[takatomon]

recently, my PC really started acting up and would lock up every time i tried to shut it off. i had downloaded antivirus software, registry cleaners and spyware hunters to try and fix problems, but actually, my PC is acting WORSE after all of the "fixes".

anyways, last night, my pc locked up again when i tried to shut down so that i had to use the power switch to shut down. today when i tried to turn my PC on, i got TWO error messages on bootup. the first one was about switching from fat 2 to fat 1 which i didn't do, because i have no idea what that means. i'm afraid that it might kill my hard disk if i do it. my AV software detects no viruses and i did another full virus, registry, spyware sweep yesterday.

the second error message was that C:\WINDOWS\WIN386.SWP is corrupted. i have no idea what that is or what it does, so i didn't do anything to that either. i couldn't find anything about
it searching here or on the net. well i did find one technobabble page about it that was pure chinese to me. actually, i probably know more chinese than technospeak.

ever since i downloaded software to supposedly HELP my PC, it has been steadily going downhill. i've lost the ability to use my wallpaper as "tuneup utilities" did something to that so that it glitches and one of the other programs reset my inbox so that it doesn't automatically download when i log on. i can't find the means to fix EITHER problem in the programs that created them OR in windows itself. there's no wallpaper settings in my toolbox that will stop that from glitching and there's no way to reselect "auto download" anywhere in outlook.

those aren't life and death problems, but that fat 2/fat 1 and other corrupted file ARE serious as they interrupt booting up. what are the problems there? should i fix them?
will it destroy my files if i do?

 

[putasolution]

WIN386.SWP is the Virtual Memory file

Try resizing your Virtual Memory size to 0, deleting the file and then rebooting

The file will be recreated on reboot, go back to your Virtual Memory , and set it to its original size

 

[takatomon]

that would be nice if i had ANY clue as to what all of that technobabble means. i'm as "anti-hacker" as is possible for a PC user to be. after nearly four years of using a PC, i just learned how to create and retrieve folders only a month or two ago. i'm THAT clueless when it comes to computing.

as to "rerouting the secondary phase inverter though the plasma conduit redundant bypass manifold"... you totally loose me. basically. if it isn't pointing and clicking, i don't do it. getting to the virtual memory is WAY over my head.

for what it's worth, the pc booted up fine today without any error messages. did it fix itself?

 

[brushmaster1]

It probably did fix itself. Windows, by default, uses a dynamic swap file, which means it expands to whatever size is needed at the moment. If you did something that called for more memory than your physical RAM, Windows will use the swap file. Then, on restarting, the swap file is set back to the minimum size, thus recreating WIN386.SWP...

As for the FAT1/FAT2 question, Windows keeps two versions of your FAT (File Allocation Table). If one copy becomes corrupt, Windows will ask you if you want to use the other (best) copy. Tell it "yes", and you should be OK.

 

[takatomon]

so the next time i see THAT particular error message, i can click "OK" and feel safe that all my files won't self destruct? i'll just be switching to a failsafe?

it really amazes me how fluent so many people are with PCs. i think that part of my aversion to them is a slight "name & number" dyslexia. all of the "file xbj5771 subfolder" listings are a nightmare to me.

i'll be alot more understanding when PCs list files as "what they are, where they belong and what they do" in otherwords, reveal the underlying FORM of what they are instead of having meaningless file names that tell nothing about their true nature.

i remembered the STORIES in social studies, but DESPISED memorizing the names and dates.

 

[takatomon]

how do i reset the virtual memory? i need a simple "how to" to double check it. my pc is still locking up and i think it might have something to do with memory as my PC crashed FOUR times in a row this weekend when i trieed to release emails from my providers large blocked spam list.

my PC is still refusing to shut down most of the time now too. there's something running in the background that won't shut down.

aside from trying to fix the virtual memory if someone tells me how, i'm going to try a "mydoom" scan to see if that's the problem in case i have it and my A/V missed it. SOMETHING is up. the only other thing i can think of is that a hacker is fighting me for control of my PC. the more i try to fix things, the more things go wrong.

my PC TOTALLY went nuts when i tried to install a firewall.

i had no luck with mydoomremover either. i got 2 error messages when i tried to run that:

The MYDOOMREMOVER.EXE file is linked to missing export user32.DLL:GetWindowModuleFileNameA.

and

C:\mydoomremover.exe
A device attached to the system is still not functioning.

