Explore topic-wise InterviewSolutions in .

Windows 2000 Pro
256 Ram
20G hdd
Norton06
IE 6


Got a friends PC with the homepage hijacked.  I've run Adaware and it picked up some spyware and recognized an 'attempted hijack' of the homepage and cleaned it.  I can change the homepage to anything but it still goes back to http://my.msn.com.

I've also updated Norton and run a scan with nothing showing up.

I've run StartupList and HijackThis but didn't seem to find anything.  Also ran BHoDemon and turned off all BHO's.

Alan <><  
Are you running Norton Internet Security Spyware addition?

If so, check to see that it's not configured to prevent changing the homepage.

Also check other programs to see if they have options to prevent hijacking the homepage in their security settings.  These security settings will also prevent the user from changing their own homepage.I have "my msn".  It came as part of a package deal with my dsl.  You have to have an account with msn to use it.  Personally, I doubt that msn HIJACKS browsers, so I agree with Saviour.  You probably have a security program that "locks" the home page.  OK Saviour and rplrpl...

You both hit the nail on the HEAD  

Sure enough...it was Norton    I went into the AV profile and unchecked "Block all attempts to change my home page".  That did it  

Thanks a bunch.  I am weary of Norton.

Alan <><  Why are you weary?  (If you don't mind my asking, that is!)  Wasn't it doing exactly what it was SUPPOSED   to do?!

Quote

Regarding below QUERIES, the answer is No
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
Did you INSTALL C-Dilla or anything with a similar name?   NO!
 
O3 - Toolbar: &RADIO - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
did you install the &Radio toolbar  NO!

Should I delete these?

-----------

if i have norton anti-virus will protect me against viruses that i download from limewire..... i use limewire a lot and it gives me virus's how can i prevent this from happening :-?You will ALWAYS get viruses with P2P downloads. Deal with it or go legal, unfortunately.  make sure to have a good FIREWALL and ANTISPYWARE and anti-adware too if your going to use p2p software   cityslicker16..... Norton should catch the virues before your MACHINE BECOMES infected .......... I would also d/l and install Ewido .......  http://www.majorgeeks.com/Ewido_security_suite_d4677.html  ....this will catch the trojans ........  
Note...... If you are going to use Limewire ........ just accept the fact that you will be d/l trojans and viruses from other PEOPLE............
Of course you could always buy nice bug free stuff instead.......

dl65

Hello

I bought a HP dv6000 series laptop 2 weeks ago (amd tl-52 X2, 1gig ram, 80gig harddrive)

I have an ANTIVIRUS program and firewall. I had not downloaded anything via a p2p when this HAPPENED. I had downloaded somethings prior to it, but as far as I am aware the one or two bogus files with malware got caught. I'm quite careful before running programs.

I was downloading one thing via p2p and one thing by my broswer when I got a blue screen saying my virtual memory was being dumped. If problem reoccurs it could be a hard ware problem.

The blue screen never reapeared, but since then my computer has been all wrong. My computer suddenly shuts down at time: "UNEXPECTED terminatoin of services.exe (or another program) save all work and computer will shut down in 1:00"
  
The computer is slow. Takes about 10min to start windows. Something called "Computer Idle" (or something llike that) is taking up 90-98 of my cpu. So as far as I gather my CPU is only running at 2%-10% of its total power.

The computer shuts down before i can complete an antivirus search or an adware search. (But the computer can shut down even if im not doing an antivirus seach)

I've read that this "computer idle" problem is quite common. It can either be because of virus or hardware problems. What does mine sound like?

If hardware, I have the warrenty next to me. If virus... what do I do? sailow...... Quote

The computer is slow. Takes about 10min to start windows. Something called "Computer Idle" (or something llike that) is taking up 90-98 of my cpu. So as far as I gather my CPU is only running at 2%-10% of its total power.

Spyware / virus  story...  INTERESTING COMMENTS from READERS..."on BOTTOM"

http://redtape.msnbc.com/2006/08/consumer_report.html

is that the only virus/worm/etc that you can see in my HJT log?dnlsvc.exe is suspect too but I'd expect Prevx to CLEAN it up for you.

Edit: The file is missing anyway.It worked!!!!!!!
The emails stopped.

Thank you so much. I'd STILL consider a clean install, I hate messy.  What do you mean by clean install? What's messy?  :-?64 running processes is messy, do you really need them all running?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Documents and Settings\\My Documents\MyMusic\iTunes\iTunes Music\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1118884814\ee\AOLSoftware.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\AnswersThatWork\A Really Small App\A_Really_Small_App.exe
C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\RAMASST.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\common files\aol\1118884814\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\\Desktop\hijackthis\HijackThis.exe

I'm running 18 Can I stop/delete some? How would I do that?

I don't know what some of them are. Quote

Can I stop/delete some? How would I do that?
 

Prevx will remove it for you.
http://info.prevx.com/downloadremove.asp

Hey.  I downloaded this movie clip and it not only doesn't play (not even with VLC) but I can't delete it.  When I right CLICK on it, there isn't even the standard menu, no delete, rename or properties; only playing options.  I select it and go to File and then delete but nothing happens.  I click on File and then Properties and it says it's 0mb, but when I put my pointer on the file, the little tag that pops up says 14.5mb... Can't move it, drag it, nothing!  This is with Windows xp.  Please help.open a command window. use task manager to end-task everything but the command window and task manager (even explorer.exe) type DEL and then the path of the file.  then go to task manager and make a NEW process called "explorer.exe"

let us know.Thanks, how do I make a command window?start>>all programs>>accessories>>command prompt

Nope that didn't work.  Any other suggestions, ANYONE?Did you write down the EXACT path name of the file?  

Also, try command window, then type "DIR" (without the quotes). then type DIR and inside quotes put the name of the NEXT part of the path.  do this over and over, getting further and further in until you see the name of the file. type DEL then the file name.  

