Hi, Im sill trying to get Kaspersky to run keep geting error on page.Oh im sill geting a blank window that pop up on the taskbar

0

See if this one will work. Run this free online scan from Panda When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.

0

Hi jabuck, I finely got the problem fixs the (error on page) so i could run Kaspersky. i got one more thing to do.I would like to say thank you too lobo. lobo thank you for your suggestion on how to fixs error on page. I found it on a posting. thank you Blank Back to you jabuck By the way i did not see these programs in the add/remove programs SaveNow InstantBuzz MyWebSearch BargainBuddy FunWebProducts NewDotNet SpyCleanerPlatinum9.6 Here this the Kaspersky scan log. --------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, May 17, 2006 12:44:20 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 17/05/2006 Kaspersky Anti-Virus database records: 194518 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 91874 Number of viruses found: 7 Number of infected objects: 30 Number of suspicious objects: 0 Duration of the scan process: 01:43:56 Infected Object Name / Virus Name / Last Action C:\!KillBox\ClickAndFix3.3FreeVersion.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\!KillBox\ClickAndFix3.3FreeVersion.exe WiseSFX: infected - 1 skipped C:\!KillBox\EasyUninstaller6.1FreeVersion.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\!KillBox\EasyUninstaller6.1FreeVersion.exe WiseSFX: infected - 1 skipped C:\!KillBox\g-tools.zip/g-tools.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped C:\!KillBox\g-tools.zip/g-tools.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped C:\!KillBox\g-tools.zip/g-tools.exe Infected: not-a-virus:AdWare.Win32.Softomate.j skipped C:\!KillBox\g-tools.zip ZIP: infected - 3 skipped C:\!KillBox\nepatriots.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\!KillBox\nepatriots.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\!KillBox\nepatriots.exe/WISE0016.BIN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped C:\!KillBox\nepatriots.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped C:\!KillBox\nepatriots.exe WiseSFX: infected - 4 skipped C:\!KillBox\nepatriots.exe WiseSFX Dropper: infected - 4 skipped C:\!KillBox\x.html Infected: Trojan.WinREG.LowZones.a skipped C:\!KillBox\x.html( 1) Infected: Trojan.WinREG.LowZones.a skipped C:\!KillBox\x.html( 2) Infected: Trojan.WinREG.LowZones.a skipped C:\!KillBox\x.html( 3) Infected: Trojan.WinREG.LowZones.a skipped C:\!KillBox\x.html( 4) Infected: Trojan.WinREG.LowZones.a skipped C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\CA45E38T.htm Infected: Trojan-Downloader.JS.FlingStone skipped C:\Documents and Settings\Owner\My Documents\My eBooks\Google\g-tools.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped C:\Documents and Settings\Owner\My Documents\My eBooks\Google\g-tools.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped C:\Documents and Settings\Owner\My Documents\My eBooks\Google\g-tools.exe NSIS: infected - 2 skipped C:\Documents and Settings\Owner\My Documents\SpyCleanerPlatinum9.6FreeVersion.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\Documents and Settings\Owner\My Documents\SpyCleanerPlatinum9.6FreeVersion.exe WiseSFX: infected - 1 skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bb.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bb.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bb.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bb.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bb.exe NSIS: infected - 4 skipped Scan process completed. And here a new HT log Logfile of HijackThis v1.99.1 Scan saved at 12:53:05 PM, on 5/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\HP\KBD\KBD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\igfxtray.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\NetRocket Accelerator\nrcore.exe C:\WINDOWS\system32\ICO.exe C:\WINDOWS\system32\FSRremoS.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\Pelmiced.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Messenger\MSMSGS.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NetRocket Accelerator\nrgui.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HP\hpcoretech\comp\hpdarc.exe C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\NetRocket Accelerator\PBHELPER.DLL O2 - BHO: XBTP08215 Class - {8EAD6AFD-8E2A-4aef-BED4-D3CE0BB6CC85} - C:\PROGRA~1\GSTools\g-tools.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: NetRocket Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\NetRocket Accelerator\Toolband.dll O3 - Toolbar: GSTools - {2E1BF1B3-AF62-43D3-89B8-F8DA1F9BE456} - C:\Program Files\GSTools\g-tools.dll (file missing) O3 - Toolbar: IMO Toolbar - {B63D81CF-90DC-4d13-8782-9524A2752039} - C:\Program Files\IMO Toolbar\0C8F267.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\NetRocket Accelerator\nrcore.exe" O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.exe O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.exe" /background O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NetRocket Accelerator.lnk = C:\Program Files\NetRocket Accelerator\nrgui.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137272428046 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pmicoaching.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: hpdjaio - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdjaio.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

0

Reboot into safe mode. Run Ht from safe mode, close all windows except HT, place a check to the left of the following items and press "fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/ R1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: XBTP08215 Class - {8EAD6AFD-8E2A-4aef-BED4-D3CE0BB6CC85} - C:\PROGRA~1\GSTools\g-tools.dll (file missing) O3 - Toolbar: GSTools - {2E1BF1B3-AF62-43D3-89B8-F8DA1F9BE456} - C:\Program Files\GSTools\g-tools.dll (file missing) O3 - Toolbar: IMO Toolbar - {B63D81CF-90DC-4d13-8782-9524A2752039} - C:\Program Files\IMO Toolbar\0C8F267.dll(No info, delete unless you know what it is) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?326 O23 - Service: hpdjaio - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdjaio.exe (file missing) Exit Hijack This Run Ewido from safe mode and let it delet what it finds. Run ATF-Cleaner again. Start Killbox place a tick next to [x]Delete on reboot "Press the All Files button" Copy this whole list into the windows clipboard, all the bolded file paths below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8KZRVZFA\CA45E38T.htm C:\Documents and Settings\Owner\My Documents\My eBooks\Google\g-tools.exe C:\Documents and Settings\Owner\My Documents\SpyCleanerPlatinum9.6FreeVersion.exe C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bb.exe Next in Killbox go to File > Paste from clipboard "Click on the All Files button." Next click on the button that has the red circle with the white X in the middle. It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now. Click Yes and let the computer reboot. Reboot into safe mode once more. Navigate to and delete these files/folders if found: C:\Documents and Settings\Owner\My Documents\SpyCleanerPlatinum9.6FreeVersion.exe C:\Documents and Settings\Owner\My Documents\My eBooks\Google\g-tools.zip ZIP Navigate to and delete the contents of this folder C:\!KillBox Clean the system restore folder. For instructions on how to purge system restore click Here To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.

0

Hi jabuck I did everthing you said to do,up to the killbox after killbox reboot i got a window insaller message that said. please wait windows configures microsoft money 2003 no.2 message said setup needs to close microsoft money 2003 and is unble to do so then it said please close microsoft money 2003 express and click retry. will that window not open or i can not see were it open at. I stop at this points.did not go on wanted to see what you had to say on it.

0

This entry that we removed is probabaly causing the problem although I wouldn't think so: O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll Run Ht again>click the "open misc tools button">click backups>place a check to left of: O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll then click restore>yes. Restart the computer and continue.

0

Hijabuck, I restore following items. O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll and the window insaller message stop and i continue on with your instructions. will it looking a little better but im sill geting the blank window that pop up on the taskbar but i think it geting better because i dont see it as much as i use to.

0

Something is still hanging own. Make sure that Ewido is updated. Reboot into safe mode and run Ewido. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop. Please reboot into normal mode and post the ewido log. Run a Kaspersky scan once more and post the results please.

0

jabuck Here Ewido report ewido anti-malware - Scan report + Created on: 10:45:09 PM, 5/19/2006 + Report-Checksum: 77B3950A + Scan result: C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup ::Report End

0

That looked good, only cookies.

0

jabuck Here Kaspersky scan report --------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, May 20, 2006 12:43:26 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 20/05/2006 Kaspersky Anti-Virus database records: 195225 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 97547 Number of viruses found: 5 Number of infected objects: 20 Number of suspicious objects: 0 Duration of the scan process: 01:43:04 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000032.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000032.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000032.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000032.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.j skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000032.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000033.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000033.exe WiseSFX: infected - 1 skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000034.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000034.exe WiseSFX: infected - 1 skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000035.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000035.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000035.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000036.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000036.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000036.exe/WISE0016.BIN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000036.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000036.exe WiseSFX: infected - 4 skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000036.exe WiseSFX Dropper: infected - 4 skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000037.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP2\A0000037.exe WiseSFX: infected - 1 skipped Scan process completed.

0

Need to clean the system restore folder. Go to start>control panel>system>system restore tab>check the box to the left of "turn off system restore">apply> (may take a minute or two for the hour glass to go away), then click ok. Once you click ok repeat the process but uncheck the box beside "turn off system resore"then apply>ok. Then create a new restore point. To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.

0

I clean the system restore folder. now what need to be done. anything?

0

You should be clean. Is the popup window still there?

0

woops i forgot tell you that.yes the blank window sill pop up on taskbar.

0

It may not be virus or spyware related. Click on the < in the task bar, click toolbars, if any items are checked click on them one at the time to uncheck them. See if that helps.

0

jabuck every thing was uncheck. know help ther but i have a question if i delet past items for the task bar can i sill use some of the program because i sill use them, ther just inactive and ther some ther that i delet or unstall.

0

I'm not sure that you can delete them. Many programs have an option somewhere that allows you to remove their taskbar icon. There is a good chance that a program called "Overland" may have been installed during your last HP update by the backweb updater. Please do a manual search for this program "Overland". Just go to start>search>files and folders> type in "overland" in the "all or part of the filename" space>search. If found it can be removed easily. Reboot into safe mode. Navigate to and delete this folder if found C:\program Files\Overland. Reboot to normal mode.

0

Hey jabuck I think we found it. so what is Overland? i have not see the blank window pop up for several minutes. thank you so very much for your help and for your time with this.I cound not have done it with out your help and the information that on this site i found some good information here at this websites. I have learn alot here at this websites i did't know that ther was so many different tool that you can use to help you And I learn alot other suff to i will deffinetly be back for more help if i have a problem with any thing and i deffinetly refer anyone here for ther problem. and I'm open to any suggestions you can give me. Even if you can just refer me to a few good websites, I would be grateful for the input. Once again thank you so very much for your help and for your time and to all who contribute to this forum. . . .

0

Will i was worong it sill here see it on the start up.and what is this $NtUninstallkB913580$(2) i have not see it before

0

A security update. Look in C:\Program Files and see if Overland is still in there.

0

NO It not there.

0

sorry about the last post know it not there

0

Think I see it, I believe it is still backweb. Run Hijack This again and remove this item: O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe Exit Hijack This Restart the computer and post a new HT log. Let me know if the window is still appearing.

0

Here the HT log and yes it still appearing. I think i have see it 3 time in last 30 min. it not showing up all the time like it was Logfile of HijackThis v1.99.1 Scan saved at 12:09:23 PM, on 5/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\windows\system\hpsysdrv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\NetRocket Accelerator\nrcore.exe C:\WINDOWS\system32\ICO.exe C:\HP\KBD\KBD.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\system32\FSRremoS.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\Pelmiced.exe C:\Program Files\Messenger\MSMSGS.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NetRocket Accelerator\nrgui.exe C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\HP\hpcoretech\comp\hpdarc.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\NetRocket Accelerator\PBHELPER.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: NetRocket Accelerator - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\NetRocket Accelerator\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\NetRocket Accelerator\nrcore.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.exe" /background O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NetRocket Accelerator.lnk = C:\Program Files\NetRocket Accelerator\nrgui.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: GSTools - {2E1BF1B3-AF62-43D3-89B8-F8DA1F9BE456} - C:\Program Files\GSTools\g-tools.dll (file missing) O9 - Extra 'Tools' menuitem: GSTools - {2E1BF1B3-AF62-43D3-89B8-F8DA1F9BE456} - C:\Program Files\GSTools\g-tools.dll (file missing) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137272428046 O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pmicoaching.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

0

Lets try removing the HP non essential programs, it is most likely one of them. We will remove them a few at a time. Run Ht again in nprmal mode and remove these items: O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXEO9 - Extra button: GSTools - {2E1BF1B3-AF62-43D3-89B8-F8DA1F9BE456} - C:\Program Files\GSTools\g-tools.dll (file missing) O9 - Extra 'Tools' menuitem: GSTools - {2E1BF1B3-AF62-43D3-89B8-F8DA1F9BE456} - C:\Program Files\GSTools\g-tools.dll (file missing) O9 - Extra 'Tools' menuitem: GSTools - {2E1BF1B3-AF62-43D3-89B8-F8DA1F9BE456} - C:\Program Files\GSTools\g-tools.dll (file missing) Let me know if we stop the pop-up.

0

jabuck still appearing could it be this O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://pmicoaching.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab

0

I sort of doubt it but it will not hurt anything to remove all the 016's as they will reinsatll the next time they are needed. Looks like webshots may be the baddie, let hope so. Remove these with HT: O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file) O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

0

Will nothing seem not be working got any suggestions

0

One more thing I think we should try. I believe we are all around the answer. Go to start>run> type "msconfig" without the quotes>ok>startup tab. In the bar under "startup tab" there is a vertical mark to the left of "location"> place your cursor there and it turns into a "cross hair", hold the left mouse button down and slide "location" to the right so that the "command" items can be viewed better. Now located these two items. C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe On the far left click to remove the green checks beside both of these items, click apply>ok. Restart the computer. You may get a screen saying that you are running in selective startup. Click the small box "do not show this again". Hopefully that will stop the taskbar popup.

0

jabuck I dont what to jump the gun here but i think we got it i have not see the blank window pop up for about 2 hour and the only programs i see was C:\ProgramFiles\HP\hpcoretech\hpcmpmgr.exe i did not see this in the startup tab C:\Program Files\HP\HP Software Update\HPWuSchd2.exe but hey it stop pop up. Once again i would like say. Thank you so very much for all your help and for your time with this.I cound not have done it with out your help and the information that on this site. I found some good information here at this forum site I have learn alot here at this websites reading different posting. I did know that ther was so many different tool that you can use to help you And I learn alot other suff to that did not know. I Will deffinetly be back for more help if i have any more problem and i deffinetly will refer anyone here for ther problem and I'm open to any suggestions you can give me. Even if you can just refer me to a few good websites, I would be grateful for the input. Once again thank you so very much for your all help and for your time and to all who contribute to this forum. . . . Thank you Blank

0

My apologies for taking so long to identify the culprits. I run across this a while back and for the life of me couldn't remember which files shut the thing off. Glad we could help Blank.

0