 

[NiteHawk]

Let's see what is running on your pc. HiJack This (don't let the name scare you) is a very small program that will show what is running on your pc when it starts up. It shows the good, the bad, and the ugly. That way we will be able to help you determine what keep and what may be causing any problems. It's simple, straight forward, and easy to use.

Go to http://tomcoyote.org/hjt/ or http://lurkhere.com/~nicefiles and download HiJackThis. Use Winzip to unzip it, then install and run it.

NOTE: HiJackThis.exe file SHOULD be installed in it's own folder. Before downloading create a folder and name it HiJackThis then d/l HiJackThis to that folder. To run double-click the HiJackThis.exe file.

The reason for it's own folder is because HiJackThis will create not only log files, but a backup of whatever it removes so you can restore if necessary. If you d/l HiJackThis to your desktop and run it from there you will have log and backup files scattered all over your desktop.

To run, click the "Scan" button. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. Most of what it finds is harmless, so do not do anything yet. Someone will be glad to help you sort out any of the not so good items that may be in there.

 

[takatomon]

i have checked for what is and isn't running with spybot. knowing what's running means ABSOLUTELY NOTHING to me as i have no idea what the heck "subfileQ3679765574blahsyblahLGM744653" is. if my computer actually gave me THE REAL NAMES of what everything is, then i'd know what's what.

it seems that everyone here makes the assumption that everyone else knows what all of these "secret files" are, i don't. when i see a list of what's running, it should read:
windows 95
spybot
internet connection
etc.

NOT:
o76uyfuoeigbhrurluyr4675r
pi7u59trdf;liu5695we67io6f
p87bviytdluyfo7864r

seeing the list doesn't help.

aside from that, it looks like windows is telling me that i'm missing some file which is keeping me from downloading files. nearly EVERY file i've downloaded hasn't worked:
the my doom scanner
the firewall
SEVERAL photo editors
and a few other utilities.

finding a list of what's running won't help me because i can't make heads or tails out of it even WITH spybot's brief descriptions that still don't say "what it is and what it does". maybe a big part of the problem is that missing file that's keeping me from downloading anything. my "easy gallery creator" program quit working too.

i HATE the way windows doesn't tell what everything is and does in plain english.

 

[WhitPhil]

The intent was not for YOU to interpret what you should or should not have running, but rather the forum members.

Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post.

 

[takatomon]

see, you lost me THERE too. i have NO IDEA where my log files are. i've never used them. basically, if it doesn't involve pointing and clicking, i don't know how to do it. i could copy and paste my spybot list if that helps. actually, that doesn't. the list i was thinking of is the startup program list. SOMEHOW, netscape navigator turned itself back on! i've been trying to uninstall that for almost as long as it's been on my PC.

so WHERE is this log file? log files AREN'T point and click, so they're chinese to me. i DON'T get into the nuts and bolts of my PC ever. it took me several YEARS just to learn how to create folders until i rented a win 95 video. that's how PC illiterate i am.

 

[WhitPhil]

Nitehawk has explained this (I thought) in the post above for HiJackThis.

Run HiJackThis
Scan button
Save log button
Save the file
Opens in Notepad
Copy the contents (Edit > Select All then Edit > Copy)
Come back to this thread
Create a Reply
Paste the contents (Edit > Paste)

 

[takatomon]

yes, i read that post, but you didn't read my reply to it.

MY PC WON'T LET ME DOWNLOAD ANYTHING.

that should be simple enough for even a techie to understand i thought. EVERYTHING that i try to download crashes. what good is a downloadable program if i can't download it? i need that file that's keeping me from downloading BEFORE i can use that program. just to humor you, i'll try to download it, but i bet a nickel it won't work like everything else i've tried.