Finally, what happens when try the force delete procedure i mentioned earlier? what do you see?

http://www.theeldergeek.com/delete_undeletable_file.htmI tried and the computer responds "the system cannot find the file specified.  It is not recognized as an internal or external command, operable program or batch file."   ......soso i understand. . .

the procedure in the link did not work? is that correct? and we need to find another solution?

Is it possible that the FILE deleted, but the shortcuts remained?

Try starting your computer in safe mode and deleting.

kdmavbz.exe
Anyone know what this is? It appears after start-up and can be ended with task manager. The search does not find its location. ThanksGoogle KNOWS nothing about it.

What happened PRIOR to this? What version Windows? SP? Can you do a system restore to before this started, if recent?XP 2002. Nothing has happened that I can tell, I just want to know what it is doing?the google lord FOUND nothing on the file Old post but seeing as I'm reading it, do the scans...

Online Virus SCAN and Spyware Scan
http://www.pandasoftware.com/products/activescan.htm

Online Malware Scan
http://www.ewido.net/en/

i have KasperSky AntiVirus 6.0, when i wanna scan "My Computer" this MESSAGE appear:
The Scan was interrupted and you can shedule the scan
and after that the Program is stop responding, and stop scan anything ELSE and when i wanna shut down the computer i see that the AVP.exe is stop responding.
I tried to uninstall the program and reinstall it again, but the following message appear: U must unload the program before uninstall, i already choose to end the program and remove it from AutoRun with system startup but i Failed to uninstall it..
How i can Use the program normally and prevent it from stop responding, is the reason is Virus, i update the program every day, and how i can uninstall it? Quote

how i can uninstall it?

why do you have to turn off system restore if you have an infection thats hard to get rid of?By turning off System Restore as SOON as you determine you have an infection, you stop the accumulation of more restore points which contain the infection, and perhaps also help keep those older good restore points from getting overwritten with new restore points.Get him, SB.  Doesn't turning off system restore then turning it back on again remove all previous restore point?
Be gentle, I'm on W2K (no system restore) No, Fed. You get a dialog box that says:

Get back on your meds Dilbert, they will help you. In short, yes. Thanks GX_Man, I only ASKED because of Soybean's POST said otherwise then Dilbert had an each way bet.Yes, I see I made an incorrect statement.  So, if your system is infested with malware, you're damned if you do and damned if you don't, turn off Restore, that is.  If you leave Restore enabled and use it to restore to a time when your system was infested, you gain nothing; indeed, you may be worse off.  And, if you disable Restore, you simply no longer have the option of going back to any restore point.

So, if you're not SURE whether you have a restore point from a time before a malware infestation occurred, either just don't use Restore, or disable it.  It basically makes no difference.  However, the key point may be to disable Restore and thereby erase all Restore Points, if you believe you have no good Restore Points, to eliminate the possibility of a bad Restore Points inadvertently getting restored.Or use a program like TRUE Image and backup your OS and files safely however you like.

Hi, All!  Not even sure if I'm in the correct forum....for all I know ths could be a hardware problem.

I have a brand new computer....only a few weeks old.  It's a Gateway - Windows XP
Media Center Edition, Service Pack 2.......GT4016 AMD Athlon 64 processor, 3700+ 2.21 GHz, 896 MB Ram.

Now.....here's the scene, sigh....

Yesterday when I booted up first thing in the morning.....the tower started to make a clicking noise.....and instead of windows loading....it took me to an "advanced" boot up area.....had things listed like "start in safe mode"...."start windows normally"...."start up from last configuration".....and so on.  I just hit the "start windows normally" and when it was fully loaded.....wherever I went online.....from email to IE ETC....it was like the screen was blinking??  And in email....it would keep going round and round checking all my email accounts for new mail and wouldn't stop, lol??!

Now here's where it gets even stranger.  I decided to run a virus scan.  The computer came with 3 free months of McAfee....which is a first for me.....had always used the AVG in the past.  At any rate....AFTER the virus scan......which came back NO VIRUSES....it fixed itself!!??  And the computer ran just fine until until I shut it down many HOURS later.  Mattafact.....I had even forgotten about the strange behavior when I went to boot up this morning.

However.....there it was again....same damned thing.  And again....the ONLY way I could get rid of it.....was to run a virus scan of the computer.  Again it came back NO VIRUSES....and again it fixed the computer.

Does anyone have a clue what this could be???  Like I said....the computer is only a few weeks old.....so if it's the hard drive going bad or something like that....it should be COVERED.  But I can't imagine a hard drive acting like this?  It almost feels more like a virus??

I have a non-profit organization for people with substance abuse problems and they depend on the website and forums....so my computer is way important.  Unfortunately, I have lost 2 computers already this summer.....one a theft and the other crashed.  This computer is my last chance and I am freaking out!

THANKS in advance!  smooooooooch........CAROL




 


 
Download the free diagnostics from the appropriate drive maker's site and test the drive for fitness.

Contact Gateway as it is no doubt under warranty and they should be more than happy to help.

Now that I have gotten my newer computer working, I WOULD like to clean up my old Pentium with Windows 98. When I am on the Internet, the keyboard lag is outrageous and I think it has something to do with Norton UTILITIES. It's an old version which I haven't renewed in years. But, it nags the crap out of me.

I just want to clean it off of my computer. But, it's like the computer is being held hostage when you try to remove parts of it. I lack the expertise to be messing around erasing things without some guidence.

Can anyone tell me how to remove Norton Utilities entirely?I'd reformat it unless you have a very good reason not to.and you COULD take the opurtunity to upgrade to xp if u wanted to..The lag is probably due to any Norton product AND an old INSTALL of WIndopws that has gotten "gunked up" over the years.   Quote

and you could take the opurtunity to upgrade to xp if u wanted to..

