Lovebug69
asked on
System Slow, Hard Disk LED on continuously
Did have WinKA.exe etc running, deleted it by using HiJackThis, fixing the processes, then rebooting to Safe mode, then deleted the C:\Program Files\WindUpdate\ Folder.
However, system still slow, any ideas, here is my latest Hijackthis log.
Thanks
Logfile of HijackThis v1.98.2
Scan saved at 14:19:30, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Keymaestro\Multimedi a Keyboard\nhksrv.exe
C:\WINDOWS\System32\driver s\CDAC11BA .EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2. exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc3 2.exe
C:\PROGRA~1\NORTON~3\SPEED D~1\nopdb. exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\HHVcdV6Sys\VC6SecS.e xe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZipToA .exe
C:\Program Files\Iomega\DriveIcons\Im gIcon.exe
C:\Program Files\Keymaestro\Multimedi a Keyboard\MMKeybd.exe
C:\Program Files\ScanSoft\OmniPageSE2 .0\OpwareS E2.exe
C:\Program Files\Thrustmaster\Thrustm apper\TMTM TSR.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\WDVRCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\reals ched.exe
C:\Program Files\HHVcdV6Sys\VC6Play.e xe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\temp\msbb.exe
C:\WINDOWS\System32\RUNDLL 32.EXE
C:\WINDOWS\System32\ctfmon .exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr 32.exe
C:\Program Files\Keymaestro\Multimedi a Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.ex e
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\WINDOWS\System32\wuaucl t.exe
C:\Download\Hijack this\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIE Helper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0 445EE16191 0} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClien t.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F ADC6B08487 2} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A 5D97F8BC8F 1} - C:\WINDOWS\System32\apuc.d ll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\System32\msdxm. ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClien t.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta rt.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im gIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedi a Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2 .0\OpwareS E2.exe"
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustm apper\TMTM TSR.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals ched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh eck.exe
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.e xe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt. exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTR AY.DLL,NvT askbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller. exe /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo n.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar 2.dll/cmse arch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar 2.dll/cmba cklinks.ht ml
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar 2.dll/cmca che.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar 2.dll/cmsi milar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar 2.dll/cmtr ans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~2\OFFIC E11\REFIEB AR.DLL
O16 - DPF: {2917297F-F02B-4B9D-81DF-4 94B6333150 B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-0 0C04F9A3B6 1} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4 DFAD1796A8 D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0 F47A330807 8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7 C6C9569B8C 7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F 385591623A F} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
However, system still slow, any ideas, here is my latest Hijackthis log.
Thanks
Logfile of HijackThis v1.98.2
Scan saved at 14:19:30, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Keymaestro\Multimedi
C:\WINDOWS\System32\driver
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc3
C:\PROGRA~1\NORTON~3\SPEED
C:\WINDOWS\System32\svchos
C:\Program Files\HHVcdV6Sys\VC6SecS.e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZipToA
C:\Program Files\Iomega\DriveIcons\Im
C:\Program Files\Keymaestro\Multimedi
C:\Program Files\ScanSoft\OmniPageSE2
C:\Program Files\Thrustmaster\Thrustm
C:\WINDOWS\htpatch.exe
C:\WINDOWS\WDVRCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\reals
C:\Program Files\HHVcdV6Sys\VC6Play.e
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\temp\msbb.exe
C:\WINDOWS\System32\RUNDLL
C:\WINDOWS\System32\ctfmon
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr
C:\Program Files\Keymaestro\Multimedi
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.ex
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Virtual CD v6\System\VC6Tray.exe
C:\WINDOWS\System32\wuaucl
C:\Download\Hijack this\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-F
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgSta
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\Im
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedi
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustm
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [VC6Player] C:\Program Files\HHVcdV6Sys\VC6Play.e
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTR
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMo
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O16 - DPF: {2917297F-F02B-4B9D-81DF-4
O16 - DPF: {74D05D43-3236-11D4-BDCD-0
O16 - DPF: {8E0D4DE5-3180-4024-A327-4
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0
O16 - DPF: {E77C0D62-882A-456F-AD8F-7
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Lovebug69 ..... will u plzz come back for a second, and tell us the Reason of ur Accepted Answer.... ??
hello,
I had similar kind of the problem and I refered SheharyaarSaahil's solution and it worked.
