Homepage Problems

Configure Spybot and Ad-aware per my instructions here, scan with both, delete all they find. This will get rid of tracking cookies and MRU's also.

 

I think I am A-ok here on the HP. I followed your tweeking on the adware & spy bot.

Is there anything I can do with McAfee Guardian to help prevent some of this stuff from happening?

Are there any other security measures I can take but still allow my kids to play battlefield 1942, counter strike, etc.?

Thanks so much for all your continuing efforts.

Now, I'll have to go to my second problem, the second computer which is my Athlon. I can't get on line or print or update spybot, adware.

I'll move to the other forum "networking for dummies" and start with my print problem.

Thank you all!!

 

Well, maybe I'm not A-ok. Upon reboot I received the following message "Notification Wnd for RnAdmin not responding ".

What does that mean?

 

A question - should the same firewall .exe be running twice?

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE

 

I'll get rid of it right away. Be right back.

 

I don't see any c:\program files listed on this latest log. Why? Oh, why did they appear when I saved, copied and pasted the log file? They weren't listed on the hijack log file. So how do I remove it?

Logfile of HijackThis v1.97.7
Scan saved at 8:18:38 PM, on 3/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.24:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Xerox WorkCentre 480cx Monitor] RUNDLL32.EXE C:\WINDOWS\System32\X480SHLL.DLL,AutoUpdatePnPValue
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe "
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

You might be interested in the IESpyads.Zip, the link is in my signature, see the note I put after the link. It puts a huge number of sites that do things like this into the Restricted Zone of Internet Explorer.
Customize the Restricted Zone by going down the line of items, setting everything, and this includes EVERYTHING, to Disable, if Disable is not there use High instead, Password to prompt, and these sites will not be able to put so much as a cookie on you.
This will not affect normal websites, even if one of those Restricted sites is accessed as a third party from the website you are viewing.

That is coming from the RealOne Player.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
You do not need it at startup, it is only looking for updates. To disable it correctly, so when RealOne is started it does not put the update back into Startup, click here, or uninstall it.

 

Oh geez, I tried to print your latest advice and I got a script error. Oh, goodness, is there any end to this???? I couldnt print.

 

They never show on the scan window. I assume that is because it is used to fix registry entries, not remove program files. They show up on the log so that some of the entries can be linked to certain programs. Some viruses(viri?) and spyware/malware/adware use the same process executable as valid programs, but from a different source.

Hope I explained that correctly and understandable.

 

Good question Newt! And I don't know if that is typical of McAffee or not, but I intend to find out!

 

C:\PROGRA~1\ PROXYD~1
C:\PROGRA~1\ heart stupid rule
Were you able to delete those folders ? I assume so.

While I realy like spybot ive dealt with to many problems with its auto start and update options, dont use them please.
There is a new version comming out soon where those problems will be addressed, So open the program in advanced mode,
settings > settings > and
under automation uncheck all
Under system start uncheck all
under web update uncheck search the web for new version at program start, also uncheck display available beta version.


Along with IESpyads SpywareBlaster is also a good idea.
Its free/contributeware
SpywareBlaster: http://www.wilderssecurity.net/spywareblaster.html
SpywareGaurd is a great idea to

You should start a new thread for that one
I would definatly get the manual updates loaded onto a cd
then copied to the hard drive and installed before using either program, after that and a reboot you could post a hijackthis log.
I see you have , dont post a log unless they request it

With SpyBot First ensure its version 1.2 ?
So download these to a folder then burn to a cd
copy them to the other PC then simply double click each one to install them

http://www.majorgeeks.com/download.php?det=3957
Spybot Search and Destroy Updater 2004-3-4
Use one of the mirrors to the lower right under
"Download From "


With Adaware ensure its version 6 build 181 ?
Instructions for manual updates here >
http://www.majorgeeks.com/download726.html
Use one of the mirrors to the lower right under
"Download From "


Regards

 

I can print your advice today. I don't know why I could not last night.

Yes I did remove heart stupid through drdelete. No one here recognizes it. It's not on the athlon only this HP.

Do you think I can install the security downloads into my shared folder so my athlon can use them as well? Or do I really need to install them?

I made all the changes in IE security, however, I had to enable file download to get these security programs. I did reset them back to disable. I'm having trouble sending this reply I am getting a message that my current security settings do not allow HTML forms. If you get this post then I figured it out. I'm having a hard time, I'm moving everthing under internet options security to prompt until I can get this posted.

I'll check the versions of all the programs you have suggested.

Sorry about the log posting.

"You should start a new thread for that one" I thought you'd never ask!!

Computers are not my passion. I've been perched here for 4 days and nights reading, scanning, reading, scanning. I don't have a baked good in the house! Thank you all so much for your continuing efforts. I'm off to read and scan more.

 

I dont think so .transfer the updates and or programs on a cd or floopy then put that/them on the target machine then install.

(Im in doubt with anything networked related though)

Might be best to set the security > general(green and blue globe) zone of internet explorer to defaults Until you get used to it then highten it further later, has this been posted for you ?
How to surf the Internet more safely with Internet Explorer: http://www.windows-help.net/features/surf-safe.html

Regards
Lonny

 

Thanks Lonny.

Do I have permission to start a new thread under "Athlon Homepage hijack" so I can post the log file and spent another 5 days reading, scanning, reading & scanning this pc? May I? Please?

 

Well of cource, or is this a trick question ?

I know its tiresome(pc troubleshooting) But will be well worth it in the end .

"I can print your advice today" you could always copy paste it into a notepad document then print or on IE's toolbar go file
save as and save as a text file . for later referance or printing from.

Lonny

 

Newt,

Just got done with an online chat with McAfee. With VirusScan 6 and Firewall 5, it is normal to have two instances of CFD.EXE in running processes. Knew I had seen it that way alot, just not if it was supposed to be.

Phyllis,

I did find out that this item is not necessary in startup, nor is it used in normal processes.

O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU

You could uncheck it in msconfig. One less thing starting up.

 

Gee Dave you are so good! Thank you!

The HP seems to be working fine now. My son is telling me he can't get battlefield 1942 to run well now. Something about lag. Do you think I need to find someone like you who is a gamer??? And, what's the chances of that happening?

 

May be cable issues, not PC. Open a command prompt, type tracert windowsbbs.com, hit enter.(make sure to leave a space after tracert) When done, right click in the window, select mark, highlight all, right click again, copy, then paste results.

 

I can't seem to get your instructions to work. I can't seem to copy it. right click inside command prompt window type........, mark, select all, right click--copy option greyed out

 

After you click mark, use the pointer, left click and hold, to highlight the results. Then right click again and copy.