In the last log, I failed to note that you had Tea Timer running. While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose [Yes] at the Warning prompt.
- Expand the [Tools] menu.
- Click [Resident].
- Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
- In the File menu click [Exit] to exit Spybot Search & Destroy.
~~~~~~~~~~~~~~
Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
~~~~~~~~~~~~~~
Post a fresh log after this.
~~~~~~~~~~~~~~
Performance of the machine may improve if it weren't overladen with numerous autostart entries. You may wanna try configuring these programs not to autostart with Windows
Here's a list of apps you might wanna disable -
Quote:
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
HP's exclusive http://www.hp.com/peripherals2/scanj...tmShare-to-Web software makes it easy to share content with others through affiliate Internet websites. In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start - Programs
~~~~~
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP software updates. If a shortcut doesn't exist create your own and run it manually
~~~~~
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Application Scheduler installed along with RealOne_Player http://www.real.com/. Once installed it runs independently of RealOne Player.
To disable tkbell.exe in the new version
(1) Start RealOne Player
(2) Tools - Preferences
(3) Automatic services in the Categories pane
(4) Uncheck all options and then OK
~~~~~
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
Logitech Image Studio - installed with Logitech QuickCams
~~~~~
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos not if you don't. Also not required for versions up to and including 7.30 and after version 8.30
~~~~~
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
System Tray access to Apple's Quick Time viewer from version 5 onwards
~~~~~
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie i810). These chipsets are often included on motherboards. Available via Start - Settings - Control Panel
~~~~~
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
System Tray icon used to change display settings change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the NVIDIA Driver Helper Service if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see http://www.blackviper.com/WinXP/strangeservice.htm here )
~~~~~
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Associated with the newer versions of nVidia graphics cards drivers.nbsp; Allows you to immensely improve desktop layouts by setting preferences and optimizations.nbsp; However this isn't necessary for the operation of your system
~~~~~
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game Everquest. Otherwise settings can be changed manually via Display Properties
~~~~~
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Checks with Sun's Java updates site to see if newer Java versions are available.
~~~~~
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
~~~~~
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
One of the popular WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See http://808hi.com/56k/winmodems.asphere for more WinModem information
~~~~~
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties you need it otherwise not. Can be disabled via Control Panel - Display Properties
|
__________________
Question - what have you done for the community today?