Hi,

My laptop, after booting up, will operate fine for a few minutes to maybe a half hour, but then starts having severe problems. Even while the wireless network connection is good, both firefox v 2.0.0.14 and explorer 7 start acting as if there isn't any connection. The only way I can get it working again is to restart the browser entirely -- and often that doesn't work and I have to reboot the computer. I've got a USB soundcard, and even while everything else (including network connection and browsers) are still working fine, the sound will suddenly drop out and the light showing the device is connected/powered will go out. Streaming video stops working at the same time. Often the browser will continue to work for a short time after that, but then it will fail -- I get the "internet explorer" (or firefox) cannot find the server error message as if I'm not connected even tho I am. Sometimes the browser just locks up entirely. I've also been getting script errors ("a script is unresponsive"). At times the computer won't allow me to even open up ANY new programs, e.g. even simple/small ones like notepad/wordpad or even the task manager. A few times I was trying to go into my internet settings to allow an exception for one site to accept cookies, and when I hit "exceptions" button, it couldn't even open that dialogue box/window -- eventually it popped up a script error warning message.

Initially I'd thought this might be a memory problem, so I found and installed FreeRAM XP Pro -- and found that these operating problems are occurring at times when I've still got anywhere from 100 to 225 MB of RAM still free. Occasionally it does seem to drop to almost no memory, but the problems are occurring even when there is a lot of memory still available.

I'm not certain, but I THINK the problems started right after I'd used Trendmicro's free online virus/malware scan and fix program "housecall." It had found a downloader and softomate and I let it fix/remove them. AVG had found them but couldn't fix the downloader if I recall right (maybe off here), and it would fix softomate but then it seemed that softomate would reappear -- that's when I ran housecall. I AM pretty certain that I don't have any malware still on the computer -- it comes up clean on adaware, spybot s&d, AVG antivirus, housecall, malwarebytes antimalware, and rogue remover.

Oh, and I've also run ccleaner, both the cleaner and the registry tools. Defragged too.

I'd also wondered if this could be an activeX problem -- but can those cause the entire operating system to intermittently fail/operate inconsistently like this?

This is horribly frustrating, to have to reboot multiple times each day, sometimes losing browser windows that I'd had open to read and so on. I REALLY need help figuring out what's gone wrong and how to fix it. I had to reboot TWICE to even get a browser to internet connection to post this request for help.... Thanks in advance for your help!!

Gateway laptop M350WVN
Windows XP home edition SP2
512 MB Ram, 60G hd w/ 10G open
ZoneAlarm version:7.0.470.000
Spybots resident protection v. 1.5.2.0

This sounds more like a power/battery issue than a software problem.

I suppose you could try a Linux LiveCD to check for that.

But, the first thing I would check is the USB and NIC settings for power management...sometimes cleaning apps, especially those that do registry cleaning return settings to default values and in most cases the defaults for a laptop will power down certain devices to save battery life.

Hi,

I'm pretty certain that its not a power issue -- the screen doesn't go dark, no closing of programs, etc. Just the odd and incrementally worsening behavior of browser & operating system & wireless connection.

Plus, my Dell laptop is having similar problems -- I'd gone to www.zap2it.com (Tv guide type listings), and gotten this pop-up thingy, ostensibly for something like "spyware destroyer" or "spyware defender" asking if I wanted a free scan of my computer for malware -- this even tho I had a pop-up blocker operating. Surprised, I hit the "cancel" button and it popped to another window/pop-up that looked like it was starting a scan. :-( I shut down the browser as quickly as I could. Didn't realize it had anything to do with the zap2it page until I wound up with the exact same thing happening on the Dell laptop when I went to zap2it on it and had the same blasted popup and "scan" happen. Anyhow, thats when I scanned and found softomate and let the malware program handle it, only to have it re-occur.... I'm trying to recall which found it, but regardless it was housecall (for the gateway) that found the downloader when AVG, spybot, adaware, etc didn't -- and symantec found it on the dell. I stared assuming it was the zap2it page, that it'd been hacked or something, BUT has dawned on me that it could be the wireless network I'm using since it doesn't have much in the way of security (tho I run zone etc on my computers).

Anyhow, I'll check power options. Plus the battery light stays green when this is occuring.... do you still think that power could be the problem?

Would doing an upgrade from XP home to Pro possibly fix things on the gateway? Also, would all of my existing drivers with XP be the right ones to work with Pro if I try upgrading? Dell is already XP pro, so I wouldn't be able to use that to fix the Dell. Talk about frustrating.

Last night I tried to connect using my desktop w/ wireless, and couldn't connect at all -- then I tried using dialup on the gateway laptop, and AOL couldn't connect -- said it was a modem problem.... now, I WAS running "defraggler" in the background, and no idea if that could have been the problem, but it was weird because it showed the modem, but then when I clicked on it to check settings, blast if it didn't dissapper from the "available modems" list entirely!! Also said that the modem was being blocked from use. Anyhow, I'll try it again in a bit and see if maybe the piriform (makers of ccleaner) defraggler running in the background might have caused that problem. I'll try the LiveCD too and see if I get wireless that way and/or any odd behavior. Sigh.