I was assuming that his answer will be accepted.
Regards,
---Pinal
I had similar kind of the problem and I refered SheharyaarSaahil's solution and it worked.
I was assuming that his answer will be accepted.
Regards,
---Pinal
hello LucF no offence pls nothing against you buddy.
Just a note from person who was following this thread.
Regards,
---Pinal
Just a note from person who was following this thread.
Regards,
---Pinal
No problem pinaldave :o)
I'd be happy with a split on this question.
What might be the reason for this happening is that bargains.exe is known for a lot of disk activity (indexing of some kind?), so that entry was probably the moment the disk activity stopped when removed.
I would like to post some concerns to ShehaarSaahils posting also.
>>CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html <= I see no CoolWeb trojan here... do you?
>>Stinger >> http://vil.nai.com/vil/stinger <= I see no virus here, and certainly not one Stinger will be able to fix
>>Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
Why? Some people NEED this, like I do on my network to get notified by Inoculate IT! Leave this decision to the askers, if they mention they're having messenger popups, the best solution is a Firewall, not a disabled service!
>>3. Run the AntiVirus tool and delete all viruses it found
Do you see any virusses?
What you posted contains just TMI (too much information)
All I'm wondering about is, as you're around all the time, how hard can it be to just cut down your postings. All you added this time to your C&P is three lines.
Greetings,
LucF
p.s. Still, I'd be happy with a split of points, I have no objections.
I'd be happy with a split on this question.
What might be the reason for this happening is that bargains.exe is known for a lot of disk activity (indexing of some kind?), so that entry was probably the moment the disk activity stopped when removed.
I would like to post some concerns to ShehaarSaahils posting also.
>>CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html <= I see no CoolWeb trojan here... do you?
>>Stinger >> http://vil.nai.com/vil/stinger <= I see no virus here, and certainly not one Stinger will be able to fix
>>Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
Why? Some people NEED this, like I do on my network to get notified by Inoculate IT! Leave this decision to the askers, if they mention they're having messenger popups, the best solution is a Firewall, not a disabled service!
>>3. Run the AntiVirus tool and delete all viruses it found
Do you see any virusses?
What you posted contains just TMI (too much information)
All I'm wondering about is, as you're around all the time, how hard can it be to just cut down your postings. All you added this time to your C&P is three lines.
Greetings,
LucF
p.s. Still, I'd be happy with a split of points, I have no objections.
Does running CWShredder and Stinger, even if they find nothing is BAD ??
i run them weekly, even when they come as CLEAN.... but it asures me that system is really clean..... !!!!
If the person needs messenger service, he will never turn it off.... but most of the people dont know even what this service is,,,, did we know if Lovebug69 is among them or not !!!!!
but ofcourse not all people can think like this,,,, can they,,,, nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!
Every person in this world has his own rights and ways to troubleshoot a problem, and NO-ONE else has any right to criticize
him\her..... and even then, when he is not WRONG..... If u dont like a thing, its ur problem, and not of the second person's.... ur feelings and thinkings are only concerned with u,,,, why to bother the second person..... !!!!
When u can do the things which u like and how u like,,,,, he can also do.....
and when he is not saying anything to u,,,,, its NOT fair that u always go behing him and say anything to him what u want..... even when he has warned u so many times to not BOTHER him !!!!
I have my own ways and i TRUST them.... i dont care if only one person in a million dont like them..... but plzz keep ur dislikeness to urself... and leave criticizing me again and again,,,,, i dont know abt u,,, but atleast im fed of these things !!!!!!!
i run them weekly, even when they come as CLEAN.... but it asures me that system is really clean..... !!!!
If the person needs messenger service, he will never turn it off.... but most of the people dont know even what this service is,,,, did we know if Lovebug69 is among them or not !!!!!
but ofcourse not all people can think like this,,,, can they,,,, nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!
Every person in this world has his own rights and ways to troubleshoot a problem, and NO-ONE else has any right to criticize
him\her..... and even then, when he is not WRONG..... If u dont like a thing, its ur problem, and not of the second person's.... ur feelings and thinkings are only concerned with u,,,, why to bother the second person..... !!!!
