Geeks Geeks and More Geeks - View topic - How do I know what to delete in A Square? - Computer, Internet, Photography, Microsoft Office and general disussion - Free Message Board Hosting by FreePowerBoards.com

The Friendly Place to Get Help and Support!

Here you will find free, friendly and courteous help and support for all your computing and photography needs. We also have forums where you can just relax and have fun, talk about anything you want to discuss within board guidelines, and share your interests and hobbies with others. Our portal (Home) page contains several activities and games where you can just relax. It also contains an ecard service.

You are welcome to browse the forums to see what we have to offer, but you must register in order to participate. Some forums, games and activities are viewable only after you register. If you are new, click here to get started.

repa,

I have not been able to do much of anything while I was sick. I got online the other night to catch up my duties on my craft forum as I'm a moderator. The day after I ran all my scans. I had not run them in a couple of weeks as I had the flu and all.

I had not loaded spybot yet and when I did, it did the same thing it did on the other computers. when my pc is booting, it's turning off my anti virus and it alerts me and then in about 1 minute or so, it's ok. I know it's spybot which is why I left it off so i could see.

I ran Adaware, AVG antispyware, Windows defender and spybot and ALL were clean. nothing found.
THEN I ran A square and it found 173 medium threats and found 2 high priority threats. How do i know what to delete?? DO I google them?? I hate to google as I feel I got these by googling for things. I never download anything but aren't some things planted on your pc when you click on the link like in googling?? I look at ebay and I visit prim craft shops. I don't understand how I get these things. Sad

No one has used my pc but me. I order patterns and they come as an attachment but yahoo scans them, I scan them too and nothing has ever showed up.

All the medium threats have the word Napster in them.
I took screen shots of the two high threats which are the same thing and it also shows some of the medium threats too. I read about a desktop dialer and I have DSL and not my phone but I need to get it off my computer don't I? How can I find out what site this came from OR can I?

I know things happen but it's frustrating when you take ease and care to NOT mess up and then this happens.
Can you advise me on what I should do please and also, do you think I should remove spybot since it keeps turning off my antivirus??? I have never gone online until it was updated and on but it shouldn't do that and that bothers me. I do not have tea timer turned on.
Sorry to keep having issues. I' trying hard to do it right. Thanks repa.

Should I run those Hijack this instructions you posted for my last laptop?
_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

Linda, it really would have helped had you come here first to get help in setting up your new computer and protecting it before you started surfing the Internet.

It looks like some of that stuff may have already been installed on your computer when you bought it, but it would have been much easier to know for sure had you come here before going anywhere else. Many computer vendors put bloatware and spyware on new computers because they have deals with the vendors that produce them. Napster is a very controversial application that allows people to share music over the Internet without having to purchase their own copy on CD. It is considered spyware by many. Desktopdialer, I don't know about and can't find out much about it.

If you would like for me to advise you on what are and are not potential threats, what programs you can uninstall that aren't needed, and what programs do not need to be running at startup and can be turned off in msconfig to improve your computer performance, then in the steps that follow, you are going to download, install and run HijackThis. You will only use HijackThis to scan and create a log file and 2 other files. You will not use HijackThis to fix anything :

1. Create a Folder on your C:\ drive called HijackThis. The path should be C:\HijackThis. Download the hijackThis Installer download file from here:

http://www.bleepingcomputer.com/files/hijackthis-installer.php

and SAVE it to the folder you just created.

2. Create a new restore point. Disconnect from the internet by turning off your modem. Close all browsers and any programs you may have running, including your AVG anti-virus program and Windows Defender. Exit any programs you can that are running in the system tray.