Why do I ALWAYS seem to be the one that winds up either finding the odd bugs or weird problems like this??

The power settings wouldn't necessarily make things go 'dark' or flicker or anything like that. XP will, after a certain amount of time, just turn off the device. It is supposed to 'wake' it back up when it is needed by then, but if it happens to be your network card, you've already lost the connection.

Some where in the device's properties, in Device Manager, should be a check box saying something like "Allow Windows to turn off this device to save power." Make sure, for your network card/wireless device/modem that option is not selected. Then we will go from there.

As to whether or not drivers are fine. Most of the time there is no difference between XP Home and XP Pro drivers...but there is always an odd chance that there may be some device that does have different ones, I just haven't seen any.

Ah, ok, MJC, I'll check those. Was just about to ask you how, but you beat me to it, thanks!! For whatever its worth, I haven 't run a registry cleaner on the Dell. I'm assuming my operating system, browser & connection problems etc are all related, just seems too coincidental for them all to occur at the same time. Who knows tho. Will let you know what the power standings were in Device Mgr.

Hi,
Plus, my Dell laptop is having similar problems -- I'd gone to www.zap2it.com (Tv guide type listings), and gotten this pop-up thingy, ostensibly for something like "spyware destroyer" or "spyware defender" asking if I wanted a free scan of my computer for malware -- this even tho I had a pop-up blocker operating. Surprised, I hit the "cancel" button and it popped to another window/pop-up that looked like it was starting a scan. :-( I shut down the browser as quickly as I could. Didn't realize it had anything to do with the zap2it page until I wound up with the exact same thing happening on the Dell laptop when I went to zap2it on it and had the same blasted popup and "scan" happen. Anyhow, thats when I scanned and found softomate and let the malware program handle it, only to have it re-occur.... I'm trying to recall which found it, but regardless it was housecall (for the gateway) that found the downloader when AVG, spybot, adaware, etc didn't -- and symantec found it on the dell. I stared assuming it was the zap2it page, that it'd been hacked or something, BUT has dawned on me that it could be the wireless network I'm using since it doesn't have much in the way of security (tho I run zone etc on my computers).

This is indicative of a spyware problem.... You need to post a hijackthis log.

MJC, I think you've hit the nail on the head, at least with network/wireless & the USB sound card on the gateway laptop. Found power mgmt on the USB hub controllers, and on network devices and each WAS set to allow puter to turn off to save power if needed. Have unchecked those.

I'd thought that puter OUGHT to be fine on power as long as its plugged in while being used tho?

Will have to see how it functions for a bit and will let you know. Off to check dell power settings. I'm assuming this isn't an issue for a desktop tho, right?

Ok, will run & post hijack this log.

Gawd I HATE malware & related problems!!! (ya, sorry, I'll quit whinin' <g>)

I'm having troubles connecting from the gateway (& no floppy drive on it), but this is the hijack log from the desktop computer. Will try to get the gateway & dell as I can...

By the way -- can explorer 7 run on win 2000 pro? Or does 6 have tabbed browsing?

Logfile of HijackThis v1.99.1
Scan saved at 6:16:19 PM, on 5/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\AOL\1145922900\ee\AOLSoftware.exe
C:\WINNT\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\ZyXEL\G-302v3\G-302v3.exe
C:\program files\common files\aol\1145922900\ee\services\antiSpywareApp\ve r2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1145922900\ee\aolsoftware.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145922900\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLT4] E:\AOLSETUP.EXE -ACS
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: ZyXEL G-302 v3 Utility.lnk = C:\Program Files\ZyXEL\G-302v3\G-302v3.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152960712867
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D4A0533-9EC8-4492-B314-C7CB4FEAE61B}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D4A0533-9EC8-4492-B314-C7CB4FEAE61B}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Ok, I finally got a connection again on the gateway laptop (puter I'd first posted this thread about, Hijack this above is from a Desktop that I suspect is also affected).

Questions:

1. On desktop, a couple of times now I've tried to launch an explorer window (v. 6 by aol, trying to upgrade that) and suddenly had it keep opening a ton of new windows -- can that be a stuck keyboard key, or does it mean there's malware for certain? Apologies too, I'd thought I'd run spybot & adaware on that desktop very recently, but I've also shuffled hard drives on it so now I'm not sure, updating and running those now.

2. On the gateway laptop, it seems that the network/wireless connection shifts from showing the connection as not security protected, to being security protected and that's when it shows I'm still connected but I can't get webpages at all... have to disconnect, reconnect, and then it'll usually work for a bit -- maybe this is the power issue? Or malware?