I was looking for some FREEWARE to play Chess on, and downloaded a 3D Chess game promising to be freeware. However, I didn't like the ridiculously stupid AI (who the heck moves King Rook back and forth like that??) so I UNINSTALLED it. However, I soon GOT a s#!t load of popups from AVG. After that, I couldn't connect.

OK, I'm smart enough to isolate and kill it. HijackThis found a O10 that said something about killing the Internet connection because a .dll file in the program's directory was removed. Sure enough, REMOVING it restored my connection.

However, this begs the question: Am I still infected? Attached is Exhibit A - A post-removal HJT log. No infections, just FULL of crap.

Logfile of HijackThis v1.99.1
Scan saved at 6:20:40 PM, on 8/19/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Diane\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - EXTRA context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77947153-DB93-4323-BCE4-00A63B04609E}: NameServer = 207.69.188.185 207.69.188.186
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

my grandmas pc TRYIN to fix ive treid evrythin i could do with my brain and 2 hands so the final option was having u guys performing another miracle thanks alot
oh the pc is a sony vaio with 128mb
and 2 hardrives 1 15gb and the other 1 31 gb
intel pentium 3 processor
 thats all folksI can give you some help.. Download Lavasofts Ad-Aware 6 program and run it.. SELECT for deep scanning.. hijack this software. i dont find it useful.. but if you cant then i would suggest backing up the data from the old grungy PC and REFORMAT and reinstall windows. That would be my suggestion..
but if someone else has something, then please go head.i know about ad aware and all that i did all the scans and  tuff but
this pc came with windows me i think and my freind put windows xp on so  i dunno how to reinstall it and i keep  getting the popus that say fail to act may lead to pc failure.tyIncrease your RAM, 128 MBs is not enough.
Update Windows.

What seems to be the problem?I just READ your last reply, Win98SE would be good for this, cheap too. LOLbesides buying anythin what can i do ? Quote

besides buying anythin what can i do ?

Quote

1.[highlight]INTERNET[/highlight] Explorer Version 6.00.2800.1 inProgramFiles\Internet Explorer\
   IE Explorer.exe I think you will find this is IEXPLORE.EXE
2. [highlight]Windows[/highlight]Explorer Version 5.00.3700.6 in C:\WINNT\Explorer.exe

Be sure and sign up for the Fed Fan Club, with the monthly newsletters.  

Quote

it only works for 32 BIT PROCESSORS it SAID on the site, will it work for 64?

It's called SpyHunter and, after downloading the free scanner, it picked up a ton of SPYWARE and other programs that my other anti-spyware programs missed. But in order to remove the spyware, you need to buy the full program.

I figured it couldn't hurt to try it, but I seem to be having trouble getting their order form to accept my order. I keep getting a credit card error and there's nothing wrong with my card.

But it got me wondering if this program is even worth buying. Anyone heard of it? Is it worth the $30?

This is the the link to the site: http://www.spywareremove.com/http://spywarewarrior.com/rogue_anti-spyware.htm

I don't see your's listed BUT if anything finds lots of stuff that the free ones didn't and then offers to fix it for $$$, I would mark that product off my list immediately. That's exactly how a lot of these rogue programs work.Even if it is actually a real program, I wouldn't buy it, I have Ad-Aware and Spybot and they have kept my computer clean for a long time and I see no reason to replace them.Further REASEARCH into the comapny name led to a forum where many, many people were complaing about the company and the product. I decied to purchase another program instead; Spy Sweeper by Webroot Software.

I use AdAware and Spybot already, but there this one adware program that they won't remove that's been on my computer for months now called SurfSidekick also called linksynergy. I had googled linksynergy and one of results reccomeded SpyHunter to remove the program, so I downloaded the free scanner and it found the adware so I thought it was worth buying.

But after reading all of those complaints, I've changed my mind   Toodles......  If you do in fact have ...... "SurfSidekick'  ........ It should show up in the add/remove list of programs ........ Go into the contol panel and if it shows up there ....remove it ......

dl65  
I know, I have removed it from there but it's still on my computer. It's still on my startup (I've went to msconfig, unchecked it, but it's still there and can be rechecked) and when I use Google, the popup comes for linksynergy and when I try to close it sometimes 100's of BLANK internet exporer windows will rapidly open.

This has been a ongoing problem with my computer for a while now and no other spyware removal program finds or removes it. Spyhunter did, but I dont trust that. And so far the free version of Spy Sweeper has. Once I get it on this computer I'm sure it'll remove it too.IMO, most antivirus/antispyware programs that cost money aren't worth it.  There are many, many programs out there for free that do the job fine.

-------------
www.cleancomputerhelp.comPlease list ALL the programs you have tried to date to remove this bug...
So far you have mentioned AdAware, Spybot and SpySweeper...

patio.   8-)A temporary QUICK fix for your SurfSideKick would be to delete its registry keys in your registry. That'll almost guarrenteedly cripple the program to the point of not working.Playing about in the registry is not for the unitiated.try looking for the folder in the my computer>programs files> name of problem

then delete the folder.

yea,i am having a pop up KEEP on poping up

its the

firstadsolution,


what do U do so it is gone? Quote

what do u do so it is gone?

Quote

if im INFECTED im SUING panda  

I've received upwards of 5000!!! emails in the last 3 days.  All with the same header.

Mail Delivery Subsystem Returned mail: see transcript for details  Each one from an entirely DIFFERENT address.

I've done the following (twice)
1) turned off system restore
2)Run disk Clean-up
3)Run CWshredder
4)Run Ad-Aware
5)Run Spybot
6)Run Ewido
7)Run AVG

And I'm still getting these messages flooding in.  