When u can do the things which u like and how u like,,,,, he can also do.....
and when he is not saying anything to u,,,,, its NOT fair that u always go behing him and say anything to him what u want..... even when he has warned u so many times to not BOTHER him !!!!
I have my own ways and i TRUST them.... i dont care if only one person in a million dont like them..... but plzz keep ur dislikeness to urself... and leave criticizing me again and again,,,,, i dont know abt u,,, but atleast im fed of these things !!!!!!!
It was, as in many cases meant as an "advice"
You take it or leave it, I can't care less.
Please leave out the exclamation marks against me, it looks rude.
>>nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!<<
I'm only pointing out concerns, I'm not critizising you in any way, you've been helping a lot of people around EE and I hope you keep doing so.
That's all, thanks for listening,
LucF
You take it or leave it, I can't care less.
Please leave out the exclamation marks against me, it looks rude.
>>nah they just love to criticize others even when others have said to them sooooooooo many times, that PLZZ AVOID SUCH THINGS !!!!!<<
I'm only pointing out concerns, I'm not critizising you in any way, you've been helping a lot of people around EE and I hope you keep doing so.
That's all, thanks for listening,
LucF
>> Please leave out the exclamation marks against me, it looks rude.
ok if they look rude, then im sorry for that, will never use them again :)
ok if they look rude, then im sorry for that, will never use them again :)
Thanks :)
ASKER
Listen, All I wanted was some advise as to how to stop my problem, im no novice when it comes to computers, I actualy repair and work on them as a profession. Although as with all fields there are specialists in certain areas i.e. virus and spyware protection.
I am grateful for the replay I recieved, it enabled me to solve the problem on my own pc. I know about messenger service etc. and after all how many people actualy use it? apart from recieving those nasty popups if you dont have the proper firewall/ad blocking software installed. I was grateful for the advice about the amount of startup progs I have, but its down to me what i have on my pc. just sometimes you never get round to doing these things (one of the reasons I got the bloody thing in the first place was because I didnt run the anti-spyware often enough. I did however take the opertunity while i was trying to solve the problem on my pc by removing the startup entries in my registry, yes I know where they are.
Thanks LucF !
I am grateful for the replay I recieved, it enabled me to solve the problem on my own pc. I know about messenger service etc. and after all how many people actualy use it? apart from recieving those nasty popups if you dont have the proper firewall/ad blocking software installed. I was grateful for the advice about the amount of startup progs I have, but its down to me what i have on my pc. just sometimes you never get round to doing these things (one of the reasons I got the bloody thing in the first place was because I didnt run the anti-spyware often enough. I did however take the opertunity while i was trying to solve the problem on my pc by removing the startup entries in my registry, yes I know where they are.
Thanks LucF !
thanx Lovebug for coming back and explaining :)
but still u have not told the MAIN thing..... was removing only that single entry solved ur Whole problem..... means all was well on ur system except that bargains.exe process :-?
but still u have not told the MAIN thing..... was removing only that single entry solved ur Whole problem..... means all was well on ur system except that bargains.exe process :-?
ASKER
No, i got rid of bargains.exe
never mind,,,,, just leave it.... =\
Download these tools and install them:
==========================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot ==> http://www.spychecker.com/program/spybot.html
SpySweeper >> http://www.spychecker.com/program/spysweeper.html
SpywareBlaster >> http://www.spychecker.com/program/spywareblaster.html
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html
Stinger >> http://vil.nai.com/vil/stinger
==========================
then Fix the following entries in Hijakcthis !!!!
==========================
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.
==========================
Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:
1. Restart ur machine
2. Boot into safemode and Login as Administrator
3. Run the AntiVirus tool and delete all viruses it found
4. Run the Spyware Removal tools and delete everything they detect
5. Then goto MyComputer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
7. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
8. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
9. Reboot back in Normal Mode and check if problems are gone
10. If YES then Great, otherwise run the Hijakcthis scan, and post the LOG file here again.
Also u have so many Startup entries in Start>Run>msconfig>Startup
u can disable the ones u dont want to start and run at startup :)
!! GOOD LUCK !!