BeeCeeBee

First and again, thank you all. I feel like a pest but I really want to get it right if I can. I am going to make a few points, wait and then do what I am told. I have noticed a few things. 1. It was my fault that the computer became infacted and I know exatly what I did. I did download a bad torrent and avast warned me. Like an idiot I failed to scan the file before I started to use it. It was an .rar file with an installer attached. When I began to open it Avast went crazy and I kept followint directions but I think I let a few by and it was a killer. 2. I only installed AVG because the guy at PC world said it was better than avast. OK I am going back to avast. 3. Any documents that I reinstalled after reloading XP from the Toshiba disc were scanned by avast before I wiped the disc clean and by both Norton and AVG after. I did not download spybot until after I felt I had a problem. 3.I did not take Part Poker from the old computer but downloaded new. I do enjoy using it small time and always believed it to be pretty reputable. At the same time they did do a major upgrade in the last week or so. 4. In addition to everything else I have said I have noticed 2 other things. At some point after a restart Spybot seems to warn me af a new registry entry for System32/cftmon.exe I also noticed that there is some minor uploading and downloading (the little icon flashing) even when I am doing nothing. Since I use a wireless connection I am assuming that it may just be my laptop checking in with the router but I I dont know enough to assume. I have kept a record of the packets sent and received over a half hour and if anyone thinks that is meningful I will send it on. You probably should also be aware of how I use utorrents. As an American in Ireland I like to download US shows that I pay for over there anyway with my cable service. So I have no guilt feelings and have had no problems until I got stupid. Also despite my profile I am almost 65 years old and was smart enough to find you guys so please don't yell at me. OK now I am going to sit back and wait for a while and then follow instructions. Really thanks, you are appreciated!!!

I never thought to try but I now have and it is no better. I still am wondering about those registry entries for IE they look to me to be in conflict but If I really knew about those things I would not be here. Also I have not as yet followed the process suggested by Wolfey and I will if he thinks it necessary but, in addition to a scan by spybot, norton and AVG I also did one with avast before I switched to AVG. I do intend to switch back to Avast. The only reason I question this is that the Drive was reformatted only on Sunday and all these scans followed. While I did go to several "tools" sites they could not be the source of the problem because I would not have gone there unless it already existed.

Hi Seth, The thing is I had the same problem when I tried alternative Browsers

OK did it already. Am I wrong that there seems to be some sort of conflict between start page settings? Never mind I will just leave it to you to look. Here it is Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:46:57 PM, on 10/9/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.254/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6407 bytes

Will do but it may not be until tomorrow. THANKS!!!

Hey Wolfey, Your mention of recovery led me to look at my restore points since I added quite a few while I was bringing things back. I reloaded windows on sunday morning and updated. I now notice three different automatic recovery points for service pack 3 on Sunday and 2 more on Monday. I named my recoery point so this was obvioulsy automatic. So now I am wondering about whether SP3 could be causing the problem and should I delete it. If so should I try again since I assume that my original version of XP would date back a few years. Let me know what you think. Please.

I have searched for both Norton and Symantic and nothing pops up. This is also how I got rid of it before after the uninstall. Is there somewhere else I should be looking and would this effect the browser speed? If so how where do I find the Recovery partition. I had used avast for years. Saying that I became infected while it was running It did warn me but then it seems it got in anyway. I was always good up until then. Just am completly confused now and just can't see what would cause this page for example to take so long to load. But then that is why I am asking for help. Point me toward the recovery partition and I will give it a whirl. Thanks, really!

Sorry did I say thanks for the welcome? Also I don't know if I replied properly so I will try here. If I am doing this wrong I apologise. I used Norton because it was built in and I had no access as yet to get anything else. After I got on line I swirched over to AVG and removed Norton I searched for any remaining componants and deleted them as well. I should add that once I get to a site I can often navigate pretty quickly it is the getting there that takes forever. I use Google as a home page and even that takes forever to load.

This must be a system problem I scanned with Norton because it was the only AV program that I had once I reloaded the XP. It came with the computer and I did not want to load anything that may have been conaminated before.

Hi folks. I recently was forced to reformat my hard drive on my Toshiba laptop because it was seriously hijacked. I used the rescue disc provided. Before I did anything I loaded everything I needed to save onto an external hard dirve and scaned it with Avast. It was clean. After the new installation I scanned the external drive again this time with the Norton supplied. It was clean. After that I deleted Norton and added AVG. I again scanned the external drive and again it was clean. Once I reinstalled my broadband network I downloaded IE7 and all updates including Service Pack 3. My problem is that my browser is moving at dialup speed despite the fact that a speed check indicates that everything was about normal. I tried spybot and that found nothing except a few cookies. I played with the startup menu and applications running and nothing helped. I tried one more full scan with AVG at its slowest setting and again all clean. I must be missing something but I don't know what. By the way I also tried firefox and safari and had the same problem. Don't know what to try next. I am not afraid to go into registry edit as lon as I have a specific change in mind. HELP!!!! Please and Thank you.