3. Navigate to the C:\HijackThis directory and click on the HJTInstall.exe file to start the installation process. A new window will open and will ask you to choose the path to install HighjackThis into. Change the path shown there to the folder you created on the C:\ drive, i.e., C:\HijackThis.

a. Click on the Install button. When you click on this button, the program will be extracted to C:\HijackThis and a shortcut will be created on your desktop. When the install is complete, HijackThis will automatically launch and you will be presented with the License Agreement. Simply click on the I Accept button.

b. After the license agreement goes away, you will be at the HijackThis Menu. Uncheck the box at the bottom left of the window that appears and select the button that says “None of the above, just start the program.” You will then be presented with the Main HijackThis screen. At this point, close the Windows Explorer window so that no programs are running on your computer except HijackThis.

c. To have HijackThis scan your computer, click on the Scan button (lower left side of the screen). There will be a pause where nothing seems to be happening. Just be patient, it will be obvious when the scan finishes.

d. When the scan is complete, the “Scan” button will turn into a “Save log” button. Click on it and save the log file as “ current date_hijackthis.log (example: 03-08-2008_hijackthis.log) in the C:\HijackThis folder.

Warning: DO NOT fix entries using HijackThis unless I instruct you to do so at a later time. Please carefully follow all instructions given below.

Follow the instructions given below to post your uninstall programs list, Startup listing, and a HijackThis log in this thread. I will advise you of what to do next after reviewing the information obtained from HijackThis. It may take me a couple of days.

1. On the bottom right of the HijackThis screen, click on the “Config…” button and select “Misc Tool” at the top of the screen that appears.

2. Under System Tools, select the “Open Uninstall Manager” button. A list of programs will appear in a window on the left side of the screen. To the right of that list at the bottom of the list will be 3 butons. Select the button that says “Save list” and save the file as “current date_uninstall_list.txt (example: 03-08-2008_uninstall_list.txt) txt in your C:\HijackThis folder.

3. Select the Back button (bottom right of screen). This takes you back to the main screen where you did your scan. At the bottom right of this screen, select the “Config…” button, and then the Misc Tools button on the next screen that appears.

4. Under the Main button at the top of the screen you will see a button named “Generate Startuplist log”. Select this button. A window will open. Respond “Yes” and notepad will open with the Startup list. Select File > Save as, and save the file as “current date”_startuplist.txt (example: 03-08-2008_startuplist.txt in your C:\HijackThis folder.

5. Close HijackThis and reboot. Connect to the internet (turn your modem back on) and navigate to your C:\HijackThis folder. There, you will see the 3 files you created in HijackThis with their names being preceded by the “current date” of whatever day you created and prefaced them by:

a. hijackthis.log
b. uninstall_list.txt
c. startuplist.txt

6. Now, open your browser and navigate to this thread on the message board and post the contents of each file. To do that:

a. Click on the hijackthis.log file. It will open in notepad.

b. On the menu bar, select Edit > Select All. This will select and highlight all of the text in the notepad window.

c. Right-click anywhere on the highlighted text and select Copy on the popup menu that appears.

d. Go to the message board and paste it into the post you started.

e. Repeat steps 6.a – 6.d above for each of the remaining files.
_________________
Repa

Older than dirt!

repa
I'm sorry. I thought I did set it up right before surfing. I installed A Square, AVG antivirus, AVG antispyware and adaware. I also have Defender and ran it. Of course i updated them all first. I did forget about Sybot and that was my fault. I thought I was safe once installing all these and scanning. I didn't know I needed to remove the unwanted programs first, before scanning. It was all clean when I scanned after purchasing it.

Don't give up on me repa. I do my best to try and think straight and learn but I do have a disorder that creates problems for me. It is not an excuse but I just have to live with it. I forget and sometimes I can't grasp things. I do my best though. I do want to have a computer that runs well and be able to enjoy it. I do appreciate your help and I am sorry I did not handle this properly so it was easier. I truly thought I was ok although I Know I forgot Spybot.

I am concerned with Spybot because it does not run properly. I don't know if it's because of another program I have or not but it's doing the same thing my first Toshiba did.
1- It turns off my antivirus when booting and then when everything has loaded, my antivirus is ok.
2- It still tells me it might update properly because I am not using Admin rights which I am. I am going into my Admin acct which I DO NOT use to surf. I created a standard user acct that I use. BUT, even in the Admin acct, Spybot does not recognize it as Admin. Sad

3- I immunized when i posted the post above and I had over 43,000 items immunized and now it only has a little over 39,000. I tried to keep checking for updates and immunizing and it keeps saying I don't have admin rights? Sad

Remember you had me unistall this several times when this happened before on my first Toshiba but it never corrected it.

