest to someone to reformatt, but in this case there really isn't much way around it. As GLC said it'll be much quicker than trying to remove the tons of spyware you have piece by piece. And may I suggest that when you get done reformatting that you keep up to date with ALL windows updates and you won't have this problem again.

[EQPlayer]

Quote:

Originally Posted by glc You did not follow the procedures in the sticky thread. You have a ton of spyware and stuff, you must run the directed scans before posting a log. I'm not even going to try to analyze that log. A cursory look at that, and I'd be reformatting. It will be quicker than trying to clean that mess up. You have not been keeping up with the Windows critical updates (you DO have SP4, but your IE has never been updated, and this tells me that you have NO post-SP4 hotfixes, there are currently 41 critical items since SP4, and IE6 SP1 will be the first to install), and you have some spyware that's very difficult to remove.

I never updated IE because I never use it. That and I didn't even know you have to update it. Or anything, for that matter.

Anyway, the sticky didn't tell me any procedure. it just said "Say why your using the program, make sure you run stuff like Spybot / Ad-Aware first, and don't run any programs in the background". Didn't say a thing about what to actually do with the program.

Oh, and I don't ahve the Windows disk, so I don't think I can reformat.

[dewild1]

Even a brand new PC will get infected as soon as you get on the internet... The spyware and viruses of today are quick to penetrate.

Use www.Trend.com, Internet Security 2005 for anti virus; For spyware, www.SpyBot.info, www.pestpatrol.com for anti spyware. (when Microsoft's anti spyware gets released, that may be better. Pest patrol does a better job of cleaning, spybot has the "teatimer" system protection and some scanning quality) (trend has a built in firewall, anti virus that updates every 3 hours, it will not slow your system to a crawl like the others, and it helps protect from spyware but it only does a 10% job, this is why you need all three )

Set up Trend first, update, scan for spyware, clean all.
Change settings under, System, scan settings, manual scan to never prompt, clean, delete.. Apply... Then RealTime scan, change to never prompt, clean, delete,,, apply.. Select Spy ware, Activate it, select all the types,, Apply
Go to Updates and Registration, Update setings and select Do not require... and Do not show... Then Outbreak Warning, uncheck it. (you will already be updating every 3 hours, there is no need to get nagged)

Set up Pest patrol and update and scan. Go into options and select nothing to run on boot.

Set up spybot, update and scan. MAKE SURE YOU SELECT THE TEATIMER during install.

Set 3 new automatic system tasks…. Click on Start, All Programs, Accessories, System Tools, Schedule tasks.
Add a task for c:\program files\pestpatrol\ppudate.exe. Set it to daily, wait for idle time and Stop when the computer stops being idle.
Another one for c:\program files\pestpatrol\ppcontolcl.exe. Scan while idle and Stop when computer..... Make sure you set that one for 10 min after the ppupdate. Open it back up, paste this into it, "C:\Program Files\PestPatrol\PestPatrolCL.exe" c:\ /NoLogAfter /hard /Delete /thorough /extensions=ALL

Within Spybot, select mode and advanced and then settings, make it automatically update without warning and automatically select new updates, etc.
Make a new schedule through the SpyBot interface and have it close and clean automatically. (rough directions through memory, sorry)

You have one installed, WDrvr32SSL qpws32.exe, that is a new virus-spyware... Pestpatrol, spybot and Trend do not have a fix for it yet. Just go through the registry using Find and delete everything that has those words, You will need to end the qpws32 task first because it will keep putting it's self back in as soon as you delete it.
If you can not install all the utilities, start Windows in safe mode by pressing the F8 key on bootup and delete everything in the registry under, hkey_current user, software, Microsoft, windows, current version, run AND run once AND Run services.... everything but "OptionalComponents"... (you can reinstall your printer and other stuff if necessary, LATER)
Also, hkey_local machine, software, microsoft, windows, current version, run AND run once AND Run services.
Don’t forget to get rid of qpws32 too.
If you can not install the utils normally, also, while in safe mode, install SpyBot and pestpatrol, and scan.

I have been doing this stuff for 20 years, Norton and MacAfee, SUCK. The above system works even on the most infected systems. I will have step by step instructions, without (spelling and grammar errors ), up at my web site www.6777777.com soon. If you need help, I can walk you through every step and fix your system, over the phone.

[glc]

Yes, you really are using IE - Maxthon is based on IE with all its vulnerabilities. It's just hiding all the nasties from you.

You must have a proactive approach toward security these days. Microsoft puts out Windows critical updates for a reason. If you are surfing questionable sites, you WILL (not "might") get malware and it has to be kept clean or it will get to a point where it's very difficult to do anything about it. If you don't have your Windows CD, start cleaning. Get an online virus scan from housecall.trendmicro.com and download/install/run the new Microsoft antispyware application - this should be a good start. Then take a visit to Windows Update and get all caught up. Scan a few more times with antivirus and antispyware apps, it may get to the point where you can post another log and we can manually finish junk removal.

You have the about:blank hijacker. Google for "aboutbuster", download it, update it, and run it a few times. Remove all those O15 items from your trusted zone. It also wouldn't hurt to download and run CWShredder.

Download "winsockxpfix" and have it ready to go - the removal of all that crap may break your Internet connectivity and you will need to run that to get it back.

