XP Home probem

**SpywareDr** · December 13th, 2008, 03:26 PM

Please uncheck/disable "Word wrap" in Notepad. (Click "Format" to see if it's checked. If it is, click it to disable it).

Now do the [Ctrl]-[A] to copy it and then post it ([Ctrl]-[V]) here.

**SpywareDr** · December 13th, 2008, 04:18 PM

Nevermind, I think I was able to fix it:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:34 PM, on 12/13/2008
Platform: Windows XP SP3 (Win NT5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\ProgramFiles\Java\jre1.6.0_07\bin\jusched.exe
C:\ProgramFiles\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\LexmarkX74-X75\lxbbbmgr.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\ProgramFiles\McAfee.com\Agent\mcagent.exe
C:\Program Files\LexmarkX74-X75\lxbbbmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE
C:\ProgramFiles\MusicMatch\MusicMatchJukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\ProgramFiles\AGI\common\win32\PythonService.exe
C:\Program Files\Google\Common\GoogleUpdater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\ProgramFiles\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\InternetExplorer\iexplore.exe
C:\Program Files\TrendMicro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Default_Page_URL =http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Default_Search_URL =http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\InternetExplorer\Main,Start Page =about:blank
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Search Bar =http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\InternetExplorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AGSearchHookClass -{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\ProgramFiles\AGI\common\agcutils.dll
O2 - BHO: (no name) -{089FD14D-132B-48FC-8861-0048AE113215} - C:\ProgramFiles\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AGSearchHook Class -{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\ProgramFiles\AGI\common\agcutils.dll
O2 - BHO: AcroIEHelperStub -{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\CommonFiles\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZKBho Class -{56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ZeroKnowledge\Freedom\FreeBHOR.dll
O2 - BHO: SSVHelper Class -{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\ProgramFiles\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy -{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\ProgramFiles\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) -{9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: Google Toolbar Notifier BHO-{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\ProgramFiles\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) -{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\MicrosoftMoney\System\mnyviewer.dll
O3 - Toolbar: &Zero-Knowledge Freedom-{FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\ZeroKnowledge\Freedom\BandObjs.dll
O3 - Toolbar: McAfee SiteAdvisor -{0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\ProgramFiles\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run:[SunJavaUpdateSched] "C:\ProgramFiles\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor]C:\ProgramFiles\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [S3apphk]S3apphk.exe
O4 - HKLM\..\Run:[RegisterDropHandler]C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Recguard]C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2]C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp]c:\hp\drivers\printers\photosmart\hphprld.exec:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [NvCplDaemon]RUNDLL32.EXE NvQTwk,NvCplDaemoninitialize
O4 - HKLM\..\Run: [Lexmark X74-X75]"C:\Program Files\LexmarkX74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [InstantAccess]C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [hpsysdrv]c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service]C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [QuickTime Task]"C:\ProgramFiles\QuickTime\qttask.exe"-atboottime
O4 - HKLM\..\Run: [mcagent_exe]"C:\ProgramFiles\McAfee.com\Agent\mcagent.exe"/runkey
O4 - HKLM\..\Run: [McENUI]C:\PROGRA~1\McAfee\MHN\McENUI.exe/hide
O4 - HKLM\..\Run: [EPSON StylusCX6000 Series]C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU"C:\WINDOWS\TEMP\E_S118.tmp" /EF"HKLM"
O4 - HKLM\..\Run: [mmtask]"C:\ProgramFiles\MusicMatch\MusicMatchJukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Reader SpeedLauncher] "C:\ProgramFiles\Adobe\Reader9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices:[RegisterDropHandler]C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather]C:\PROGRA~1\AWS\WEATHE~1\Weather.exe1
O4 - HKCU\..\Run: [swg] C:\ProgramFiles\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft WorksUpdate Detection] C:\ProgramFiles\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS]"C:\ProgramFiles\Messenger\msmsgs.exe"/background
O4 - HKCU\..\Run: [EPSON StylusCX6000 Series]C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU"C:\DOCUME~1\Owner\LOCALS~1\Temp\E_SD6.tmp" /EF "HKCU"
O4 - .DEFAULT User Startup:AutoPlay.exe (User 'Default user')
O4 - Startup: Webshots.lnk =C:\ProgramFiles\Webshots\Launcher.exe
O4 - Global Startup: UpdateConcourse.lnk = C:\Program Files\BookSystems, Inc\Concourse\ConcUpdt.exe
O4 - Global Startup: Update eZcat.lnk= C:\MLSROOT\MLS\eZcUpdt.exe
O9 - Extra button: (no name) -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun JavaConsole -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MktBrowser -{17A27031-71FC-11d4-815C-005004D0F1FA} - C:\ProgramFiles\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem:MarketBrowser -{17A27031-71FC-11d4-815C-005004D0F1FA} - C:\ProgramFiles\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: MoneySide -{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\MicrosoftMoney\System\mnyviewer.dll
O9 - Extra button: (no name) -{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\NetworkDiagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:@xpsp3res.dll,-20001 -{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\NetworkDiagnostic\xpnetdiag.exe
O9 - Extra button: @C:\ProgramFiles\Messenger\Msgslang.dll,-61144 -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ProgramFiles\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:@C:\ProgramFiles\Messenger\Msgslang.dll,-61144 -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ProgramFiles\Messenger\msmsgs.exe
O16 - DPF:{03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -http://www.viewpoint.co.kr/vet_install/MetaStream3.cab?url=http://www.samsung.com/Products/Monitor/LCD_Digital/web3d/931BF/page_931bf.html
O16 - DPF:{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine AdvantageValidation Tool) -http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF:{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15.cab
O16 - DPF:{3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) -http://labs.jaduka.com/VaxSIPUserAgentCAB.cab
O16 - DPF:{49232000-16E4-426C-A231-62846947304B} (SysData Class) -http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF:{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119620172712
O16 - DPF:{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125700384875
O16 - DPF:{9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF:{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -http://www.live365.com/players/play365.cab
O16 - DPF:{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: AG Windows Service(AGWinService) - Unknown owner -C:\ProgramFiles\AGI\common\win32\PythonService.exe
O23 - Service: getPlus(R) Helper -NOS Microsystems Ltd. - C:\ProgramFiles\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service(gusvc) - Google - C:\ProgramFiles\Google\Common\GoogleUpdater\GoogleUpdaterService.exe
O23 - Service: InstallDriver TableManager (IDriverT) - MacrovisionCorporation - C:\Program Files\CommonFiles\InstallShield\Driver\11\Intel32\IDriverT.exe
O23 - Service: LexBce Server(LexBceS) - Lexmark International,Inc. -C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services(mcmscsvc) - McAfee, Inc. -C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent(McNASvc) - McAfee, Inc. -c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS)- McAfee, Inc. -C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service(McProxy) - McAfee, Inc. -c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-timeScanner (McShield) - McAfee, Inc. -C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards(McSysmon) - McAfee, Inc. -C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee PersonalFirewall Service (MpfService) -McAfee, Inc. - C:\ProgramFiles\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver HelperService (NVSvc) - NVIDIA Corporation- C:\WINDOWS\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name)-http://groups.msn.com/_Secure/0aQAsA8UhGBD*veMdy2fBS1Q11VTYVrhmCxDzhJ6onrUEvKXRWZE00xCTXNfGmUI*OqrIQ*Vbm7!eZsczSk1Skl8lZuKvsgG*o0RI36Mi0FPOKnCTowSCIRVu06k4yYQOhvFrQtiYCtIpliKDRy4WSg6vnb0iVnCF/New%20pieceJan2005.JPG?dc=4675508496003781131