I will print these instructions out and run Hijack this. I'm sorry repa.
Thank you for continuing to help me. Smile

_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

repa,

I had these printed already and I read over the instructions and I am a little confused as to what this meant:

b. After the license agreement goes away, you will be at the HijackThis Menu. Uncheck the box at the bottom left of the window that appears and select the button that says “None of the above, just start the program.” You will then be presented with the Main HijackThis screen. At this point, close the Windows Explorer window so that no programs are running on your computer except HijackThis.

Like I click on IE to open a window to navigate to the site for Hijack this.
It says close Windows Explorer window so it's not running? Am I to go into somewhere and close it? If I close the window that that the Hijack this page showing how can I continue? I'm sure this is simple but I am at a lost over this part. I want to make sure I do it right so I will wait until I hear from you. I know this is simple but I just am not grasping it. Sad

_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

willin_601 wrote:

When you download the install program for HijackThis, you have to open Windows Explorer to access it so you can install it. In step 3 of the instructions, it tells you to "Navigate to the C:\HijackThis directory and click on the HJTInstall.exe file to start the installation process." The window that is open for you to navigate to the C:\HijackThis directory is Windows Explorer. That is the window you are being instructed to close after you are at the main HijackThis screen. Do not close the window for HijackThis.

For now, let's forget about Spybot and it's problems, and the other programs you downloaded, and let's get this done so I can see what is on your system. Then, we'll go step-by-step from there.
_________________
Repa

Older than dirt!

thanks repa.
I understand now. I will start the process tonight. we have a tornado on the ground about 40 miles from here and I'm trying to see if it's heading towards us or away from us. I want clear weather and no alarms sounding when i start this process. I will wait until I know it's clear and not affecting us. they are saying an hour to 90 minutes. So looks like I can do it here shortly. thank you repa Smile

_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

repa,
Here are my Hijackthis files:
"Hijackthislog"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:23 PM, on 4/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3285356648-645425661-2991606406-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'kornkribprimitives')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8728 bytes

"uninstall_list"
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
a-squared Free 3.1
AVG 7.5
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Broadcom High Definition Video Decoder 2.6.0.2
Camera Assistant Software for Toshiba
CD Recovery Toolbox Free 1.1
CD/DVD Drive Acoustic Silencer
Desktop Dialer
Diner Dash - Flo on the Go
DVD MovieFactory for TOSHIBA
FATE
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Internet Offers
IsoBuster 2.3
Java(TM) SE Runtime Environment 6
Mah Jong Quest
mCore
mHelp
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
mPfMgr
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Napster
oggcodecs 0.71.0946
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA HD DVD PLAYER
TOSHIBA Media Center Game Console
TOSHIBA Music
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Yahoo! Music Jukebox

"startuplist"
StartupList report, 4/25/2008, 5:03:08 PM
StartupList version: 1.52.2
Started from : C:\HijackThis\HijackThis.EXE
Detected: Windows Vista (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16643)
* Using default options
==================================================

Running processes:

C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\Windows\system32\igfxtray.exe
HotKeysCmds = C:\Windows\system32\hkcmd.exe
Persistence = C:\Windows\system32\igfxpers.exe
PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup
Camera Assistant Software = "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
NDSTray.exe = NDSTray.exe
HWSetup = \HWSetup.exe hwSetUP
SVPWUTIL = C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
KeNotify = C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
RtHDVCpl = RtHDVCpl.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

WindowsWelcomeCenter = rundll32.exe oobefldr.dll,ShowWelcomeCenter
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 6,492 bytes
Report generated in 0.032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I won't go anywhere except here to check for your next instructions.
Thank you repa and I know it will take some time when you have available time. Smile