[dewild1]

majy.exe
kansup.reg
trufkz.html
x.bat

Are all contained in "a.exe".
They download the new spy ware, qpws32, from one of these sites,
http://www.mt-download.com/mtrslib2.jsDONOTCLICK
http://static.windupdates.com/prompt...7.jsDONOTCLICK
http://data.overpro.com/getActivex.aspxDONOTCLICK
After their program edits the registry to "trust" those sites.
Trend does detect majay but the qpws32.exe is not detected as of yet.
I think we should track a few spy ware and virus makers and hang them on a pole until they are DEAD then the rest might switch to a nicer profession.

Just kidding, but I have promised many clients that I would beat the crap out of one if I ever find one. I have seen businesses almost crumble, clients cry, buy new computers and go through hell because of these jerks.. When will the FTC ever step up and protect it's people?

[admviper]

In your hijack this log there is an entry wipv6.exe. This is a new virus that hit on Friday, it took downthe universiy I work for. Its a variant of the sdbot vrius. So far Sophos is the only anti-virus group to mention it. You can find some infor here
http://www.sophos.com/virusinfo/anal...32sdbotvj.html

[rightcoast]

I do not support cracking PC's (obviously) but there is a major problem with your statement about the FTC dewild. It is easy to lose perspective on this living in America, but in Estonia, Korea, China, Zaire, Netherlands etc...They are as worried about the FTC as they are of Mickey Mouse.

I repair PC's to, don't you think it would be more effiecent, or would have been anyway, to just back up the docs folder, app data, etc. That takes an hour. Reinstall one more hour. Apps and data back on, one hour tops. add an hour for unforseen difficulties, there always are.
That gives you four hours, tops.
I couldn't clean that machine in 8 hours if I was in front of it. That user has 2 seperate versions of CoolWebSearch, aboutconfig and bootconf. Good luck with that hosts file. There is a chance when blazefind comes off they will need to get to the registry in a PC that can't logon, to edit the userinit.exe There is slim chance someone who said

Quote:

I never updated IE because I never use it. That and I didn't even know you have to update it. Or anything, for that matter.

can edit a registry from the recovery console.

I definitely am not picking on you, don't take it that way, it isn't my style. Besides, it doesn't matter the user says they won't format. Though I recommend rethinking that. That computer is a comprimised as they get. Sure it's just viruses and malware, but it's a lot. Who's to say there isn't a homecoded keylogger or server running. Not for nothing but you can write a pretty small server with about 12 lines of perl. No virus detector will find it. The key is keeping it off in the first place.

To eqplayer...
Most of dewild's advice is spot on, and the programs are great
However if you do this, you will be reformatting like it or not.

Quote:

If you can not install all the utilities, start Windows in safe mode by pressing the F8 key on bootup and delete everything in the registry under, hkey_current user, software, Microsoft, windows, current version, run AND run once AND Run services.... everything but "OptionalComponents"... (you can reinstall your printer and other stuff if necessary, LATER)

[EQPlayer]

Quote:

Originally Posted by glc Remove all those O15 items from your trusted zone.

How do you do that?

[glc]

By checking all the boxes and telling HJT to fix it.

[9600baud]

omg... looking at that HJT log file makes me cringe... thats just nasty spy/malware you got there. Theres some out there that are unremovable, they create multiple instances of themselves that restart the others as soon as they're closed, create random file names everytime, startup even in safemode, replace system files... for your machine's sake...

I'd say reformat. Its really not that bad. I do it once in a while and love the fresh clean smell of a new Windows install. G/L.

[glc]

9600baud:

Quote:

Oh, and I don't ahve the Windows disk, so I don't think I can reformat.

I think he has a real problem here. His only alternative is to spend a LOT of time ripping one thing after another out by the roots. My labor charge to clean that thing up would exceed the cost of buying a Windows 2000 CD, backing up data files to an external USB hard drive, and reloading everything from scratch - because each item has to be researched and time is money. If he doesn't have his software to reinstall, that's just digging a deeper hole.

[dewild1]

To all skeptics; Formatting sucks, reinstalling everything, sucks.

Reinstall, with or without formatting, 1.5 hrs.
Installing Office, and other programs, 1 hr – 2 hrs.
Updates, 4 hrs. (Yes, 4. With the different updates and rebooting, inability to use your computer while the updates installing, etc, etc... AND having to do the MS Office updates too)
Installing AntiVirus and other protection, 1 hr.


With the correct protection software, and with it set up correctly, and with doing other things, (Sorry, trade secrets), not only can I clean a system and protect it, I GUARANTEE IT FOR 1 YEAR and I can do it for $99 including software.

I have this down to a science, I can even do it remotely! Even if the client is behind 2 or 3 firewalls, I can do it. www.911pcfix.com.
(My web site is under development so do not laugh too much. Just starting out and training techs now)

We just recently did an experiment too. A new PC, no updates, no anti virus, no anti spyware. Within one day of an adult using it, with NO porno or other questionable sites visited and with NO programs being installed, and WITH a secure hardware firewall with NO other computers on the same LAN; the computer was infected with 35 different spyware and there was other attempts from hackers using the vulnerabilities exposed by the installed spyware. The adult only visited different chatting places and installed MSN messenger 7.0. The spyware got installed by the picture venerability as well as others.