Please help

JB
Did any of the programs you ran find anything?Yes, and I cleaned them up.And, by the way I'm receiving more as we speak.Considering the scans you have run I doubt your computer is still a zombie but you could still be receiving undeliverable mail messages from a previous infection that you have since cleaned up.
If I recall correctly sometimes these sent emails are represented a second time so you may continue get get notifications for a bit longer.

Another possibilty is that a spammer has spoofed your email address and all the spam being sent out by some other poor SOUL (zombie) is being returned to you as undeliverable.

How about a hijackthis log, we may see something there that the scans are missing.You've lost me at this point I know Hijackthis is a software, but that's about all.  Please advise me further.  This is driving me nuts.Make a directory C:\Program Files\hijackthis.
Use Google to download & install hijackthis in the directory you made.
Run hijackthis and select scan only, save the file then COPY & paste it in here.
You will have to post it over 2 or 3 posts as the forum has a limit on the size of each post. 5000 characters or so.Well, in the time since we've opened this discussion I called back my provider (for the 3rd time) and found a support person that took the time to really work through the problem with me.  The solution was to set up some rules using the Rules Wizard and specifying the subject line  "Returned mail see transcript for details" Not a COMPLETE solution, as some of the messages have a slightly different header but certainly a workaround that will serve to eliminate about 98% of them.

Thanks anyway.

JBIf your computer was a zombie for a time you may well find all these bounced emails stop coming in a week or so.
I'd appreciate it if you let us know how this finishes up. 5000 bounced back e-mail's = zombie problem!  

http://www.google.com/search?hl=en&q=what+is+zombie+computer

I got this new virus [ I dont know how :| ] and I cannot get rid of it. My anti virus program is called AntiVir PE Classic. It detects the virus and I delete it, deny access, etc.. but the virus is still there. I scanned my PC with it, Lavasoft ad-aware, and SpyBot. When I go on any other ACCOUNTS "Rundll32.exe" keeps coming up and lagging the *censored* out of my computer. It OPENS about 20-50. Please help!

EDIT: My CPU usage is unusually high as well


EDIT Again:

It says the virus name is "TR/Vundo.Gen". I TRIED Googleing it but its all in Dutch :\http://www.bleepingcomputer.com/forums/topic18610.html

Let us know how you go or if you need any help with the instructions. Quote

http://www.bleepingcomputer.com/forums/topic18610.html

Let us know how you go or if you need any help with the instructions.

I am using AVG FREE edition on a pc at home and would appreciate if anyone can let me know how to SET it up for scanning incoming and out going mails. I am interested in scanning web mails like yahoo, HOTMAIL, windows live mail, g mail and the likes... I do not use MS outlook or outlook express.
Windows XP is the operating system.
cheers
The SaintThe e-mails you mentioned for scanning are all web-based e-mail outlets...since these do not reside on your machine are you sure you need them scanned ? ?

PATIO.   8-)

Hi guys, I keep getting a notepad icon appearing on my desktop called dxva_sig and when I click into it and notepad opens up it SIMPLY says 'B' in there. I delete it, a day or so later it's back. Any ideas please? Any further INFO needed please ask.is your computer clean from VIRUSES and spyware adware?

what protections do you have??



unlovedwarrior

do you have a firewall?kennyrushby........  I'm not certain , but it sounds like you have been trying to play some movie or VID file with Windows Media player and you don't have the required codec installed ....... Installing the codec should correct this .......
http://www.free-codecs.com/download/Codec_Pack_All_in_1.htm  

let us know if this fixes things .

dl65  Hi guys, thanks for your replies, the codec pack seems to have done the trick so far.

FYI I have AVG Free Edition running and use 'Spybot - Search and Destroy' and 'Ad-Aware' regularly too.

Cheers for your help!

why dont you schedule the scans for on weekends or before work??

ok this stupid http://www.safetyhomepage.net/  keeps poping up on my ie when i start the ie up..


and when i try to go to a site it gives me this



i did all of my scans in safe mode with system restore off

adaware  spybot  

windows defender

ewido

pc cilin internet sercurity

TIA

unlovedwarriorRun Hijack This and post a log file here. You have issues.Logfile of HijackThis v1.99.1
Scan saved at 9:03:34 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running PROCESSES:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\DIGITAL Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jeremy\Desktop\stng260.exe
C:\Documents and Settings\jeremy\Desktop\setup_files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\PCODEC\isaddon.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156991745609
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event MANAGER (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


yes i do have major issuesok i got it fixedGood.

How ? ?i went to this website

http://www.precisesecurity.com/computer-virus/avmyzor-may01.htm

im going to post a fresh log can someone look at it for me just to make sure there are no traces.Logfile of HijackThis v1.99.1
Scan saved at 10:32:05 AM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Webroot\SPY Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\jeremy\Desktop\setup_files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ModemOnHold] "C:\Program Files\NetWaiting\netWaiting.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156991745609
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

TIA,

unlovedwarrior

2 computers hooked up on wireless local lan. (Home) , I have the host puter on wireless d-link with my dad's in another house. I received an error last weekend that my wndws media player had a PROBLEM and needed to empty the DNS Cache ?  I searched DNS Cache and found many, and started deleting files , I received  a couple don't delete warnings and SKIPPED those deletions. I had no problem connecting online after that but noticed my media player still won't work-online, it will play local music and stuff but won't play mpegs, and video.... Yesterday while at work , I tried to send an email to the 2nd computer in my dad's house and received this  delivery status notification....to my email ACCOUNT at work......