 

[takatomon]

okay... after i had to downlaod an unzip program, i finally got hijack this to work. i found out that unzipping is also why i could never get easyftp to work. i've never unzipped anything before. anyways, right off the bat i fixed two clearly questionable files. i bet one of them is the one that keeps reinstalling tracking cookies immediately after i spyzapped them. i also fixed a default to netscape navigator. just those 3 fixes seemed to really speed my netsurfing up.

looking at what was left, i think that the symantic file can go as i don't use anything by them. i use AVG. other than that, you'll have to decode the rest.

Logfile of HijackThis v1.97.7
Scan saved at 4:12:20 AM, on 4/20/04
Platform: Windows 95 C (Win9x 4.00.1111)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CAM DEVELOPMENT\CAM UNZIP\CUZ.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = You are here... DUH
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.i deleted this for post/"); (C:\Program Files\Netscape\Users\i deleted this\prefs.js)
(how do i change this to internet explorer? i want to loose netscape, THIS must be what's keeping me from uninstalling it.)
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ZDelete Auto-Cleaner (HKCU)
(30 day trial expired)
O13 - WWW. Prefix: http://
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
(i don't play games, so i don't think i need shockwave)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
(??? i shouldn't have ANY yahoo software except a link to their TV guide in favorites)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/common/bin/cabsa.cab
(i never used norton AV, it must need to be uninstalled)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08adfe5405ec98bb6d20/netzip/RdxIE601.cab

the rest of these files are mostly nonsense to me. i've turned PTsnoop off a couple of times with spybot, and decided to leave my country on as i thought it might help surfing.

does "real" need to be on at all times? i only use it once in a great while to listen to song samples. can i switch it into "as needed mode"?

 

[takatomon]

i did a search for symantec, norton and yahoo, and came up with nothing. the only results i found were for a couple of yahoo cookies, and a file that when i clicked on it displayed the small red "Y" that sits in front of the tv guide link in my favorites.

i'm baffled where the symantec stuff is coming from. i had uninstalled a "sample" download a long time ago when i couldn't get it to work.

p.s. after you've looked at this "hijack this log", there's another member that needs their log decoded at:
http://forums.techguy.org/t222143.html
in windows XP.

 

[takatomon]

still waiting for someone to tell me what the hijackthis file means. i wanted to change the title of this post to that, but for some reason, i no longer have access to edit mode.

 

[Styxx]

Ensure your Virtual Memory is set correctly like this.

Right-click My Computer; Point to Properties; Click the Performance tab; Click the Virtual Memory button. Put a checkmark in the Radio button next to 'Let Windows manage my virtual memory settings (recommended)'. This controls your so-called Swap File.

 

[Styxx]

your main problem is you're using Win95. You out to be using a higher version of Windows. Ask here about upgrading before you do though.

 

[Styxx]

I see from your HJT log you have no firewal running. You can still get an earlier version of Zone Alarm that will work with Win95 from http://www.oldversion.com

 

[Styxx]

Here's what that HJT log file means. If you can read this go-by will tell you.

This is a basic guide as to what the log means, and some tips on reading it yourself. This should in no way replace asking for help in the forums, but it will still help you somewhat in understanding and modifying the log yourself.
--------------------------------------------------------------------------------

Overview

Each line in a HijackThis log starts with a section name.

For practical information, click the section name you need help with:
R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs
F0, F1 - Autoloading programs
N1, N2, N3, N4 - Netscape/Mozilla Start/Search pages URLs
O1 - Hosts file redirection
O2 - Browser Helper Objects
O3 - Internet Explorer toolbars
O4 - Autoloading programs from Registry
O5 - IE Options icon not visible in Control Panel
O6 - IE Options access restricted by Administrator
O7 - Regedit access restricted by Administrator
O8 - Extra items in IE right-click menu
O9 - Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
O10 - Winsock hijacker
O11 - Extra group in IE 'Advanced Options' window
O12 - IE plugins
O13 - IE DefaultPrefix hijack
O14 - 'Reset Web Settings' hijack
O15 - Unwanted site in Trusted Zone
O16 - ActiveX Objects (aka Downloaded Program Files)
O17 - Lop.com domain hijackers
O18 - Extra protocols and protocol hijackers
O19 - User style sheet hijack

