PDA

View Full Version : Installing XP SP2 and Autopatcher



Grimy
10-10-2007, 09:50 PM
Having sorted my neighbours PC (with help from you all) a month or so back from it's viruses and Trojans, I'm ready to do a bit more on it.
It is running XP SP1. I have a PC World CD with SP2 on it and Bob Doe kindly burnt me a disc of Autopatchers last release (August 07 Core).
I installed AVG, Spybot, AdAware, Rogue remover, Trojan remover, C Cleaner and as far as I know everything has been working fine. They have been updating weekly and running scans.
I'm going to do a back up of their important files and then will install SP2 and then the Atuopatcher updates. A couple of questions;
1/ Should I do anything else before installing SP2? Are there any known issues that I might expect to crop up, or is it normally a painless install?
2/ After I install the Windows updates with Autopatcher, can I then run the normal Windows update to get the latest updates? Will there be any conflict from using AP for the initial update? I can't see why there should be.
As usual, thanks for your help, always appreciated.

wainuitech
10-10-2007, 09:56 PM
First thing I would do is disable the AV when doing the SP2 upgrade. Some software has problems when Antivirus's are running.

Auto Patcher - I think thats been force stopped by Microsoft, so I don't know if your normal windows update will be affected, hopefully someone who does / used to use it can advice if any prolems now exist.

Metla
10-10-2007, 10:08 PM
You really should have installed SP2 and run Autopatcher directly after installing XP.

Granted its too late to do that now but its worth keeing in mind for (if) there is a next time.

You can run auto-patcher, then uninstall it from the system, You shouldn't have any trouble then getting udates from the usual sources.

When you run Auto-Patcher its worth running through the list and selecting/deselecting what you want, Some are bloat, others are just crap (WGA) and some will make configuration changes you may not want.

Grimy
10-10-2007, 10:14 PM
Thanks for those tips. Metla, do you mean I should run Autopatcher (select/download updates wanted) and then delete AP from the PC? Or can it be left on and just get future updates from Microsoft?
I didn't put XP on the machine, it was just that when I was checking what they had I noticed it was only running SP1, that's why I want to update to SP2 and get the subsequent Windows Updates for it.

Speedy Gonzales
10-10-2007, 10:18 PM
Make SURE its clean of malware too, BEFORE you update it to SP2.

It may / or will crash / or reboot if you install SP2, while malware is on the system, once you reboot, after SP2 has been installed.

Metla
10-10-2007, 10:20 PM
After you have run Auto-Patcher there is no reason to keep it installed, Its done its job, So I have always been in the habit of uninstalling it. Its doesn't undo the patching.

And of all the machines I have run it on I have then just enabled automatic updates within XP and everything has functioned normally.

I can only recall one machine I seviced going belly up after running Auto-Patcher, and I would bet good money that it wasn't the fault of the people who put auto-patcher together.

Metla
10-10-2007, 10:24 PM
And as Speedy states, Make sure she is clean as a whistle before you run SP2 and Auto-Patcher.

I'd go as far as to give her a complete service, and then uninstall the AV, and disable every single item under startup

drcspy
11-10-2007, 04:06 AM
Should I do anything else before installing SP2? Are there any known issues that I might expect to crop up, or is it normally a painless install?

possible issue if the system is running a prescott cpu.......theres a patch for it at microsoft......


This non-security critical update helps resolve an issue where a limited number
of systems running a
BIOS without production support for Intel Pentium 4 and Intel Celeron D processors
based on Prescott
C-0 stepping can potentially hang on Windows XP Service Pack 2 installation. After
you install this
update, you may have to restart your computer.

WindowsXP-KB885626-v2-x86-enu.exe

SurferJoe46
11-10-2007, 04:48 AM
I've had some problems requiring a complete fdisc and reinstall when I let Sys Restore keep running on an older install when they FINALLY decided to put in SP2.

Fear and old wive's tales about the problems with SP2 were just that...tales. They persist yet, but they are basically unfounded unless.......there's some mileage on the internet, installed and uninstalled files/folders/cute "toys" etc.

For some reason, Sys Restore messed things up and it became more a time/work factor to either work for a day or so to repair and purge or reinstall XP WITH SP-2 immediately afterwards.

I chose to fdisc and start all over.

Made a faster system too with all the junkware out of it.

To this day I turn off Sys Restore on every installation I make. If you have the XP install disc, why do you need it anyway? But SP2 is very necessary for those zero-day exploits and such as you cannot get the latest patches and security updates without it and WGA.

I cannot speak for Autopatcher though.I don't use it.

Grimy
11-10-2007, 06:24 AM
Should I run some programs other than AVG, Spybot, AdAware, Rogue remover, Trojan remover, C Cleaner to check for Malware? And if so, which? Thanks.