Message/delivery-status

Reporting-MTA: dns;E4SMTP05
Received-From-MTA: dns;E4SSL03
Arrival-Date: Tue, 5 Sep 2006 04:12:45 -0700

Final-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Diagnostic-Code: smtp;554-:  (RLY:CH)  
http://postmaster.info.aol.com/errors/554rlych.html
554 TRANSACTION
FAILED
NS (PTR record) assigned.
ADDRESSES which
220      have no reverse-DNS (PTR record) assigned.
addresses which
220      have no reverse-DNS (PTR record) assigned.
ddresses which
220      have no reverse-DNS (PTR record) assigned.
 which
220      have no reverse-DNS (PTR record) assigned.
ions from IP addresses which
220      have no reverse-DNS (PTR record) assigned.


ns which have installed a backdoor to allow spammers to use
550-your computer. Either configure these programs, disable them
services or
550-correctly name your computer with a FQDN (and sack your IT guy for
being
550 clueless)
ou are trespassing.
220  
 you send us spam, you are trespassing.
220  
 or sent over this system may be monitored.  Use of this DoD computer
system, authorized or unauthorized, constitutes consent to monitoring of
this system.  
220 Unauthorized use may subject yo
220 Unauthorized use may subject yo

"besides having to sack myself , what did I screw up"?  Also;  last night I hit F8 on the startup and logged on to a previous safe session, ran 2 complete SCANS with ewido, have a defender 15-n-1 firewall up on high settings* ?  thanks 4 any help here...
 

uninstall and reinstall the media player and see if that helps...

and this might help also

http://mapname.com/clean-dns-cache.htm

unlovedwarriorThe DNS cache has nothing to do with Media Player of any sort other than allowing thos e programs to access info over the web.
The 2 things are not related.
In future when you feel the need to flush..... open a command prompt window and type "ipconfig /flushdns"

patio.    8-)patio is there a way to see how full your dns cache is?thanks  both of you for the  HELP

There are no blank entries under that one. This is what is under it:

c:\program files\grisoft\avgfree\avgcc.exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
c:\program files\common files\ispcomp\installservice.exe
c:\windows\system32\nwiz.exeUnder HKLM\Software\Microsoft\ActiveSetup\Installed Components

there is DUN-RNA    FILE Not Found: rnasetup.dll
and Power Policy SETTINGS  File Not Found: setupx.dll


that seems to be it

Thanks for the help
Edy

I'm sure some of you have seen this behavior before: You see strange PROCESSES in \system32\, such as "sklqfjq.exe" and "qlskdjf.exe". They appear in task manager under processes and when you try to end such a process, a new random one with sfkjslkfdj.exe names is created. Not even safe mode helps to remove these IRRITATING things. How can I find out the REAL process BEHIND all this and end it once and for all?Online Virus Scan and Spyware Scan
http://www.pandasoftware.com/products/activescan.htm

Online Malware Scan
http://www.ewido.net/en/

I'd be very surprised if these files run in safe mode, are you sure???

Hai,

One of my cust'r using TREND Micro oficescan AV
In that What is ENG/PTN & DCE/DCT

pl give details BRIEFLY,

If it is updated which file I have to check for Latest Update Ver.?

Thanks in Advance... 8-)HuH ? ?may thoughts EXACTLY :-?Eng/Ptn stands for Engine/Pattern version; DCE/DCT stands for DAMAGE Cleanup Engine/Damage Cleanup Template

See here.

Good luckwww.trendmicro.com

It is not a free product, so use the support you paid for, if PURCHASED.

ok this aint right both my laptop and my desktop are acting werid, both wont connect to the internet, both take forever to log on..


i've done av scans spybot ewido adaware windows defender (except on my laptop cuz i cant get onto the internet to dl it)

im going to try spysweeper on my laptop cuz its next to me and when i get home ill do it on my desktop.

all of this just started yesterday.

TIA,

unlovedwarrio Quote

ok this aint right both my laptop and my desktop are acting werid, both wont connect to the internet, both take forever to log on..


i've done av scans spybot ewido adaware windows defender (except on my laptop cuz i cant get onto the internet to dl it)

im going to try spysweeper on my laptop cuz its next to me and when i get home ill do it on my desktop.

all of this just started yesterday.

TIA,

unlovedwarrio

I have a friend who is having some trouble with spam and it has me stumped.
She is a VERY conscientious internet user. She surfs safely, has her browser history set at 0 days, does not use a toolbar, and clears out her personal data (cookies, temp internet files, ETC) at least once a day.  

We just about a month ago set her up with a Hotmail ADDRESS to use to register for online shopping sites. She has placed one order from Amazon. That is the only thing she has used the address for.

She has noticed that soon after she does a web search using the MSN home page, or even clicks a link on the MSN home page, she will receive spam at her Hotmail address that is related to the subject of the web sites she has VISITED. For example, she searched for diets and she received an email about weight loss aids.  

I have had a Hotmail account for years now, have my history set at two weeks, use a variety of search methods, use my Hotmail for MANY registrations, and almost never clear out my data and I have never had a problem with true spam in my Hotmail inbox. I get junk, but it is stuff that I am responsible for.

She does not have a problem with spam on her POP mail account, though it may be filtered at the SERVER. I am unsure.

What is going on here?  Today I ran an Ad-Aware scan, and as usual, it came up with very little - 4 "data miner" cookies, but were these enough to be the culprit, esp if she DELETES them daily?

She says she has done regular routine virus scans, which come up with nothing. (I have not personally seen the results of recent scans)

Here are more stats: XP Home with SP2, using Windows Firewall, Avast Home antivirus, uses IE6 primarily.

PKTry this as a test...
Clear out the spam.
Don't go anywhere near MSN homepage, search engine or links.
Use Google as a search engine.
See if the spam stops.That would be an interesting little test. We will give it a try.

PKI even receive spam when not using Hotmail, I'd use Gmail if I were you.

Hello

I need to put an antivirus facility on my computer and am currently looking for a free version. Can anybody recommend a good version for me to install on my computer.  Many thanksAVG Free has a good reputation.