--------------------------------------------------------------------------------

R0, R1, R2, R3 - IE Start & Search page

What it looks like:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.google.com/
R3 - Default URLSearchHook is missing
What to do:
If you recognize the URL at the end as your homepage or search engine, it's OK. If you don't, check it and have HijackThis fix it.
For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.
--------------------------------------------------------------------------------

F0, F1 - Autoloading programs

What it looks like:
F0 - system.ini: Shell=Explorer.exe Openme.exe
F1 - win.ini: run=hpfsched

What to do:
The F0 items are always bad, so fix them.
The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad.
--------------------------------------------------------------------------------

N1, N2, N3, N4 - Netscape/Mozilla Start & Search page

What it looks like:
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
What to do:
Usually the Netscape and Mozilla homepage and search page are safe. They rarely get hijacked. Should you see an URL you don't recognize as your homepage or search page, have HijackThis fix it.
--------------------------------------------------------------------------------

O1 - Hostsfile redirection

What it looks like:
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
What to do:
This hijack will redirect the address to the right to the IP address to the left. If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.
--------------------------------------------------------------------------------

O2 - Browser Helper Objects

What it looks like:
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
What to do:
If you don't directly recognize a Browser Helper Object's name, use TonyK's BHO List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the BHO List, 'X' means spyware and 'L' means safe.

--------------------------------------------------------------------------------

O3 - IE toolbars

What it looks like:
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)
O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL
What to do:
If you don't directly recognize a toolbar's name, use TonyK's Toolbar List to find it by the class ID (CLSID, the number between curly brackets) and see if it's good or bad. In the Toolbar List, 'X' means spyware and 'L' means safe.
If it's not on the list and the name seems a random string of characters and the file is somewhere in a folder named 'Application Data' (like the last one in the examples above), it's definitely bad, and you should have HijackThis fix it.
--------------------------------------------------------------------------------

O4 - Autoloading programs from Registry

What it looks like:
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
What to do:
Use PacMan's Startup List to find the entry and see if it's good or bad.
--------------------------------------------------------------------------------

O5 - IE Options not visible in Control Panel

What it looks like:
O5 - control.ini: inetcpl.cpl=no
What to do:
Unless you've knowingly hidden the icon from Control Panel, have HijackThis fix it.
--------------------------------------------------------------------------------

O6 - IE Options access restricted by Administrator

What it looks like:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
What to do:
Unless you have the Spybot S&D option 'Lock homepage from changes' active, have HijackThis fix this.
--------------------------------------------------------------------------------

O7 - Regedit access restricted by Administrator

What it looks like:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
What to do:
Always have HijackThis fix this.
--------------------------------------------------------------------------------

O8 - Extra items in IE right-click menu

What it looks like:
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
What to do:
If you don't recognize the name of the item in the right-click menu in IE, have HijackThis fix it.
--------------------------------------------------------------------------------

O9 - Extra buttons on main IE toolbar, or extra items in IE 'Tools' menu

What it looks like:
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
What to do:
If you don't recognize the name of the button or menuitem, have HijackThis fix it.
--------------------------------------------------------------------------------

O10 - Winsock hijackers

What it looks like:
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'c:\progra~1\common~2\toolbar\cnmib.dll' missing
O10 - Unknown file in Winsock LSP: c:\program files\newton knows\vmain.dll
What to do:
It's best to fix these using LSPFix from Cexx.org, or Spybot S&D from Kolla.de.
--------------------------------------------------------------------------------

O11 - Extra group in IE 'Advanced Options' window

What it looks like:
O11 - Options group: [CommonName] CommonName
What to do:
The only hijacker as of now that adds its own options group to the IE Advanced Options window is CommonName. So you can always have HijackThis fix this.
--------------------------------------------------------------------------------

O12 - IE plugins

What it looks like:
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
What to do:
Most of the time these are safe. Only OnFlow adds a plugin here that you don't want (.ofb).
--------------------------------------------------------------------------------

O13 - IE DefaultPrefix hijack

What it looks like:
O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?
What to do:
These are always bad. Have HijackThis fix them.
--------------------------------------------------------------------------------

O14 - 'Reset Web Settings' hijack

What it looks like:
O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com
What to do:
If the URL is not the provider of your computer or your ISP, have HijackThis fix it.
--------------------------------------------------------------------------------

O15 - Unwanted site in Trusted Zone

What it looks like:
O15 - Trusted Zone: http://free.aol.com
What to do:
So far, only AOL has the tendency to add itself to your Trusted Zone, allowing it to run any ActiveX it wants. Always have HijackThis fix this.
--------------------------------------------------------------------------------

O16 - ActiveX Objects (aka Downloaded Program Files)

What it looks like:
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
What to do:
If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix it. If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it.
--------------------------------------------------------------------------------

O17 - Lop.com domain hijacks

What it looks like:
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W21944.find-quick.com
O17 - HKLM\Software\..\Telephony: DomainName = W21944.find-quick.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com
What to do:
If the domain is not from your ISP or company network, have HijackThis fix it.
--------------------------------------------------------------------------------

O18 - Extra protocols and protocol hijackers

What it looks like:
O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
O18 - Protocol hijack: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}
What to do:
Only a few hijackers show up here. The known baddies are 'cn' (CommonName), 'ayb' (Lop.com) and 'relatedlinks' (Huntbar), you should have HijackThis fix those.
Other things that show up are either not confirmed safe yet, or are hijacked by spyware. In the last case, have HijackThis fix it.
--------------------------------------------------------------------------------

O19 - User style sheet hijack

What it looks like:
O19 - User style sheet: c:\WINDOWS\Java\my.css
What to do:
In the case of a browser slowdown and frequent popups, have HijackThis fix this item if it shows up in the log.

 

[Styxx]

Close your internet browser, all other programs, doing the below, restart your computer and then generate your Hijack This log.

Clear your browser's Cache and key folders before you generate a HJT log:

Click the Start button; Point to Control Panel, select Internet Options; In the box that opens, click the Clear History; Delete Cookies And Delete Files buttons (tick the box next to, 'Delete all off-line content', each in turn; In the box that opens after activating each button, click the OK button. Click OK to close the Internet Options window.

Clear the contents of the c:\Windows\Cookies; Temporary Internet Files and Temp folders.

***

You've got way too much running at Windows startup.

Check your available resources by right-clicking My Computer; clicking Properties; Click the Performance tab. Resources available are displayed as percent there at top. Check it when you get done running the System Configuration Utility mentioned below.

Click the Start button; Run; type 'msconfig', without the quotation marks, in the Run box and click OK; Then click the Startup tab; Uncheck anything you don't need running in the background. For reference on what's not needed running in the background in the System Configuration Utility, view this website first and print out the list:

http://www2.whidbey.net/djdenham/Running_items.htm

It's important that you print out the above mentioned list. The site provides a printer friendly link.

In the System Configuration Utility (SCU), you can uncheck programs you suspect one at a time and restart your computer. If something doesn't work right, you can always go back into the SCU and re-check it and restart your computer via the Start button. The changes are completely reversible by re-checking an item in SCU or by selecting Normal Startup under the General tab in the SCU and all the programs listed run when Windows starts as it was before you started.

***

You need to be running a firewall like free Sygate from http://download.com - type, sygate, in the Search box, you must be on-line to register Sygate, that is if you're not using a firewalled Router on a Network or, have another third-party firewall like Sygate installed, to protect you and the Internet community from hackers, spammers and terrorist from using your computer for their own illicit needs while you're on-line?

***

Get, install, update and run free Ad-aware (and its HexDump plug-in) from http://www.lavasoftusa.com/software/adaware/

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use Custom Scanning Options' then click Customize' and have these options selected: Under Drives and Folders put a check by Scan Within Archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.

***

You might post exactly what programs you have in the Add/Remove Programs Control Panel list box.

***

Go to http://housecall.trendmicro.com or http://www.pandasoftware.com/activescan/com/activescan_principal.htm and click the Scan Now link to run a free on-line virus scan.

***

What anti-virus are you using? If you're running Mcaffee or Norton anti-virus and have not recently paid for a one year subscription to download weekly new virus definitions, you might consider getting free AntiVir 6 from http://free-av.com - Uninstalling Mcaffee; Restarting your computer and installing free AntiVir Anti-virus 6.0.