PDA

View Full Version : Hijack This Log for review -- Thank you for your help



mattwill
2008-06-28, 19:24
Background and Steps Taken

With more and more frequency I am getting an "IEXPLORE.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created." Today it got to the point where every time I logged onto www.ESPN.com the error appeared.

I have scanned the hard drive with Norton AntiVirus 2005, getting no viruses. I then uninstalled Norton because it was interacting with my AT&T DSL Service causing regular lost connections. I then installed and scanned with AVG Anti-Virus 8.0. In addition I have addressed spyware/adware by first installing and scanning with SpyBot, then uninstalling SpyBot and installing and scanning with AVG Anti Spy Ware, then uninstalling AVG Spy Ware and installing. and scanning with SuperAntiSpyWare.

Currently AVG AntiVirus 8.0 and SuperAntiSpyWare are resident on my machine.

Prior to submitting this post, I performed one more scan using Trend Micro's HouseCall online scan. It found HTML_IFRAME.HT and ADWARE_BESTOFFERS. I had it remove both, and then scanned one more time. That scan said I was clean except for 23 "profileing cookies" which HouseCall did not suggest fixing.

After that second HouseCall scan I was still getting the "IEXPLORE.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created." error.

The following is my HijackThis scan log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:16 PM, on 6/15/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINNT\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco\Vpn Client\cvpnd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\system32\tp4mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe
C:\Cache\Temporary Internet Files\Content.IE5\8LMV012F\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NTime] ntime.exe
O4 - HKLM\..\Run: [CW3DSound] CWD3DSnd.exe
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ThinkPad Modem Copyright.lnk = C:\WINNT\MWW32\manager\mwcpyrt.exe
O4 - Global Startup: UC Davis Health System VPN Client.lnk = C:\Program Files\Cisco\Vpn Client\vpngui.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O13 - WWW. Prefix: http://
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29455573fa6 ... xIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/s ... mEgath.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco\Vpn Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE

--
End of file - 5647 bytes

Thank you for your help.

Matt Williams

pskelley
2008-07-03, 03:45
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hello Matt, If you still need help, first make sure you can see all files and folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Use one or more of these free online scans:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/
C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe <<< scan the file in red and post the results.
Make sure you follow that exact pathway to that file.

Once that is done, then delete this unsafe version of HJT:
C:\Cache\Temporary Internet Files\Content.IE5\8LMV012F\hijackthis[1].exe
and follow these instructions:
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

Thanks

mattwill
2008-07-05, 00:52
Thanks for your help pskelley. I followed your instructions:
Hello Matt, If you still need help, first make sure you can see all files and folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Use one or more of these free online scans:
http://virusscan.jotti.org/
The jotti log was as follows

Service load: 0% 100%

File: IEXPLORE.EXE
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: eb9eaf627f705525d01de5fa07ea1818
Packers detected: -

Scanner results
Scan taken on 04 Jul 2008 21:47:45 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

mattwill
2008-07-05, 02:31
pskelley. I followed the rest of your instructions:
Once that is done, then delete this unsafe version of HJT:
C:\Cache\Temporary Internet Files\Content.IE5\8LMV012F\hijackthis[1].exe
and follow these instructions:
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com...HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

... and here is the new HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:51 PM, on 7/4/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINNT\MWW32\MANAGER\MWSSW32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco\Vpn Client\cvpnd.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\system32\tp4mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINNT\System32\SCardSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NTime] ntime.exe
O4 - HKLM\..\Run: [CW3DSound] CWD3DSnd.exe
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINNT\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ThinkPad Modem Copyright.lnk = C:\WINNT\MWW32\manager\mwcpyrt.exe
O4 - Global Startup: UC Davis Health System VPN Client.lnk = C:\Program Files\Cisco\Vpn Client\vpngui.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O13 - WWW. Prefix: http://
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29455573fa6ba9733116/netzip/RdxIE601.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco\Vpn Client\cvpnd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\SBCSEL~1\SMARTB~1\SBHookSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINNT\MWW32\MANAGER\MWMDMSVC.EXE

--
End of file - 5966 bytes

pskelley
2008-07-05, 04:02
Hello Matt, help me out here. I have never owned your Operating System so I am slightly in the dark. I spot most malware but the hackers play by their own rules and call their junk anything to confuse us. Because I see your errors deal with
IEXPLORE.exe has generated errors and will be closed by WindowsThat is why I am concerned about this item:

C:\Program Files\Plus!\Microsoft Internet\Iexplore.exe When I check that on my WinXPPro:

The Pathway is: C:\Program Files\Internet Explorer\iexplore.exe

Now it may be that on Windows 2000 SP4 it is different. But I need to be 100% sure.

Open C:\ > Program Files\ > Plus\ > Microsoft Internet\ > iexplore.exe <<< now is that the file you scanned with jotti?
Right click that file and click Properties then the Version tab and tell me if the Value: shows Microsoft Corporation.

Can you tell my that you know this item:
O4 - HKLM\..\Run: [NTime] ntime.exe
http://www.google.com/search?hl=en&q=NTime&btnG=Search

I see a number of Symantec programs yet you are running AVG 8. You are sure none of the Symantec stuff in conflicting with AVG 8?

Have a look at this information:
http://support.microsoft.com/kb/303728
http://www.google.com/search?hl=en&q=IEXPLORE.exe+has+generated+errors+and+will+be+closed+by+Windows&btnG=Search

Let's do this for now:

1) C:\Program Files\Java\jre1.5.0_03 <<< Java is out of date, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

F2 - REG:system.ini: UserInit=
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29455573...p/RdxIE601.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

3) Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/

Thanks

mattwill
2008-07-05, 08:41
The IEXPLORE.exe in C:\Program Files\Internet Explorer\ is Version 6.0.2800.1106.

There is a second IEXPLORE.exe file in C:\Program Files\Plus!\Microsoft Internet\ which is also Version 6.0.2800.1106.

The system date of the first file is 8/29/2002, and the system date of the second file is also 8/29/2002

The file size of both files is 89 kb.

I really don't know why I have two such files

Regarding ntime.exe, I do not recognize it. When I clicked on you Google link, I kind of felt that it might be related to support ATT provides for my DSL line, but I really am only guessing on that. I will call the ATT DSL Support line and see if they have any insight. I will ask them about MotiveSmartbridge as well. Do you have any insight into that one? Google talks about Verizon DSL, but I've never had Verizon.

Regarding Synmantec, I do have one of their old products WinFaxPro 9.0 installed onm the machine, but since they no longer support it, one wonders if I need their Remote Assist program. I think that is left over from when I had Norton Antivirus 2005 installed and their technical support team was helping me remotely.

Similarly the Google Updater Service looks to be a remnant from the days when I had Google toolbar installed.

What are your thoughts given all of the above?

Thanks for your help.

pskelley
2008-07-05, 14:57
Did you check the Value?

Right click that file and click Properties then the Version tab and tell me if the Value: shows Microsoft Corporation.I can't check it against my version because I am running 7.0 but it looks like both are valid. Especially since they have been on the computer since 2002.

As far as your questions, you have be the one to decide what to remove. Of course don't remove anything Microsoft without being positive you don't need it.

Google Updater Service <<< resource waster, remove in Add Remove Programs. I personally use the Google toolbar for it's popup blocker, but I read the eula carefully when I install it and install nothing I do not need.

Symantec: they make a tool that will remove Symantec/Norton leftovers, but if you use it, it will remove everything to my knowledge.
http://basconotw.mvps.org/SymRem.htm

Remote Assist program: if this is of not value, then try disabling it first.
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
Disable the Service
Click Start > Run and type services.msc
Scroll down to Symantec RemoteAssist and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

This way if you find it was needed for something else you can always enable it again. Once you are sure you do not need it, HJT will remove it for you.
Delete the Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
Folllow the directions.

Can you tell me how the computer is running.

Thanks

mattwill
2008-07-05, 17:52
Did you check the Value?
Can you tell me how the computer is running.

Thanks
It runs slowly, but given that it is a 233 mhz Pentium II, not more slowly than is to be expected. As noted in my initial post, the real problem is IE6 aborting.

It will be interesting to see whether that problem goes away when I remove the duplicate locations for the IE files. I'm going to take my time and make sure that the directory and subdirectory contents are identical. If there is a difference I will post a question on the Microsoft Communities website for guidance. Robear Dyer is a very good resource there. He also volunteers on AumHa, so should be able to put the HJT Log results into context.

I'll keep you posted. First step will be to use HJT and your instructions to remove the Google toolbar and Symantec remnants.

Thanks for your help

Matt

pskelley
2008-07-05, 18:50
Thanks for the feedback, here are some resources. I believe IE6 has a repair feature in Win2000 like Win98 had?
http://www.google.com/search?hl=en&q=repair+IE+6+in+Windows+2000&btnG=Google+Search

http://www.google.com/search?hl=en&q=improve+performance+in+Windows+2000&btnG=Search

Posting this information for you, remember it all may not apply to your Operating System.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Thanks...Phil