HijackThis from the gateway laptop (HAVE run spybot, adaware, AVG, ccleaner & their registry tool, and several other malware pgms on it):

Logfile of HijackThis v1.99.1
Scan saved at 5:59:49 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Defraggler\Defraggler.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1163390790\ee\aolsoftware.exe
C:\PROGRA~1\AMERIC~1.0B\waol.exe
C:\PROGRA~1\AMERIC~1.0B\shellmon.exe
C:\Program Files\Virus n Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=59281
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe
O4 - HKLM\..\Run: [caxchg] C:\WINDOWS\caxchg.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0B\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [url]http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url]http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163199936890[/url]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - [url]http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206591413_2ab557bd6235400694a652 9ed91d67c5&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab[/url]
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - [url]http://support.gateway.com/support/serialharvest/gwCID.CAB[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [url]http://plugin.driveragent.com/files/driveragent.cab[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

It sounds as if it could have been a combination of the two.

The easiest thing to do is to eliminate the powering off of the devices as a possible cause. If it were a desktop machine, I probably would have suggested the malware scans first. But with laptops, similar symptoms can be caused by the hardware just being shut off...

Ok. I've got the gateway laptop in safe mode & haven't rebooted after resetting those power options (hope and not sure that I got all of them.... found them in network adaptors and USB controllers -- anywhere else I need to check?)

Why would there be power issues such that it needed to power 'em down while the laptop is plugged in?

Do I need to reboot for those reset power options to work?

Because not all laptops change the settings between plugged in and on battery...so isn't really a power 'issue' so much as a settings one. The setting is designed to save battery power, but if it is the same when plugged in and the 'power savings' is not needed, it can become a problem. The setting basically says, after x amount of time without activity, shut down this device. Windows has always had problems with what it defines as 'activity'...in the old days this was a common problem with dial up modems and disconnecting during long downloads. The steady stream of data was often seen as lack of activity, so Windows just followed orders and shut it down. The same thing can happen with the USB hub, especially. True no activity or an extended period of activity at the same level tends to get the same results. The device shut down, if the power control is left to Windows.

And, yes, I think a reboot is needed to reset the options.

Ah, ok! I was assuming that even when plugged in, it'd've only turned it off if it needed the power, e.g., something to trigger it turning off. I've sure been caught many times (on desktop dialup) by the disconnect during long downloads (espec w AOL, slightly different cause, same effect tho).

K, will reboot. Hopefully that'll fix the network & sound problems at least!

I've definately got problems of some sort, on all three computers. Can't connect thru wireless at all today on the gateway laptop, even tho it shows that I'm connected and with good quality. Just get "can't display the page, can't find server" type of error pages, on both firefox and IE7. Ran Ad-aware 2008 and it found 3 MRU's, 2 of them registry keys -- this a computer that scanned clean just a couple of days ago. Spybot didn't find anything on this computer.

Same wireless connection problem here on the desktop, tho I did manage to connect thru dialup on it. I'm really worried that I'm going to wind up totally unable to connect with any of them if this isn't fixed/figured out soon.

Was unable to successfully download the latest adaware to the desktop computer. Ran Spybot on it tho, with updated detection files and it gave me a dialogue box saying that there was a problem in the "includes" file: C:\Program Files\Spybot-Search_Destroy\Includes\trojansC.sbi and said "see includes errors.log for details" But I couldn't find that file tho I didn't do a full computer search, just looked for it in adaware. Anyhow, spybot found a "threat: PUPs" SpyPry - library C:\WinNT\system32\aand532.dll plus 2 tracking cookie problems: Mediaplex & Right Media

The biggest problem/hassel here is hardly being able to successfully connect to the internet....

Run the scans classic asked for...work on one machine at a time.

MJC, you lost me here, not sure what you're referring to?

Also, how do the HijackThis logs look, or should I wait a bit on those?

I just installed AVGfree on the desktop, and was unable to update it, got dialogue box saying that the update server was damaged. :-( I assume whatever "has" my computers is blocking updates and/or even proper scans?

Also, on the gateway laptop, zone alarm isn't showing ANYTHING in the alert logs for either firewall or program attacks. Its just blank even tho it says there have been firewall attacks blocked.

Minor correction on the gateway too -- initially I was able to open 2 or 3 pages with IE, but then it swapped again to the "can't display page" crap and even with reboot I haven't been able to get any webpages up since then.

I'm sorry, I was reacting to the "run the scans classic asked for" because I wasn't sure what you were referring to there & missed the "work on one at a time" Will do. Which would you like me to focus on, Gateway or Desktop?

Pick one.
DON'T RUN ANYTHING UNLESS I TELL YOU.

Please read the instructions here (http://www.pcguide.com/vb/showthread.php?t=60009) and post a Hijackthis log.

Can just opening an online webpage, or watching an online streaming video infect a computer? If yes to the webpage being able to infect, is there anywhere to report a suspicious page and get it checked to see if its the culprit or not?

Yes you can get infected from a web page on an unprotected computer.