Ive tried a lot of antivirus software and i found several good ones.
both have a 30 day trial

kapersky antivirus
webroot spysweeper

i WOULD highly recommend thesethose arent free are they?? [smiley=lipsrsealed.gif]If the question was about a free antivirus, the answer GIVEN was a foul ball.

AVG Free. Google for it.AVAST - it's free & works GREAT.
Website by the same name just add the www in front & .com at the end. Quote

If the question was about a free antivirus, the answer given was a foul ball.

AVG Free. Google for it.

Quote

If the question was about a free antivirus, the answer given was a foul ball.

AVG Free. Google for it.

AVG is a great freeware program.




Baseball is wrong:A man with four balls can't walk.

Hello fellow viewers, i have reached a dilema that i can hope somone out there can help me with.  Last night i was playing my computer and i was looking around the internet for some Oblivion mods and this one weird page popped up and it SAID something about a virus protection program thing and to click to download.  Well i did what most people would do (i think) and i clicked no and closed the page.  After awhile i noticed that there was this little icon by the clock and when i put my cursor over the icon it said virus alert, so i clicked it trying to figure out what this "virus" was. When i clicked on it it told me that i had a trojan horse virus and it ran the program that the page that popped up told me about. So i went to add/remove programs in my control panel folder and i promtly deleted this nasty file.
  Well deleting that file didn't get that nasty icon to go away, so i ran my Norton ANti-Virus and i scanned my computer, and then after that i deceided to should use the disk defragmenter to make it run a lil better, because my computer was running alittle slow and after all that was done i booted her down for the night.  THen earlier today i tried to run her and she would get to the part where it said windows xp professional sarting up and would not get past that.  So i restarted her again and she ran windows but it took forever to get started. THen i tried to run Norton again but it wouldn't let me run it or get on the internet, so i shut her down.  Then later on i tired running her again and she wouldn't even start windows but i could get into the computer setup menu thing when u first start the computer.  Oh and one more thing, when i have the power connected to her, she will start up like ever 30- 45 min and get to the same point (right before the black screen with white letters turns to a blue screen with a windows logo if that helps anyone).
  My computer has a 3.46 ghtz Intel Pentium 4 processor (bought it like 2 years ago), 1GB of RAM, a Sapphire ATI Radeon x700 series (haven't had the chance to upgrade yet)   graphics processor, and a kinda big hard drive (can't remeber how much, i could FIND out if that is needed).  Anything else to need to know about my dilemma just post and i will reply whenever i can.  
  What i think it did was CRASH my windows operating program ( I can be wrong, i just was some other opinions on what i can do to fix this problem ), any help is greatly appreciated.  

Start in Safe Mode + Networking, go & get HJT, come back here with the logfile.
Have a read of the following link then look for the flashing green light on the left.
http://www.tomcoyote.org/hjt/Whilst you're in safe mode, install and run the following programs as well (Boot with Network support to download, but RESTART and boot into normal safe mode before scanning)

AVG Free Anti Virus
Adaware SE Anti Spyware



I tried getting into windows safe mode by mashing and holding down the  F8 key but it still gets stusck on the black screen.  It will run all the way to the part (on my computer anyways) where it says: verifying DMI Pool Data.  Usually after that part it used to boot windows xp pro and it would be gravy from there.It doesn't go beyond verifying DMI pool data?

Try resetting your BIOS to its default values.

Quote

didnt i say something along those lines?? i know i said go into safe mode for the scans

Hello

I have Adware and Symantec Anti-viruse, Spybot Search & Destroy on my laptop (i have Firezone firewall); each day when i run the Adware program there are always "critical cookies" found. Is there any other program that I should run on my laptop to prevent this problem as far as possible. Any feedback is helpful. Thank you.Yes, MANUALLY accept and deny cookies using your browser.

For IE -> TOOLS -> Internet Options -> Privacy -> Advanced ->

Tag "Automatic cookie processing disabled"

Direct cookies -> Ask
Indirect Cookies -> Deny

Or if you use FIREFOX:

Tools -> Options -> Privacy - Cookies:

Tag "allow sites to set cookies"
Tag "For the originating site only"

Select "Ask me everytime"

Now you're going to have to learn which websites will work without cookies and which don't. You will also have to learn what cookies you can safely accept and which you can't. Experience 'll tell. Or buy software that automatically removes cookies, but this the SAFEST bet because they will never have penetrated your defenses...

try killbox Quote

ran mcafee stinger, and ewido. Ewido seemed to find all of the pop-ups i've been seeing, so hopefully that's fixed now. Only time will tell. There was one that wouldn't delete though, i EVEN went to the folder myself and tried some different things which of course didn't work. I ended up moving it to AVG vault since that was the only quarantine i could find on my computer. I don't know if it works like that though, what do you think?

ok here is a Safe Computing PowerPoint I PUT Together for everyone to SEE that has PowerPoint.

Im working on getting it into other formats and putting them on my website for everyone to viewI really think you should start using your real name.  

Quote

The best way not to get infected
Is not to get on the internet at all
But what’s the FUN in that

what do you mean remain objective??


and i do use my real name when i do them for classes and other things just not on the internet

I had  read elsewhere that a file called 'svchost.exe' is a BADDIE left by a trojan virus.
Therefore CHECKED the 'task manager' - process and noticed that this file appears in the list of processes

Is this a bad one? if so how do i get rid of it?
I have adwarese personal running and regularly keep it updated and scan the computer regularly. Also have windows defender running and kept updated, everyday windows defender runs a quick scan. Using Symantec Antivirus corporate VERSION which is also kep updated and scans everyday.
OS windows Xp professional
What does this bad one do ?

Will APPRECIATE if someone can give me some advice on this issue.

Thankssvchost.exe is a windows fileYou should put less effort in hear-say and more effort in RESEARCH..lol true

Well, all the important data is on my USB backup hard drive.

Oh, wait.I may be tottally wrong here as I am no where close to being an expert on these matters but my WIFE's comp was getting really sluggish. It was slow from start up to shut down and we ran every kind of program we could think of to find errors. The harddrive did have a few bad sectors but we eventually found out that one of the RAM chips had crapped out and once we replaced it EVERYTHING was fine(EXCEPT for those bad sectors) and back to normal as FAR as the speed was concerned.

ok at my moms HOUSE they did something to the computer and now it goes to this site almost e3very other site.

http://www.google.com/hws/dell-inc/afe?hl=en&channel=us&s=http://ad.doubleclick.net/adi/N1260.cnetnetworks/B2029426.2;sz=300x600;click0=http://adlog.com.com/adlog/e/r=10002&s=686806&t=2006.09.24.20.18.04&o=20:2001:2023:8022:&h=cn&p=2&b=6&l=en_US&site=4&pt=3001&nd=8022&pid=&cid=10399602&pp=100&e=3&rqid=00c18-ad-e544F5B3E0F197CD6&event=58/;ord=2006.09.24.20.18.04?

im trying to dl spybot but its not letting me so im goingto go to my house and get my cdWho did that?  :-?dunno i havent been down here but im doing the scans now

ill do a hjt log and postok i got spybot and adaware and update and ran them heres the hjt log..

Logfile of HijackThis v1.99.1
Scan saved at 5:51:36 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HOSTS Secure\HOSTS_Secure.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Jeremy\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HOSTS_Secure] "C:\Program Files\HOSTS Secure\HOSTS_Secure.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader SPEED Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: SIMILAR Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo UPLOAD Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143520289187
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D266DE-8A43-44CF-96A1-663DC6B95BE7}: Domain = earthlink.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D266DE-8A43-44CF-96A1-663DC6B95BE7}: NameServer = 207.69.188.185
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\DRIVER\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

got it fixed i had to disable some unverifed add ons in add on manager

thanks for the repliesGood.

I'm new here, so sorry if this has been asked a million times!  I need to know how to get rid of a boot sector virus!  My virus program never saw it and I'm TRYING to install a new harddrive and install W98.  Windows 98 won't install because of this virus - which now explains why my old drive was acting so strange!   Can anyone help???

Thank you very much in advance!

Louchats23Travel to the link below and follow the instructions carefully.

http://www.sophos.com/support/disinfection/mbrnvir.html

patio.    8-)

P.S. Buy some brand new floppies...this is the most common method of infecting the boot sector.Can you REFORMAT the HDD by using a boot diskette or CD?

There is an option on OLDER PC's their BIOS that has something to do with boot sector viruses, beats me what it does, but look for it none the less and see if it can help you.Thank you all for your replies.  I tried them without success, but did find some advice that worked on another help fourm....this is what it was:

I TURNED off the bios virus protection and it worked.  I am currently installing the OS then I'm supposted to go back into the bios and turn it on again.  I am guessing that I really don't have a virus but that the virus protection program  - being enabled- thought I did.....  just a guess though.   If anyone KNOWS how this works I really would like to know.


Thanks so much for your replies!

louchats22It may be a moot point in this case, but to get rid of a boot sector virus in Win98:

Boot with a Win98 setup disk that has FDISK on it

From the A:> type in

fdisk /mbr

and press enter. It will be fixed in less than 2 seconds.  

Boot sector viruses are unusual these days.I tried that and it did not work!  It kept sending up the message "boot sector virus  continue Y/N?"

Thanks anyway!

louchats23Did you use the tools that were supplied in my link ? ?

patio.   8-) Quote

I tried that and it did not work!  It kept sending up the message "boot sector virus  continue Y/N?"

Thanks anyway!

louchats23

I did  I was just responding to the other posts.

Quote

I did  I was just responding to the other posts.

Disabling any kind of lame virus checking in the BIOS is always the first step. The method I gave you cannot work if you prevent writes to the area it needs to fix.  

I have a dell Pc, windows xp I installed PC-cillin on it in 2005 EDITION. I needed to update for 2006. It asked for a password. I don't remember ever putting on a password. I ave tried to unistall it since january. I contacted PC-cillin and have tried everything they suggested and still cannot get rid of it.Have you simply tried leaving the field blank?problem resolved. thanksHow?After all this time I finally got the info from pc-cillinWhat was the info you needed?  :-?I had tried every angle I could to delete PC-cillin and could not get rid of it until yesterday. I didn't have a password couldn't get a password and couldn't upgrade delete or anything else. I finally got the answer I needed from PC-cillin yesterday . I have been working on the problem periodically since Jan 30th.Yes, but what did PC-Cillin tell you? Did they give you a password or?They did not give me a password. I went to the support page and FOUND a solution details page# it had solution # 1030493
a recent system upgrade added a '1' or '2' to old solution IDs. You find the solution by removing or retaining the extra '1' or '2'
PC-cillin Internet Security-2005 Dell
Published 4-12-06.
when I went there and followed the prompts it deleted PC-cillin without a problem. What a relief. Been working on this since January. I'll not be USING PC-cillin again. I went back to AVG. Thanks again!can you give a link cuz my GRANDMA has pc-cilin and that would be good reference in the furtureI THOUGHT PC-Cillin was rather decent. Did it do a good job at protecting you?I was unsatisfied with support with the problem. It did a good job identifying viruses and blocking.It seemed to be awful slow downloading the DAILY updates, may have been my dialup. Never had any problem till I went to upgrade for a new year. The link is to Trend micro and the fix is now posted under support, solution ID 1030493Thanks for letting me know, if you have any other problems don't hesitate to post.THANKS

I could use all the HELP I can get!

