Solved Help with daughter's computer

[Bobbye]

You're very welcome! Looks good! Handle the HijackThis log first, then follow with the cleanup in next reply:

Print the HJT list out. You can look for the corresponding entries for everything that you checked in HJT and uncheck the related processes on the Startup menu. This does not remove a program or App- it's just keeps it from starting on boot. None of these entries are malware and their removal is optional. Stopping as many as possible will free up resources and help make the system faster.

Please reopen HijackThis to 'do system scan only'Check each of the following if present

C:\Windows\system32\Dwm.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\V0400Mon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cnnb
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [V0400Mon.exe] C:\Windows\V0400Mon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
-----------------------------------------------------------------------------
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.37.11/ttinst.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
------------------------------------
Close all Windows except HijackThis and click on "Fix checked."

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Click on Start> Run> type in services.msc> double click on each of the following Services> change the Startup type to Manual.
Apple Mobile Device
Bonjour Service
Com4QLBEx
Google Software Updater (gusvc)
HP Health Check Service( B]hphc_service)
hpqwmiex
InstallDriver Table Manager (IDriverT)
iPod Service
Cyberlink RichVideo Service(CRVS) (RichVideo)
XAudioService
Yahoo! Updater (YahooAUService)
Exit Services when through

To stop processes from starting on boot using the msconfig utility, please see:
http://www.netsquirrel.com/msconfig/msconfig_vista.html

Follow the steps and use the screen shots for reference.

When you have finished, go on to the next reply to remove the cleaning tools.

 

[Bobbye]

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you need more help.

 

[Ved]

I could not remove the lines:
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.37.11/ttinst.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
I keep on getting HijackThis message:
Error #5 – Invalid procedure call or argument
I completed the reboot instruction.
Before I clean up the tools as instructed, plese advice on the above subject for items I was not able to remove.
Thank You

 

[Bobbye]

The 09 entry is just one of the printer processes- don't worry about it. If you want to stop the 016 entries:
Open Internet Explorer> Tools> Manage Add-ons> find:
CabBuilder
Toontown Installer
ArmHelper Control

Click on each> the Disable.

The Vista path might be a bit different.

These entries aren't important. If you don't find them, forget them.

Go ahead and remove the cleaning tools. We have finished streamlining your daughter's computer.

 

[Ved]

1.
I followed the instruction to remove I016 entries:
Open Internet Explorer> Tools> Manage Add-ons> find:
CabBuilder
Toontown Installer
ArmHelper Control
But did not find them in manage Add-ons

2. I uninstalled Combofix, and ran OTCleanIt

3. I try to set a new restore point as you advice
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
But nothing was happening after clicking System Restore,
So I went through
• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.

After that I completed Disc Cleanup – More options as advices
And emptied the
Recycle Bin

Hope I created new restore point well

4. However still have some icons on the desktop from the beginning of this thread or the end of this thread:
https://www.techspot.com/vb/topic147393-3.html

The icons on desktop are:
Autoruns (complied HTML Help file (.chm)
Eula.txt
Autorunsc.exe (2 times)
Autoruns.zip
AutoRuns.txt

As well as in Computer – Local Disc C – icon GameeuxInstallHelper.dll

How should I remove all of this, just move to recycle bin, or is there something else that needs to be done?

 

[Bobbye]

Just do a right click> Delete on those you don't want. The icons on the desktop are usually shortcuts. The autoruns.exe is the setup to install the program. Nothing else to be done. computer should be running much better. You describe the path I have for Windows 7 for the restore Points:
Creating a Restore Point in Windows 7:

• Click on Start> right click on Computer> Properties
• Select System Protection
• Click on the Create button (near bottom)
• Type a name for the Restore Point
• Click on Create again to save the restore point.

But the logs say Vista for your daughter. Here's what you should be seeing in Vista:

You would follow the same path you took for getting the System Tools, but instead of choosing the System Restore tool, you choose the Disc Cleanup tool.

 

[Ved]

thank you very much for your time and assistance.

 

[Bobbye]

You're very welcome. She should be zipping along now!