Ok, since I'm currently online, dialup AOL with the desktop, I just tried to run msconfig -- and got a blasted dialogue box that said:

"cannot find the file "msconfig" or one of its components. Make sure the path and filename are correct, and that all required libraries are available."

So what do I do now? Or should swap & go ahead with your directions on the laptop and see if I can at least do it there?

Is zonealarm (free) and spybot's resident protection not sufficient to protect from getting infected by just opening a webpage? & is there anyway to get suspect pages checked?

Run it without the MSCONFIG part and post the log.

Ok, here's the current HJT for the desktop computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:10 PM, on 5/25/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\AOL\1145922900\ee\AOLSoftware.exe
C:\WINNT\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\ZyXEL\G-302v3\G-302v3.exe
C:\program files\common files\aol\1145922900\ee\services\antiSpywareApp\ve r2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1145922900\ee\aolsoftware.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145922900\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLT4] E:\AOLSETUP.EXE -ACS
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: ZyXEL G-302 v3 Utility.lnk = C:\Program Files\ZyXEL\G-302v3\G-302v3.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152960712867[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D4A0533-9EC8-4492-B314-C7CB4FEAE61B}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{7D4A0533-9EC8-4492-B314-C7CB4FEAE61B}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 6269 bytes

You will need to run Combofix next. Please read the instructions here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) and post back with:


The combofix log.
A new HJT Log.
A description of how the system is running.

Do you know how big the combofix file ought to be? Downloads keep being interrupted as supposedly complete after only a few Kb to an MB or so (was trying to download the newest AVG before you'd posted, 45MB, only got 1.2 or so max on several tries). Just want to be sure I got the entire program and not just a part of it....

Can you tell what I'm apparently infected with?

Do you know how big the combofix file ought to be? Downloads keep being interrupted as supposedly complete after only a few Kb to an MB or so (was trying to download the newest AVG before you'd posted, 45MB, only got 1.2 or so max on several tries). Just want to be sure I got the entire program and not just a part of it....

Can you tell what I'm apparently infected with?

Some type of spyware. Combofix is very small, less than 2 MB.

Ok, its ostensibly finished downloading -- the completed download showed as 1.86MB, actual file size is showing as 1.910.... does this sound about right, e.g., correct size for complete file?

Does the Windows Recovery console work with win2000 Pro? That's what I'm running on the desktop...I'm only seeing reference to XP & Vista on the console tutorial page???

You can read this (http://support.microsoft.com/kb/229716) or do it without the recovery console.

Ok. Don't suppose you've found the right page to download the 2000 version? And/Or, how risky is it to just go ahead without it do you think?

Ok, couldn't find download for the console, so went ahead without it. Scary to see the 1 in 100 computers doesn't make it notice.

Right after combofix did the reboot, AOL spyzapper auto-launched -- said it found a "backdoor" called "bifrost" listed as "security threat." First thing aol has ever found. I let it block the item.

My wireless is showing as connected with good link status, but I still couldn't get any pages to load with either firefox or IE, so I'm using AOL dialup. Checking the network wireless connection, it's supposedly connected, enabled, and working just fine -- only I can't get a webpage just as before.

I don't know if this is meaningful, but while checking network status, "local area connection properties" there were four items, all checked. 1) client for microsoft networks, 2) file and printer sharing for microsoft networks, 3) AEGIS protocol, and 4) internet protocol. I unselected #2, assuming that this might be allowing external access to the computer.

Here's the combofix log -- can you tell if it found/repaired anything & if so what?

ComboFix 08-05-25.3 - Robin Siskel 05/26/2008 0:42:32.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.340 [GMT -7:00]
Running from: C:\Documents and Settings\Robin Siskel\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\_000006_.tmp.dll
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-26 00:30 . 08-05-26 00:30 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-25 21:49 . 08-05-25 22:30 <DIR> d-------- C:\Program Files\ComboFix for Malware
2008-05-25 21:20 . 08-05-25 21:52 <DIR> d-------- C:\Program Files\AVGfree by Grisoft
2008-05-25 17:26 . 08-05-25 17:55 7,350,294 -r-hs---- C:\AVG7DB_F.DAT
2008-05-25 17:07 . 08-05-25 17:08 5,240,625 --------- C:\AVG7QT.DAT
2008-05-25 17:06 . 08-05-25 17:06 <DIR> d-------- C:\Documents and Settings\Robin Siskel\Application Data\AVG7
2008-05-25 17:06 . 08-05-25 17:06 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\AVG7
2008-05-25 17:06 . 08-05-26 00:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-25 17:05 . 08-05-25 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-25 17:05 . 08-05-25 17:05 20,960 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2008-05-24 19:55 . 08-05-24 20:01 <DIR> d-------- C:\Program Files\Adaware 2008
2008-05-24 18:30 . 08-05-24 18:30 <DIR> d-------- C:\DrWatson
2008-05-15 14:14 . 98-12-22 14:38 3,144 --a--c--- C:\WINNT\system32\dllcache\srgb.icm
2008-05-15 14:10 . 08-05-15 14:10 <DIR> d-------- C:\Program Files\Drivers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-26 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 02:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-24 22:52 --------- d-----w C:\Program Files\Zone Labs
2008-05-24 06:08 --------- d-----w C:\Documents and Settings\Robin Siskel\Application Data\Skype
2008-05-24 06:00 6,705,324 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-04-16 20:13 --------- d-----w C:\Program Files\Mozilla
2008-04-16 20:04 --------- d-----w C:\Program Files\AOL Deskbar
2008-04-02 09:29 --------- d-----w C:\Program Files\Real
2008-04-02 09:28 --------- d-----w C:\Program Files\Common Files\Real
2008-04-01 02:35 --------- d-----w C:\Program Files\Flash Player
2008-04-01 01:23 118,784 ----a-w C:\WINNT\SeaMonkeyUninstall.exe
2008-04-01 01:23 118,784 ----a-w C:\WINNT\GREUninstall.exe
2008-04-01 01:22 --------- d-----w C:\Program Files\mozilla.org
2006-03-20 09:39 271 ---h--w C:\Program Files\desktop.ini
2006-03-20 09:39 21,952 ---h--w C:\Program Files\folder.htt
2000-07-26 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