Thank you again
_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

Thanks, Linda. I'll get back to you in the next couple of days.
_________________
Repa

Older than dirt!

thank you repa Smile

_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

Ok Linda,

Sorry this took so long. We are going to do this one step at a time, so this is probably going to spread out over several days. I am going to give you some applications to definitely remove from your computer, and some I will suggest you remove, but will leave up to you. When completed, I want you to run a-squared again and set me the report (I'll tell you how to do it below):

1. In your uninstall programs:

a. Definitely uninstall:

Desktop Dialer (apparently used to make VoIP calls)

Napster (a controversial application that allows people to share music over the Internet without having to purchase their own copy on CD)

Toshiba Game Console (contains wildtangent - spyware)

Toshiba Media Center Game Console (contains wildtangent - spyware)

b. Games I advise you uninstall unless you installed them yourself or want to play them and are not concerned that they might contain spyware. So far, I can find neither good nor bad about them, but a lot of spyware is piggybacked on games:

Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Diner Dash – Flo on the Go
Fate
Mah Jong Quest
Penguins!
Polar Bowler
Polar Golfer

c. Uninstall these unless you use them or intend to use them:

Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Yahoo! Music Jukebox

2. After you have completed the uninstalls, rerun a-squared in your account in Safe Mode and when it finishes do not fix, delete or quarantine anything it finds; just click on the Save Report button in the lower right-hand side of the a-squared window and save the report in a folder and with a name you can easily remember and find. Reboot into Normal Mode and open the file you just saved in notepad. On the menu bar, select Edit > Select All. The text will be highlighted. Right-click anywhere on the highlighted text and select Copy from the menu that appears. Paste the copied text into a post in this thread.

3. In the same post, provide me with a list of all the programs you uninstalled. If there were any that would not uninstall, list them and the reason given, if any, for not uninstalling.

4. Play around some with your computer to make sure that everything is working as it should be.

After I see the results of a-squared, I’ll tell you what to do next.

Go read this about Games and Game Sites:

http://www.freepowerboards.com/geeksmore/geeksmore-post-14009.html?sid=bf0140fc124d10841762b95988979 bfd#14009
_________________
Repa

Older than dirt!

Hi repa
Thank you. You take all the time you need, you're helping me and I will wait. Smile

Thank you repa. I will check back to see what your answers are before I begin. Smile

Thank you

_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

willin_601 wrote:

Hi repa
Thank you. You take all the time you need, you're helping me and I will wait. Smile

I do have a few questions before I start.

1- Mah Jong Quest is played on the desktop like Solitaire, you don't have to go online like with all the other games listed above. Does that make sense? Not sure how to explain it. I click on Solitaire or Spider Solitaire and it just pops up to play it on the desktop, you don't go online at all.

Doesn't make any difference if it's online or not. It depends on the source of the game, i.e., where you got it, and whether the vendor piggybacks spyware with it or not. Solitaire and Spider Solitaire are loaded with Windows from the Windows CD. Where you got Mah Jong Quest and the others only you know. It is up to you whether you want to keep these games on your computer or not. As I mentioned, I can find neither good nor bad about these games, so you will have to decide which, if any go or stay. I do not allow any games other than the ones that come with windows on my computer, but that's me. Others are fine with it, like my son, for instance. But my computer is a valuable tool, not a toy, and I treat it that way. I do let Granny play some with hers, but I check the places she goes first. I have never had to reload Windows because of problems (or at all for that matter) in the past seven years except when Granny's hard drive died on me and I had to install another hard drive on her Dell. And then, the computer was 5 years old.

If you like any of these games and play them, and they don't show up in the spyware and virus scans, then keep them if you want them. It's your choice.

2- Do I leave or remove everything that I found previously in A Squared? I have it all quarantined right now.

Leave the quarantine list alone for now. If you have problems uninstalling Napster, Desktop Dialer and the Toshiba Game Consoles because their components have been quarantined, then we may have to restore them in order to uninstall them. Follow the instructions as given and let's see what happens.