Yesterday, I downloaded something, I now regret. The file was laced with trojans and virus, one of those being the dreaded SpyQuake (As if the others weren't enough). Almost instantly I had over 10 popups, from SpyQuake to Winvirus!

First I tried AVG anti-virus. It cleaned out some. Then counter spy. It cleaned out over 300 infected regs. and 50+ infected programs/ files. But still, I had the pesky SpyQuake and Winvirus! So next I downloaded Spybot S&D. It got rid of over 50 different trojans! (I also downloaded Ewido, but it is only finding cookies =/). After that, I called it a night, unplugged my internet CABLE in went to bed.

This morning, I was expecting everything to be okay, but overnight, the GANG of anti-virus/ anti- spyware each found (Auto  scans.. yay!) Their own virus and trojans! I deleted them, and ran more scans. Every scan I do, I keep finding more and more! All day I have been scanning and deleting, scanning and deleting. This afternoon, I noticed my background had been deleted to a blue screen! I fixed that problem, and thought I was in the clear.

I put up all the shields the programs offered, my firewall, and my settings to max security, and plugged in my internet. Things went smoothly, up until an hour ago. I was using FireFox and I noticed the WinVirus tabs and alerts. Also, my computer decided to slow down, and my internet started to move slower than my old dial up! (I am running broadband).

I ran spybot, and it found 3 trojans. I deleted them, and made sure to run Spybot again (I am paranoid =/). THE SAME THREE WERE BACK! I am running my others now, and so far counter spy found a trojan that spybot did not find.

How is this possible? How can they keep coming? Is there anyway some sort of 'hole' has been opened and someone/ some program is feeding them through?Can you please download HijackThis and attatch a log in a .zip file?

http://www.majorgeeks.com/download3155.htmlConnect to the web and update all your current malware apps...
AVG
AdAware
SpyBot
Ewido.

Then DLoad the following :

Stinger
SmitFraud removal tool

Dis-connect from the web...unplug the modem if need be and grab a cup of coffee.

Next go to Start/Accessories/System Tools and turn off System Restore.

Run Stinger
Run the smitfraud removal tool (i believe it requires a re-boot to complete)

Now re-boot into safemode and run all your malware apps you just updated.

Then reboot into normal mode and run hijackthis and post your log here.Sounds like a wipe and reinstall to me  

Alan <><  Not neccessarily if he follows the instructions given...And scans should be run in safe mode with system restgore turned off.   Quote

And scans should be run in safe mode with system restgore turned off.  

Quote

And scans should be run in safe mode with system restgore turned off.  

Another vowel movement ! !

     

Hello

i am just wondering how many spyware program one should have on their computer. I have Adware and Spybot - isn't sufficient? Do i need to install any extra spyware program like the Spydoctor? ThanksAdaware (Free) doesn't offer realtime protection, you will need to run Spybot in 'advanced mode' then click on the Immunize BUTTON then TOOLS button>Resident & IE TWEAKS....
Let us know if your Spybot POPUP box is a little screwed, there is an easy fix. I need none because I use Firefox.  

Ok, with some extensions to make it even safer, but still..thanks for the feedback. Regarding Spybot when i try to run the advanced mode there is a WARNING that this may cause some harm to the system.  What does it mean?  Does it pay to upgrade to Real time protection regarding Adware? Does running Firefox helps to cut back spyware?  Thanksfirefox is a more secure browser than ie, but you can tweak ie to make a ok browserSpybot will not harm your computer, that is a matter for you.

Quote

im sure at one point they will START charging a price.. its the WAY of the windows

Recently, I FIXED a spyware named ""Pipas_A" by using Spybot; but then, this spyware returns again and again.  The Spybot cannot fix it permanently.
     Has anyone the same problem?  If so, has he/she been successfully destroyed this stubbon spyware?  If so, I would LIKE to know how.some other tools such as  ASquared or Ewido should clear up any problems

ASquared
a trial from here

http://www.emsisoft.es/es/software/download/

Ewido
download a thirty day trial for free from

http://www.ewido.net/en/

copy these links into your browser then download and update each product before runningScan in safe mode.Perhaps Spybot is removing it but you are getting reinfected again & again
What realtime protection are you using?
Is your OS up to date?
What browser are you using?We don't know yet what OS you are running however if it's WinXP i would suggest shutting off system restore befor e you scan along with the solid advice you have already recieved...Thank you guys!
My OS is Win98se.
I will try out the possible solutions and get back to you with result later on.Asquare is no good for Win98se; so Ewido seems to be the winner.  So far my problem is gone.  I will post again if it is otherwise.Ewido won't run on 98, you will need to use A-squared.Hi, Prodigy, you are absolutely right, it was my mistake!  It should have been the other way round:  Ewido is not for my PC, but the ASquared.It does not take long that the "Pipas_A" returns again.  NOTHING successfully defeats it, including the A-Squared!

So, I am STILL waiting for some smart advise, in the mean time, I guess I will have to live with it!You scanned in safe mode?

Use Adaware SE. Quote

Perhaps Spybot is removing it but you are getting reinfected again & again  
What realtime protection are you using?
Is your OS up to date?
What browser are you using?

Do you even know the definition of a virus?

Aren't you SUPPOSED to be on school?a virus is a pig of code that must piggie back on a computer program or osno i dont think so. but you go ahead and try.. i dont think you can even link a shortcut to itself..Do you really think the Windows programmers would be that STUPID?  LOL.. it would be funny if it worked and i would laughthere are funny ways to mess with friends but i cant help sorry.  someday young oneWhy would you want to do this, anyway? :-?HONESTLY this is very BAD Quote

honestly this is very bad

hello

is anyone using this SPYWARE program (free)? isn't good and effective? Better than SPYBOT  search and destroy?? thanksClick on the link below, your ANSWER is there if you SCROLL down.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Install a reputable program.

.. I can still DL the SP2, right?