------- Sigcheck -------


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06-07-06 18:53 20034600]
"SeaMonkey Quick Launch"="C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" [08-03-13 15:57 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1145922900\ee\AOLSoftware.exe" [06-09-25 17:52 50736]
"AOLT4"="E:\AOLSETUP.exe" [ ]
"CountrySelection"="pctptt.exe" [00-09-27 03:15 71168 C:\WINNT\system32\pctptt.exe]
"C-Media Mixer"="Mixer.exe" [02-06-12 23:23 1495040 C:\WINNT\mixer.exe]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [04-04-05 14:33 99480]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06-07-09 13:42 968696]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [06-10-23 05:50 71216]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08-04-02 02:28 151552]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e" [08-05-24 15:29 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [08-05-25 17:05 147968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2007-04-03 17:17:10 315392]
ZyXEL G-302 v3 Utility.lnk - C:\Program Files\ZyXEL\G-302v3\G-302v3.exe [2007-05-13 16:56:04 12867584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

R1 Avg7RsNT;AVG7 Rezident Driver;C:\WINNT\system32\Drivers\avg7rsnt.sys [08-05-25 17:05 ]
R2 Pctspk;W2K PCtel speaker phone;C:\WINNT\system32\pctspk.exe [00-07-19 11:34 ]
R3 SetupSys;Conexant Setup API;C:\WINNT\system32\drivers\SetupSys.sys [01-01-09 09:58 ]
R3 SjyPkt;SjyPkt;C:\WINNT\System32\Drivers\SjyPkt.sys [02-10-02 09:57 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-05-26 00:47:14
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-26 0:50:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 07:49:56

Pre-Run: 1,002,373,120 bytes free
Post-Run: 1,253,412,864 bytes free

106 --- E O F --- 2008-05-26 07:32:58

and the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:08 AM, on 5/26/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\AOL\1145922900\ee\AOLSoftware.exe
C:\WINNT\Mixer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e
C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\ZyXEL\G-302v3\G-302v3.exe
C:\WINNT\system32\wuauclt.exe
C:\program files\common files\aol\1145922900\ee\services\antiSpywareApp\ve r2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1145922900\ee\aolsoftware.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1145922900\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLT4] E:\AOLSETUP.EXE -ACS
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.ex e
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: ZyXEL G-302 v3 Utility.lnk = C:\Program Files\ZyXEL\G-302v3\G-302v3.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152960712867
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 5902 bytes

as to performance -- difficult to say other than I can't get any webpages on either IE or Mozilla over wireless even tho its supposedly connected and working fine. The zytel icon is gone from the system tray, not sure how to get that back (its the wireless icon) but can access it thru the start/programs method.

AOL on dialup is working, but it seems to be a slightly odd, slow transition from page to page... and some definately unusual coursor hesitations rather than smooth scrolling/movement as I move the coursor around.

Also odd computer action when I select the start button and then move around to various things like programs -- cursor hesitations, slow fades in or out, that sort of thing. Not gross, but not normal either.

Just got mozilla page, but not sure how to tell if that's because of the aol dial-up connection that I've got active or wireless?

Zone Alarm is still not showing any firewall or program alerts, just a blank where those ought to be listed. (set to show last 50 for both).

I'm at work for the rest of the day. I'll post back tonight. Sit tight and resist the urge to do anything on your own...

Ok, will do. Sorry about the aol spyzapper thing -- once it found that backdoor, I had to click something and thought best was to just let it block it, but knew I wasn't to do things too.

More on performance -- last night I was connected using aol & dial-up (couldn't get any websites w/ wireless). So with AOL open on dialup, I opened firefox -- then signed off AOL. Today, fully expecting it'd just say it couldn't find the server again, I tried to open a new tab to google. Was quite surprised when I got several dialogue boxes popping up one after the other, saying things like "windows cannot access sb.google.com, would you like to connect to a network?" with 3 buttons, one for settings, one for dial, one for close. I hit close. Another said the same but for tribalfusion. Didn't note the names on the one or two others.

Anyhow, I'll wait for your instructions -- and THANK YOU for helping with this!!!

Another re performance/errors etc -- I've been getting a dialogue box that I'd assumed was "real" but now I'm wondering... it says that the AOL spyware protection is no longer supported and that I need to go to ..... I THINK it says McAfee but not sure... and change/upgrade to its internet protection. I've been hitting the "remind me later" button on it.

Just be patient...don't worry about any of that right now.

Stick with what classic tells you.

Ok. Thanks MJC.

I don't know if this matters, but I've got two hard drives on this machine. Just figured I'd mention it in case that in any way complicates finding and eradicating whatever I'm infested with.

Go to start-->run--> cmd

at the the command prompt type ipconfig>myip.txt

post the contents of the myip.txt file here for review.

Windows 2000 IP Configuration



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : lv.cox.net
IP Address. . . . . . . . . . . . : 192.168.1.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1


PPP adapter The Internet (1):



Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.192.53.221

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 172.192.53.221

Just got another automated aol spyware protection scan, this one saying its found 29 tracking cookies.... should I turn the thing off (not sure how to but can try), allow it to block those, or ?

Uninstall Zone Alarm and let's see what happens....

Ok. Once uninstalled, then what should I do?

Its uninstalled & rebooted -- and I got wireless connection at least for the moment (its connected for a short time only to fail before). Far zippier again too instead of so dragging slow. Am getting a number of those dialogue boxes popping up again saying "windows cannot access ...xyz... would you like to connect to a network" things tho.

IE launched and connected ok too -- interesting note, before it had said it was explorer provided by AOL -- the AOL bit isn't in the title bar now.

So you can now get on line with IE. Do you have firefox installed.

Yes, sorry, should have said that post un-install, firefox was what I'd first launched and was "talking" to you with.

Does firefox normally install with a number of bookmarks already there, ostensibly to various AOL sites? Because I'd just installed firefox on this computer a few days ago, and I'm so used to the ba-zillion bookmarks that I normally have I've no idea what is or isn't there on install -- there were a half dozen or more all supposedly to various aol sites (music, get $ for referring a friend, movies, etc) tho and that seemed odd to me.

Just signed onto AOL also, also thru wireless, and it connected too.

Forget Bookmarks and don't report extra information in place of what I ask you. What I asked was:


Is Firefox installed
If yes, can your browse the web with it?

* Using Internet Explorer, Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

About your firefox questions, perhaps you missed my reply, its immediately under your initial questions, and was yes I have firefox and yes, right after deleting zone alarm and rebooting, I could browse with it on wireless.

There can't be any firewall warning tho, because I don't have a firewall without zone alarm -- did you want me to re-install it? Or turn on the windows firewall or something, or just stay without firewall?

I ran F-Secure last night right after your post. There isn't a link for a beta version on that page, it said the beta trial is over -- I ran the regular version as you directed tho. Shortly after it seemed to have finished downloading and had started into the scan, I lost wireless again on all three, AOL, IE and Firefox (as before, showing that wireless was connected and operating fine, but webpages ). It seemed to continue scanning fine even so.

At 2 am pacific time F-secure was still running. It showed that it had found 2 spywares, skipped 7 files. This morning, the scan page just had the message below.

I'll wait for instructions from you before doing anything further.

==============

Action canceled
Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline.

For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index.




Internet Explorer

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.

Sorry for the delay, took awhile for it to download over dialup. Have run the short scan and it found ppctl.dll --> probably Dloader.trojan

But then I couldn't find a way to get it to allow me to select the drives -- clicked complete scan but didn't start it, then tried custom scan and that showed drives but no way to select them. Clicked on complete scan again, and got a dialogue box that said: microsoft Visual C++ Runtime Library (in title bar) Runtime error. C:\DOCUME~1\ROBINS~1\LOCALS~1\Temp\RarSFXO\setup.e xe. Please contact the applications support team for more info. Only option was to click on ok, and DrWeb shut immediately.

I launched it again, which started the express scan, which came up with nothing. Selected complete scan and tried to start it, only to get that same runtime error again.

Since I never got the complete scan, I didn't know if I was to reboot or not, so I have NOT rebooted, waiting to see what I should do first....

Oh, and the path on that ppctl.dll was C:\programfiles\commonfiles\scanner

You have me completely befuddled. I thought you were connected wirelessly????

I was at one point, right after you had me delete zone alarm -- then I managed to download the f-scanner files, and while it was running its scan, the wireless dropped out and I had to reconnect with dialup again.

when I say the wireless dropped out again, I mean it screwed up as before, where the network connection icon in the taskbar still showed that it was properly connected and working, but no webpages would display, they'd just show the error message that it was unable to connect. Same problem as before with that, leaving my only connection option dial up again.

