Results 1 to 10 of 10

Thread: Advice on Bro-in-laws laptop problems

  1. #1
    Zzzzzzz sleepyhead's Avatar
    Join Date
    Nov 2007
    Posts
    2,514
    Thanks
    373
    Thanked
    292 times in 162 posts

    Advice on Bro-in-laws laptop problems

    My brother-in-law's laptop has a couple of issues.

    1) there are continual pop-ups on his IE, with address bar starting 'http://em. pc-o n-interne t.co m'. I've run Ad-aware and Spybot to no avail. Have googled and the comprehensive solution is rather complex for the average person.

    2) the laptop needs a reinstall of windows, only issue is he has no copy of windows xp home BUT does have the official CD key for it.

    Laptop is a Dell Inspiron 6000.

    Simple solutions would be great

    Admin Edit - broke the URL up

  2. #2
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    19,253
    Thanks
    2,846
    Thanked
    3,359 times in 2,659 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Advice on Bro-in-laws laptop problems

    Doesn't ie have a pop up blocker (treats teh symptoms though, not the cause)

    I presume you have tried clearing the cache and history...
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  3. #3
    Senior Member godsdog's Avatar
    Join Date
    Jul 2007
    Location
    Jelly Wall Hotel
    Posts
    737
    Thanks
    15
    Thanked
    61 times in 54 posts
    • godsdog's system
      • Case:
      • Silverstone TJ04
      • Monitor(s):
      • Samsung 204B
      • Internet:
      • UKFSN ..have to check

    Re: Advice on Bro-in-laws laptop problems

    Well you've more than likely been hijacked, but the question is whether or not you actually installed the SpywareSecure_trial_setup.exe that comes in with that URL *do not try*. Which can be quite vicious malware.
    .
    .
    Last edited by godsdog; 25-11-2007 at 04:49 PM.
    .
    "Ladies and Gentlemen, take my advice: Pull down your pants and slide on the ice"

  4. #4
    Senior Member
    Join Date
    Aug 2005
    Location
    scotland
    Posts
    639
    Thanks
    5
    Thanked
    37 times in 34 posts

    Re: Advice on Bro-in-laws laptop problems

    Install Hijackthis, run it and post the report it generates.

  5. #5
    Zzzzzzz sleepyhead's Avatar
    Join Date
    Nov 2007
    Posts
    2,514
    Thanks
    373
    Thanked
    292 times in 162 posts

    Re: Advice on Bro-in-laws laptop problems

    Thanks admin for editing the url to break it up...sorry about that (too used to the forum telling me I can't post URLs until now obviosuly).

    This may take some time as I live about 100 miles away from my brother in law and trying to correct it remotely.

    Thanks for the initial heads-up on using "HiJackThis"

  6. #6
    Senior Member godsdog's Avatar
    Join Date
    Jul 2007
    Location
    Jelly Wall Hotel
    Posts
    737
    Thanks
    15
    Thanked
    61 times in 54 posts
    • godsdog's system
      • Case:
      • Silverstone TJ04
      • Monitor(s):
      • Samsung 204B
      • Internet:
      • UKFSN ..have to check

    Re: Advice on Bro-in-laws laptop problems

    Quote Originally Posted by sleepyhead View Post
    Thanks admin for editing the url to break it up...sorry about that (too used to the forum telling me I can't post URLs until now obviosuly).
    There is no problem posting URLs per se, but it was me who contacted admin because the URL, when loaded, can present the user with a rogue antispyware.exe download. It was only a matter of time before someone screwed up and executed it.

    Which is probably what happened to your brother in law in the first place, unfortunately.
    .
    "Ladies and Gentlemen, take my advice: Pull down your pants and slide on the ice"

  7. #7
    Zzzzzzz sleepyhead's Avatar
    Join Date
    Nov 2007
    Posts
    2,514
    Thanks
    373
    Thanked
    292 times in 162 posts

    Re: Advice on Bro-in-laws laptop problems

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:59:06, on 10/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Documents and Settings\Hang Deretz\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiSpyware Scanning Engine (AntiSpywareSrv) - Unknown owner - C:\Program Files\AntiSpywareApp\AntiSpywareSrv.srv.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 11509 bytes
    Finally got round to visiting my bro-in-law Hopefully someone here can assist in ridding this pop up saga

    Thanks in advance.

