| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 100200 | 2009-05-29 19:30:00 | General clean-up tool needed | argus (366) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 778180 | 2009-05-30 01:13:00 | If you use XP press the windows key (if the keyboard has one + pause). Go to hardware / device manager / ide / ata / atapi controllers. Double click on the primary / secondary ide entries / advanced settings tab. These dont have to be in startup. HPWUSchd2, Reader_sl, juschd. If youre not sure do a search in google for the name (thats in startup). See what it is and does, and whether it needs to be in startup. If you want post a hijackthis log (its below), and we'll tell you what can be removed from startup. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:27 p.m., on 30/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PGPserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\NetMeter\NetMeter.exe C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Documents and Settings\Stephen Bell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\MP4 Player\mp4Player.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\Vidalia Bundle\Tor\tor.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe C:\Program Files\Qualcomm\Eudora\Eudora.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stephen Bell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll O20 - AppInit_DLLs: PGPmapih.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 10065 bytes |
argus (366) | ||
| 778181 | 2009-05-30 01:17:00 | There's your problem. You have Norton installed:p Download Revo uninstaller: www.revouninstaller.com Then fully uninstall norton. Unintsall Zonealarm too. If you want a firewall get Comodo. or, just Windows firewall+router FW is fine for normal purposes. Blam |
Blam (54) | ||
| 778182 | 2009-05-30 01:23:00 | Three things to do: As Blam said NORTONS :waughh: Thats most of your problem. Remove Norton with Revo uninstaller, download the Portable version from here (www.revouninstaller.com), doesn't need installing, select Advanced, when Norton asks for a reboot, select NO - click next on revo, remove all the reg and left over folders. uninstall that Webroot system washer - thats a hog as well. Downlaod Glary utilities - run it, remove anything it finds. Download from here (http://www.glaryutilities.com/) When installing, DONT install the Ask.com. Before running Glary utilities, make a restore point. |
wainuitech (129) | ||
| 778183 | 2009-05-30 01:31:00 | You can tick then tick fix checked as well Close browsers. yup you should have 1 firewall, or they'll conflict O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot if you dont use the language you can tick these entries O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') |
Speedy Gonzales (78) | ||
| 778184 | 2009-05-30 04:14:00 | When you have done all these guys are suggesting, my money says you won't know your machine . Getting rid of Nortons will give you an immediate boost! Look forward to your 'After' report . |
linw (53) | ||
| 778185 | 2009-05-30 06:34:00 | Don't forget to install a new AntiVirus program like "Avast"/"Nod32" after you remove norton :D | minster (9180) | ||
| 778186 | 2009-05-30 18:42:00 | Don't forget to install a new AntiVirus program like "Avast"/"Nod32" after you remove norton :D This is why I came back, to ask before uninstalling: what recommendations for less resource-greedy: (a) antivirus/intrusion detection. (b) backup (if I get rid of Norton Save & Restore)? I was coincidentally looking at Avast for a cash-strapped student relation who says she can't afford Norton :) |
argus (366) | ||
| 778187 | 2009-05-30 22:26:00 | Yes Avast is really good for a free AV. Backups you can use syncback which is free Synctoy from MS which is free or if you want to take a disc image macrium reflect or drive image xml they are all free |
gary67 (56) | ||
| 778188 | 2009-05-31 00:52:00 | Avast is perfect as a "set and go" antivirus easy to use, and keep PCs safe. Considered to be better than some bought security suites. As long as nothing too dangerous will be done on the machine, Avast! will easily keep the PC virus free:) Norton Save and Restore isn't too bad, and its not very resource intensive so it should be fine. For an all in one backup utility, consider Paragon Backup Express(free): www.paragon-software.com Or, for data backups only SyncBack SE is very good, just takes a while to set up everything. Blam |
Blam (54) | ||
| 778189 | 2009-05-31 14:54:00 | Comodo internet security is pretty good too I use that + AntiVir Free |
Agent_24 (57) | ||
| 1 2 3 4 | |||||