I wonder, since I was able to get the f-secure files downloaded before the wireless connection problem started again, maybe it'll run now over dialup and be able to display the results page?

Is there anyway you can connect to the router with a cat-5 cable while doing this?

I don't think so -- no idea what type of cable that is, and just have dialup aol, or the wireless to an external system that I've no clue where its actually located physically...

I can try rebooting and see if I get the wireless connection again for a brief time, like its sometimes done before....

Or I can use IE over dialup if F-secure will run from the earlier downloaded files?

So you are connecting to somebody else's wireless? The thick plottens....

I'm not sure what you mean, its a wireless provider -- I don't have my own servers

Ok...so what you have is a wireless service that has a distribution unit located somewhere that you can't access? Is it like a box mounted to the side of your house? Or do you live in an apartment building or somewhere that includes wireless service?

Who provides your service?

Apartment complex, its provided for tenants, and its a pretty large complex.

Guys? Apt. Manager still claiming that the network is fine and it's just my computers, so I've no clue there -- and don't really trust that they'd even know if the network was the problem or not. :-(

Since I didn't hear anything back from you, I started F-Secure again -- its been running all night tho, still running, says that it's skipped 10 files, found 3 viruses, and 2 spyware... has scanned 92776 files so far -- if the file count is similar to that shown by adaware or spybot etc., then its got a long way to go, 300K+ files total on those usually I think...

I can't leave the dial-up connected all the time tho, and I"m not sure what will happen if I'm offline when it finishes, if it will still clean or what...

Does not having zone alarm or any firewall on allow this thing to pull more spyware & viruses onto my machine each time I'm connected??

Also -- recall I'd mentioned that I've got two hard-drives? Well, I'd been swapping them around, and thought that in this configuration it was seeing 2 -- but in looking at the "my computer" folder, now I'm thinking it may just seeing the system partition I'd created when I'd upgraded from Win98, and the partition for the rest of that drive.... and not seeing the second drive at all. I'm not totally certain. I'd forgotten about having created that partition just for the system tho, and from the sizes its showing, C = 4.87G & F = 37.2G I'm thinking that's what its got to be.... (D & E are CD/DVD burner/players).

I don't think f-secure is still running -- says it is, but its been displaying that same number of files scanned for over an hour now...

Let's try this:

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

Post the logs and let me know how things seem to be running...

Ok, I'm trying to download it now. Got a few KB first try, 1.05Mb second try, both time dial-up spontaneously disconnected... trying again. I don't suppose it matter if I select download from an AOL vs. Firefox or Seamonkey vs. IE in terms of any ability to continue an interrupted download, does it?

Looks like IF I don't get disconnected again, it'll be about 3 hours to download. Fingers crossed. Now its saying 7 hours. Awhile anyhow. :-(

Hey, when you folks helped me with a sound problem on the gateway, you'd had me create a ubunto LiveCD.... I don't suppose that I could reboot this desktop (win 2000 pro) using it, hopefully get wireless connection that way (?), and download the files or run any of the scans? Would that work?

Also, if it gets to the worst case, for example if I wind up not able to connect to the net at all, since I'd made that system partition, would I be able to re-install the system in that partition without losing my files/data in the other partition? Or would the virus/trojan/spyware be in the other non-system partition too?

Hi Classic,

I'm sorry, but I can't find the scanner icon and settings -- the download page had the AVG Anti-Virus, and AVG Internet Suite (both trial versions).

I downloaded the Anti-Virus. Inactivated the shield, updated successfully.

Then there's a "computer scanner" tab on the lefthand side... that brings up scan whole computer and scan specific files options both with change settings links right below them. Clicking that brings up a listing with checkboxes to the left of each. The first of those is "automatically heal/remove infections" but that's the closest thing I can find and I can't find anything that lets me tell it to quarantine instead.... under the top title bar type of menu, there is a history selection -- clicking that allows you to bring up an event log, but again, I don't see any way to change settings to quarantine there either.

I did find a couple of ways to get into "advanced settings," which gives options for all aspects of the program. But still nothing that I could find to let me switch to quarantine. Unless its just that checkbox for "automatically heal/remove infections" and then I get quarantine options AFTER the scan is completed or something?

Also noticed that the checkbox for rootkits is off and wondered if you'd want that on or not...

So I'm confused and not sure what selection/option you want me to use?

It seems they have merged the AV and anti=spyware into one package. Go with the heal method and scan for rootkits....

Ok, here we go. On another spot there were additional options to have it search for and I selected all of those that weren't already; password protected files, hidden files, macros, etc. -- after seeing the results, I suspect I shouldn't have told it to look for macros, if that's the case, I'm sorry, I didn't realize it would find all the microsoft office things... here's what it's showing....