3-Do I just go into add and remove to uninstall or go in my start and see if there is an uninstall for it?

Either way - doesn't matter. Probably easier and quicker from Add/Remove

4- Am I to go into program files to remove anything at all? I just remembered you had me go into program files to remove files for AVG antispyware and Spybot, just want to make sure I remove it all properly.

Yes, if you can find the program folders, go ahead and delete them after the uninstall.

5-I have used google to search for things but I think Toshiba is my home page so I don't even know what those others are for. If I remove google desktop, this will not prevent me from googling to do a search will it? I don't think so but again, just making sure. Smile

No, you can do a google search by typing www.google.com in the address bar of your browser and it will take you to the google search page. Google Desktop is a desktop search application that provides full text search over your email, files, music, photos, chats, Gmail, web pages that you've viewed, and more. It also takes up system resources. You can read about it to decide if you want to keep it or not here:

http://desktop.google.com/features.html

Here's a review of Google Desktop:

http://www.downloadsquad.com/2008/03/30/windows-search-4-0-vs-google-desktop-5-5/

I am neither for or against keeping Google Desktop, but if you aren't going to use it, or use it infrequently, then there is no point taking up the system resources or hard drive space with it. Since I don't use it, I removed it and the Google Toolbar from my new Dell Laptop.

_________________
Repa

Older than dirt!

thank you repa
I am removing what you suggested. Sorry I just got back but had my appts with the pain clinic yesterday out of town and that was almost a whole day thing.

I don't use google constantly and I see that I can go to google if I want to google something so I have no need for this.

I did not download any games. I know almost all of those games listed are wild tangent and when you click on them to play, it takes you online to sign up and i did not do that but Solitaire, spider solitaire and mahjong titans as well as chess titans seem to be part of Windows maybe because they were there. I didn't install any games at all. I know the bejeweled2 and many others are part of Toshiba's gamea and wild tangent I guess, they were listed in my start under games but you have to go online to play them.

How can I tell which games came with Windows? and are these safe to play, like Solitaire, etc??
I do not want to keep anything that poses a threat but I know Solitaire is part of windows and came installed but is it ok? I hate to keep asking but want to make sure because if these few from windows are ok I would like to keep them but if they are a threat like wild tangent, i don't. I did not and never have downloaded any games on any of my computers. I did go to pogo and yahoo to play games from their site on my other laptop but I have not with this one and won't. I just am a little confused as to whether the games that came with Windows are safe and how I tell which games those are? thanks repa. Smile

_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

I see now that you said you do allow the games that came with windows. Sorry I misread that but how do I know which games listed are from windows and which games are wild tangent. I ONLY want to keep what came with windows. Smile

_________________

Character cannot be developed in ease and quiet. Only through experience of trial and suffering can the soul be strengthened, vision cleared, ambition inspired, and success achieved. -- Helen Keller

willin_601 wrote:

Solitaire, spider solitaire and mahjong titans as well as chess titans seem to be part of Windows maybe because they were there. I didn't install any games at all. I know the bejeweled2 and many others are part of Toshiba's gamea and wild tangent I guess, they were listed in my start under games but you have to go online to play them.

How can I tell which games came with Windows? and are these safe to play, like Solitaire, etc??

The following games come with Windows:

Freecell
Hearts
Internet Backgammon
Internet Checkers
Internet Hearts
Internet Reversi
Internet Spades
Minesweeper
Pinball
Solitaire
Spider Solitare

You should find these in the Games folder. The usual path is:

Start > All Programs > Accessories > Games

but, the path could be different on your computer.

As far as I know, these games are safe, and are on my computers. Any others on yours that you want to keep are your decision. If they aren't part of wildtangent, they may be ok. We are going to do a few other scans to find stuff, so if you want to leave any you like and play, do so and we'll see what we find later.
_________________
Repa

Older than dirt!

Page generation time: 0.6743s (PHP: 100% - SQL: 0%) - SQL queries: 28 - - Debug on