SurferJoe46
11-10-2007, 11:02 AM
I think they'd prolly be sufficient...but run them in Safe Mode to really clean the system better.

Grimy
11-10-2007, 09:16 PM
Would posting a HJT log be a good idea?

Speedy Gonzales
11-10-2007, 09:22 PM
Would posting a HJT log be a good idea?

Wont hurt.

Put it in its own folder first, then run it then click on scan the system and save a log.

Grimy
11-10-2007, 09:31 PM
Will do Speedy. Not sure when as the neighbours do shift work and not home much when I am. Usually the best day is Saturday, but as it's my wedding anniversary this one coming I could be in a bit of strife if I say I'm popping over to play on the neighbours PC instead of going out to lunch!

Grimy
03-11-2007, 02:53 PM
Hi Speedy, Would you please have a look at the following HJT log and let me know if there is anything nasty, or likely to be a problem with upgrading to SP2. I Updated Trojan Remover, Ad-Aware, Spybot and AVG this morning before getting this log. Many thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:00 p.m., on 3/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\f941c900a 413f153861a4032214a1aec\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clear.net.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.clear.net.nz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Clear.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINDOWS\System32\spools.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.clear.net.nz/
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9B120C9-0905-4BF3-8912-AAE1CD91C16B}: NameServer = 203.97.33.14 203.97.37.14
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6417 bytes

Speedy Gonzales
03-11-2007, 03:02 PM
Lucky you didnt put SP2 on it, its got worms.

Run HJT again, tick these entries then tick fix checked

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Looks like this belongs to this (http://www.sophos.com/security/analyses/w32nanpya.html)

O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exe

And this belongs to this (http://www.sophos.com/security/analyses/w32kassbotc.html)

O4 - HKLM\..\Run: [Spools Service Controller] C:\WINDOWS\System32\spools.exe

This is safe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Was trojan remover updated?? Its now upto 6.6.3 it should have picked up Kassbot

If not, run it again update it click on scan, and select all options under the utilities menu.

This entry looks suss

C:\WINDOWS\SoftwareDistribution\Download\f941c900a 413f153861a4032214a1aec\update\update.exe

Grimy
03-11-2007, 04:17 PM
Hi Speedy, thanks for that. Yes TR was updated this morning to the latest definitions (I'm using the paid version).
I tick all the entries you mention? What does "This is safe" mean?
Many thanks for your help.
TR Version 6.6.3.2497 Database 6886 2/11/07.

Speedy Gonzales
03-11-2007, 04:21 PM
What does "This is safe" mean?.

It means its not nasty or malware, but doesnt have to be in startup.

I would kill Windows messenger and get MSN messenger or whatever its called now. Thats if u use it.

Grimy
03-11-2007, 04:26 PM
So if I tick the This is safe items and then tick fix checked, does it remove them completely, or just from start-up? Sorry, I may be being a bit thick, but just being careful as it's not my PC. Thanks.

Speedy Gonzales
03-11-2007, 04:30 PM
You tick all of the entries I posted.

And then find and delete.

C:\WINDOWS\System32\spools.exe <---

And this file

C:\WINDOWS\System32\mmsvc32.exe<---

If they dont delete in normal Windows, delete them in safe mode.

You may have to disable System restore too, in case they come back.

After u tick the safe entries, it just stops them from running on startup, it doesnt uninstall them completely.

Grimy
03-11-2007, 05:49 PM
Hi Speedy, Fixed the entries as listed. Went into
C:\WINDOWS\System32\spools.exe <---
And this file
C:\WINDOWS\System32\mmsvc32.exe<---
but couldn't find them, so fixed by HJT? Did a restart and still didn't find them. Here is the latest HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:33 p.m., on 3/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Windows\system32\HpSrvUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clear.net.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.clear.net.nz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Clear.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.clear.net.nz/
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4998 bytes

How does this one look? Thanks, Graham.

Speedy Gonzales
03-11-2007, 05:58 PM
Looks better, open my computer, then go to tools / folder options / view.

Select show hidden files, and folders. And select hide protected operating system files.

Then do another search for both and delete both if found.

Both maybe hidden.

If you want a program for opening PDF files, get Foxit reader, its smaller than Adobe reader.

Grimy
03-11-2007, 06:27 PM
Thanks so much for your help Speedy.
I'll have a look for those files as mentioned. I'm not going to be able to do anything else for a few weeks now as I'll be out of NZ for a week shortly, but once I've searched for those files again and am ready to upgrade the PC to SP2, I'll post another HJT file to make sure it looks okay.
Thanks again, you're a legend!

Speedy Gonzales
03-11-2007, 06:27 PM
No worries :)