I'm surprised because the partial f-secure scan had shown 10 skipped files, 3 viruses, 0 hidden items and 2 spyware, and that was only 92,776 files checked out of well over 300,000....

I have NOT closed the results yet because I didn't know which of the "warnings" you would want me to use the "remove selected infections" or "remove all unhealed infections" buttons on.... if it even treats these as infections? They're under the "warnings" tab rather than the "overview" tab (overview saying 0 infections?).... its a little confusing....

Sorry, I had to divide it into 4 parts to be able to upload as sequential attachments...

trying first part again

part 2 (I hope I didn't break these in the middle of a line, I'm sorry if I did)

I keep getting an upload error. Trying it this way, but have to divide it in half again.... 1st half of part 3:

"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Advertising Budget.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Agency Review Table.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Articles of Incorporation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Bad Check Notice.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Creating a Brochure.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Calendar.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Campaign Evaluation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Capabilities Presentation Request.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Classified Ad Components.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Business Contract Arbitration Clause 1.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Business Contract Arbitration Clause 2.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Business Contract Arbitration Clause 3.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Buying a Business - Information Disclosure Clause.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Buying a Business - Consultant Clause.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Buying a Business - Contingency Clause.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Business Contract Mediation Clause 1.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Business Contract Mediation Clause 2.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Corporate Identity Guidelines.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Analysis of Competition.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Competitor Comparison.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Consent Form for Corporate Directors.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Contract Between Employer and Independent Contractor.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Copywriting Checklist for Direct Mail Pieces.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Countdown to Mail Date.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Creating Specialty Ads - Coupon Components.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Buying a Business - Covenant Not to Compete.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Creative Brief.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Credit Application.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Customer Media Survey.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Customer Record Card.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Sample Customer Survey.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Designation of Directors by Incorporator.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Plant and Equipment Need.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Evaluation Questionnaire.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Creating a Flyer Message.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Internet Services Questionnaire.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\IRC 1244 Resolution.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Sample Lead Card.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Appealing IRS Audits - Protest Letter.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Letter Requesting Abatement of IRS Penalties.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Buying a Business - Confidentiality Letter.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\First Collection Letter.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Second Collection Letter.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Third Collection Letter.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Letter of Intent to Purchase a Business.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Letter of Complaint to Landlord.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Contract in the Form of a Letter.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Collection Demand Letter.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Media Planning Checklist.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Messages.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Management Audit.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Management Evaluation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Budget Estimates.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Periodic Marketing Evaluation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Strategy Evaluation.dot";"Contains macros";"Potentially dangerous object"

Trying the last/4th part -- I keep getting "upload errors" while I've been trying repeatedly to upload the 3rd part... hopefully this works on this part then I'll try the 3rd again

Second half of Part 3.

"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Market Segment Analysis.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Action Plan.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Strategy Document.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Marketing Materials Document.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\My Outline.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Objectives - Sales Practice.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Outdoor Media Evaluation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Personal and Business Goal Summary.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Press Release.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Pricing Objectives.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Pricing Questionnaire.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Price Range Guidelines.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Price-Setting Considerations.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Product Application Worksheet.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Product Comparison Form.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Product or Service Development.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Product or Service Descriptions.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Product Features and Benefits.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\New Product and Service Objectives.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Customer Profile.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Project or Bid Analysis.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Promissory Note for Annual Interest Payments.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Periodic Promotion Audit.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Promissory Note for Installment Payments.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Promotional Mix Summary.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Promissory Note for Lump Sum Repayment.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Public Relations Plan.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Purchasing Survey.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Radio Copywriting Checklist.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Assignment of Contract - Renovation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Letter Revoking S Corporation Status.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Sales Cancellation Notice.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Secured Interest Provision for Personal Property.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Secured Interest Provision for Real Estate.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Buying a Business - Seller's Transaction Guarantee.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Shopping the Competition.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Site Evaluation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Sponsorship Opportunity Evaluation.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Strategic Planning Checklist.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\External Analysis - Opportunities and Threats.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Internal Analysis - Strengths and Weaknesses.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Creating a Telemarketing Script.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Telemarketing Report.dot";"Contains macros";"Potentially dangerous object"
"F:\Program Files\Microsoft Office\Templates\Business Planner Templates\Buying a Business - Terms of Payment Clause.dot";"Contains macros";"Potentially dangerous object"

Is anyone still helping me? I'm not seeing anything new since I posted the scan results almost a week ago....

I am at a loss as to what is wrong with your system. I don't see enough spyware to cause this kind of problem.

Can you take you your laptop to a public wifi spot and reproduce the problems?

Ok, I can try that I think. By the way, I've got the downloader quarantined on the other laptop that I've got, in symantec's antivirus, for whatever help that might be? I'm thinking that its been the same problem on all three machines since it occurred right at the same time on each and acts the same. They'll scan as tho clean, but then next thing I know start running slow/acting up and a potload of tracking cookies appear again.... Can we/you figure out what it is from the thing I've got quarantined?