--
End of file - 11028 bytes

Now we need to wait for a HijackThis expert to drop in and give us some advice on what to do next.

**texan** · December 13th, 2008, 06:21 PM

Thanks, hope I did it right, I haven't done many forums, so not sure I send it and afraid I might send more than one question or answer to you. Sure hope some one can figure this out. I still show "Search Powered by Ask" up there to the far right of my IE page.

Please uncheck/disable "Word wrap" in Notepad. (Click "Format" to see if it's checked. If it is, click it to disable it). You ask me to do this.......how do I do that? I closed the notepad up. I still have the Trend Micro HijackThis up with all those things in it, do I scan and fix them, their not checked, should I check them all?

**SpywareDr** · December 14th, 2008, 08:35 AM

Note first that I am NOT a HijackThis expert.

If it were mine though, this is what I would try:

Click Start | Run, type in services.msc and press [Enter]. Look to see if you have an AG windows service. If so, then stop it first, then disable it.
Click Start | Run, type in regedit and press [Enter]. Browse to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services". If you see "AGWinService" in the left pane, right-click it, select "Export", give it a filename of something like "C:\AGWinService_backup.reg" and click "Save". Now right-click "AGWinService" and select "Delete".
Load and run HijackThis. Place a checkmark in the boxes to the left of the following three items:
R3 - URLSearchHook: AGSearchHookClass -{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\ProgramFiles\AGI\common\agcutils.dll

O2 - BHO: AGSearchHook Class -{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\ProgramFiles\AGI\common\agcutils.dll

O23 - Service: AG Windows Service(AGWinService) - Unknown owner -C:\ProgramFiles\AGI\common\win32\PythonService.exe
and then click the Fix Checked button.
Close HijackThis (and whatever else you have open) and Reboot.

**texan** · December 14th, 2008, 07:07 PM

A GREAT BIG THANKS!! You may not be a HijackThis expert, but you are an EXPERT in my books. It worked, I no longer have the Ask as my search, so I am back into business. Again thank you for all your help. I did have to get a friend to carry me through the instructions to make sure I didn't crash my computer.ha

**SpywareDr** · December 15th, 2008, 05:56 AM

Excellent!, and you're more than Welcome.

Appreciate the post back letting us know it worked.

Thread: XP Home probem

Thread Tools

Search Thread

Display

continue---Ask problem

the ASK problem solved

Thread Information

Users Browsing this Thread

Posting Permissions