  8. #8
    Senior Member godsdog's Avatar
    Join Date
    Jul 2007
    Location
    Jelly Wall Hotel
    Posts
    737
    Thanks
    15
    Thanked
    61 times in 54 posts
    • godsdog's system
      • Case:
      • Silverstone TJ04
      • Monitor(s):
      • Samsung 204B
      • Internet:
      • UKFSN ..have to check

    Re: Advice on Bro-in-laws laptop problems

    Get your brother in law to uninstall Ad-Aware 2007 and replace it with SUPERAntiSpyware.com Install it and update it , then get him to update Spybot S&D also, and run both Spybot S&D and SUPER AntiSpyware separately (and preferably in safe mode)

    Then reboot machine, open up HijackThis and if the entries are still there (SUPERantispyware should have got rid of it) put a tick next to...

    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll


    and remove.
    .
    "Ladies and Gentlemen, take my advice: Pull down your pants and slide on the ice"

  9. #9
    Zzzzzzz sleepyhead's Avatar
    Join Date
    Nov 2007
    Posts
    2,514
    Thanks
    373
    Thanked
    292 times in 162 posts

    Re: Advice on Bro-in-laws laptop problems

    Did what you suggested and the links have been removed on hijack this. But it's still occuring.

    Here is the latest log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:31:50, on 10/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Documents and Settings\Hang Deretz\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = htt p://bfc.my way.c om/search/de_srchlf t.html?p=DK
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h ttp: //uk.red.clientapps.yahoo.c om/customize/btyahoo/defaults/sp/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h ttp: //home.bt.yahoo.c om
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ht tp://home.bt.yahoo.c om
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h ttp://uk.red.clientapps.yahoo.c om/customize/btyahoo/defaults/su/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h ttp://uk.red.clientapps.yahoo.c om/customize/btyahoo/defaults/sb/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h ttp://uk.red.clientapps.yahoo.c om/customize/btyahoo/defaults/sp/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h ttp://go.microsoft.c om/fwlink/?LinkId=74005
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 Technologies 3D Room Planner) -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
    O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - h ttps://register.btinternet.c om/templates/btmailcontrol013.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AntiSpyware Scanning Engine (AntiSpywareSrv) - Unknown owner - C:\Program Files\AntiSpywareApp\AntiSpywareSrv.srv.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 11713 bytes
    Anything there suspect?

    P.S. I am leaving my brother-in-law's place tonight so progress may be on stop until I can get back here.

  10. #10
    Senior Member godsdog's Avatar
    Join Date
    Jul 2007
    Location
    Jelly Wall Hotel
    Posts
    737
    Thanks
    15
    Thanked
    61 times in 54 posts
    • godsdog's system
      • Case:
      • Silverstone TJ04
      • Monitor(s):
      • Samsung 204B
      • Internet:
      • UKFSN ..have to check

    Re: Advice on Bro-in-laws laptop problems

    Right, switch your head on here.

    Go to uninstall programs and uninstall everything that looks unnecessary - tool bars especially, that includes Yahoo bars. Uninstall anything you don't recognise as a legitimate (use often) program.

    Reboot - post new log.
    .
    "Ladies and Gentlemen, take my advice: Pull down your pants and slide on the ice"

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Cheap laptop advice
    By malfunction in forum PC Hardware and Components
    Replies: 10
    Last Post: 14-07-2007, 02:16 PM
  2. Laptop Advice
    By danturn in forum PC Hardware and Components
    Replies: 9
    Last Post: 27-02-2007, 12:30 PM
  3. centrino duo laptop advice...
    By j.o.s.h.1408 in forum Retail Therapy and Bargains
    Replies: 1
    Last Post: 21-03-2006, 07:16 PM
  4. Laptop and WIFI problems..
    By Nick in forum Networking and Broadband
    Replies: 11
    Last Post: 20-05-2004, 03:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •