[coachwife6]

run the panda scan again and post the results here. I'm having trouble finding a fix and that may be able to help me.

Also, what is your anti-viral program. There are some norton remnants on there but it doesn't appear they are active.

If you don't have an anti-viral, please install one. There are some free ones out there. Grisoft has one.

[Advertisements]

I had Norton AV at one time and removed it with RAV2004 - then searched for components and got most (I thought all) of them....

I use the Cox Communications Security Software package that they provide free of charge. It includes AV, Anti-Spyware, Pop-Up Blocker, Parental Controls and a Firewall at no cost. I know the Anti-Spyware uses the Pest Patrol engine....not sure about the 'core' of the AV. You seriously think my log would look this good if I didn't have AV protection?

Anyway, I'm having trouble finding the Free AV Scan on Pandaware. When I select the "Free Download - Shareware" I am sent to the Evaluation Software page. I don't really want to download their software -- just want to do a scan. I'll keep trying to find this, but I've spent some time. I have some of the A+ training so I'm not clueless about these things......but the page is confusing to me as stated above.

[glcarteraz]

I had Norton AV at one time and removed it with RAV2004 - then searched for components and got most (I thought all) of them....

I use the Cox Communications Security Software package that they provide free of charge. It includes AV, Anti-Spyware, Pop-Up Blocker, Parental Controls and a Firewall at no cost. I know the Anti-Spyware uses the Pest Patrol engine....not sure about the 'core' of the AV. You seriously think my log would look this good if I didn't have AV protection?

Anyway, I'm having trouble finding the Free AV Scan on Pandaware. When I select the "Free Download - Shareware" I am sent to the Evaluation Software page. I don't really want to download their software -- just want to do a scan. I'll keep trying to find this, but I've spent some time. I have some of the A+ training so I'm not clueless about these things......but the page is confusing to me as stated above.

[glcarteraz]

P.S. About the Norton 'remnants'.....I still have Norton SYstemworks installed - just not the AV module. Maybe that explains the remnants you said you are seeing.

[coachwife6]

http://www.pandasoft...n_principal.htm

Try this. And use IE to download it.

I didn't know Cox did that now. I used to use Cox and I got nothing!

Do they update it for you and everything or just block potentially harmful e-mails?

[coachwife6]

About the Norton 'remnants'.....I still have Norton SYstemworks installed

I just read that that's a major resource hog.

[glcarteraz]

It is actually a console (my term...) that includes those items. THe product set is developed by Authentium - branded as "Cox Security Software." It has resident/active protection, and you can run scans where appropriate. It warns you when a virus tries to enter and is blocked. Updates are simple -- a dialogue box appears that says "Critical Updates for Cox Security Software" with "Install" or "Remind me Later" options. Piece of cake, and it does quite well - not perfect - none of it is as you know....and, yes, it is currently provided at no cost (no telling what the future holds with these clowns....). Thanks for the link -- the previous page had a link and, like a dummy, I printed out your note and tried to navigate to the page...shame on me!

[glcarteraz]

sorry about my A.D.D.....

I meant to tell you that the Cox stuff doesn't just work on behalf of e-mail. It is system software, so no more Norton/McAfee and the like. DUe to ADD I'll probably forget something else....sorry.

[glcarteraz]

Systemworks may be a resource hog, but it is worth it since I don't know of all the freeware/shareware stuff that is its equal.....maybe in the next life, as a full-fledged, card-carrying Geek, I'll go out on my own. But for now Systemworks and Cox are a sound package and easy to deal with when issues arise. I'll leave you alone to use your Menses-sized brain to help fellow members of the Galaxy.

[coachwife6]

Did you run the panda scan?

[glcarteraz]

It's just like the other day -- I select "Scan my Computer" and it just sits there. Yes, I've tried disabling my firewall -- made no difference. If I hit the "Hard Drives" option it does the same thing....don't know what the problem it.

When making one of those selections, the link makes that little 'web clicking sound'; so I select it -- the sound is hear -- and I can select it 100 more times and it still clicks...which would seem to indicate that it isn't executing.

Maybe I am not being patient enough, but I would think it would do a scan in 15-30 minutes.....never has completed so far and never has left a log with comments or notification of error(s). Don't know how to proceed at this point...

[coachwife6]

BRB. Working on someone else's now.

[glcarteraz]

THanks for the update. I am leaving for a meeting and won't be back for a couple of hourse. Hopefully (though I'm not optimistic) the scan will actually happen but, as of now, it is just sitting there -- no progress bar, no sign that the scan has started...I'll drop a line when I return. Thanks!!!!

[coachwife6]

are you using internet explorer to download it? Also, it requires the downloading of some plug-ins.

[coachwife6]

OK. Make sure system restore is off. I need you to disable some things that may be interfering with the fixes.

Right click on the Microsoft AntiSpyware icon (looks like a target) and click on Security Agents Status (Enabled) and click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection.

Also, does your cox security suite have antispyware prevention tools on it. It would prevent you from changing items, etc. If so, please disable that. These two may be preventing us from changing things. The site won't let me access it. See if you can disable it also.

C:\Program Files\Cox\Applications\app\AuthBHO.dll

I see you used to have teatimer and winpatrol. I no longer see them. But they would prevent you from fixing things.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click on Fix Checked when finished and exit HijackThis.

Reboot into safe mode and find this file and delete it.

C:\WINDOWS\system32\AUserInit.exe

Run adaware according to previous instructions.

Please run ccleaner. It will clean out all your temp. files, cookies, etc. If you want to save your cookies, configure the steps so it doesn't clean them out.

Reboot and post a new log.

[glcarteraz]

Logfile of HijackThis v1.99.1
Scan saved at 4:50:07 PM, on 4/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenix.cox.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AuthBHO.cBlockerBar - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AuthConsoleStart] C:\Program Files\Cox\Applications\app\cox.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.c...rt/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - file://C:\Program Files\Support.com\Bin\IBMAccessSupport\common\install\AcpControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe