Explore topic-wise InterviewSolutions in .

Ok, let me preface this post letting you know that I am not a genius when it COMES to computers.  I am slightly concerned about a name that is FOUND in the file field of my computer search program (not sure what to call it---it's the program used to search for documents, pictures, etc. on your computer).  The name is 'borland (spelled in lowercase with the apostrophe).  I cannot delete it at all.  I can delete all other search words, but not this one.  I did a google search and came up with a COMPANY that I feel is legit.  Should I be concerned?  :-?

Thanks for helping.

Also, on a different topic:  Is there a way to determine where a user has been on the internet and seen on the internet besides the history box--especially if user has gone through and deleted his/her "bad" pages?   :-?  Want to keep an eye on things in my home.  

Thanks for helping.for the first question: what protections do you have? anti-spyware anti-virus etc. when did you start to notice this program? did you install it?


for the second one: yes look in the temp. INTERENT files and you can see all of the pics they looked at and other stuff.


unlovedwarriorThis is not from Borland the company.

Your security has been compromised. What were you using for protection, because it didn't work.

You are not the only one using the machine? You fear that someone else is using it inappropriately? You can install a keylogger, etc. to monitor activity but if it were me I would do a clean format and reinstall and change all of my PASSWORDS first to make sure that machine was squeaky clean first.

Ok, hi there again guys. Well basically ive googled this 'Trojan Horse Generic2: LNI' but to no avail, but ive found many others that have different endings, for example 'Trojan Horse Generic2: CBF'. However i want information on the trojan that is on my sisters P.C. Im not computer savey at all but i do know how to get around on them and i am the most knolageable in my faimly. There is one other issue that confuses me. Last night i started a scan on her P.C and it didint pick up anything, it got about 30 mins into it then we decided to turn off the P.C. Then this morning my sister booted up the P.C to try and get her coursework out of the way, and as most of you will know AVG has that option to scheduale scans. The schedualing scan on this P.C is 8:00 in the morning and she had started it at 7:45 (early i know but she has a ton of coursework), so the scan went on and found this Trojan with under 5 minuites into the scan. So why didint the scanner pick this up lastnight before i had to terminate it? She hasnt downlaoded anything so i dont think its fresh this morning. Anyway advice and information would be appreciated.
Thanks guys

Chris

P.S I think its worth mentioning that the AV is AVG (which i dont like) and for spyware shes got Lavasoft Ad-aware. Oh and ive turned system restore off chris

dl AVg Anti-spyware

spybot

and do the scans in scan mode

then post a hijackthis log



unlovedwarrior

why dont u like avgOk well ive done the scans in safe mode now as well, alll clear.
Done spyware
So heres my HJT log attached, ill just post it up so you dont have to sepnd time unzipping it.
Oh and when i say i dont like AVG i think i phrased it wrong. AVG is great considering its free, but the thing is when i got my laptop i got the free home edition of Avast! on it and i just Avast! does alot more then AVG. For example you get the P2P filters and the Webscanner that automatically scans all the incomming data, and if it detects a virus it terminates the connection before the virus/worm/ trojan can infect you. And the scanner doesnt make a signle difference in the time it takes websites to laod up, its great!

ChrisLogfile of HijackThis v1.99.1
Scan saved at 09:54:08, on 09/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v8\System\VC8SecS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RaConfig2500.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\OEM\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3981
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.systemaxpc.co.uk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "EPSON Stylus Photo RX420 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX420 Series (Copy 1) on ACERASPIRE3000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P63 "Auto EPSON Stylus Photo RX420 Series (Copy 1) on ACERASPIRE3000" /O22 "\\ACERASPIRE3000\RX425" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.systemaxpc.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://r1bena.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145636885156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v8\System\VC8SecS.exe

http://img295.imageshack.us/img295/2452/virusgs7.png
Should i be worried about the IMAGE where it says 'Backup Copy' next to 'Source'?!
Does that mean there IS another one lurking about?!
Thanks

ChrisChris,

DLoad update and run Ewido on that machine. See what it finds. (it's now known as AVG Anti-spyware )

Then do the same with Stinger.

Let us know.Ok, well give me about a day ot two becuase the wireless on this P.C doesnt work very well at all. Ill have to download it off my laptop and use use my iRiver to transfer it on to this P.C

ChrisGotcha.

OT but is the PC close enough to just hook it up to the wireless router ? ?

Just a thought.

patio.  8-)No, the router is on a different floor in the house. Oh and we dont have a network card for it, well not one where you can plug a network cable in. Just the wireless card. Its funny though how the computer has problems with the wireless but my laptop works flawlesly with it. Oh and can i just repeat some of the questions incase they got missed. Well the first one is about it saying 'Back-up' copy, and about it not being detected last night but being detected this morning. Oh and lastly does anyone have ANY idea waht this trojan does?!
Thanks Patio and Unloved

ChrisAs to the last nite today question the only thing i can think of would be that AVG runs the scan differently in scheduled mode because it has ACCESS to all the system resources as opposed to running it in an active session.
As far as the PC a network card for that should only cost you 7 to 10 Euro.
And they're relatively easy to install.

I'm researching the Trojan variant you mentioned. Quote

As to the last nite today question the only thing i can think of would be that AVG runs the scan differently in scheduled mode because it has access to all the system resources as opposed to running it in an active session.
As far as the PC a network card for that should only cost you 7 to 10 Euro.
And they're relatively easy to install.

I'm researching the Trojan variant you mentioned.

i ran a scan of pc today at work (all drives) & on the j drive symantec antivirus notification said i had VBS.LoveLetter.C(1) virus 6 times.  The long distance pc "support" said to unplug from the system which i did.  desktop support will try to help me tomorrow on work pc.   now i use 2 thumb drives on both my home & work pc---i'm scared to insert the thumb drives into my home pc in case there are infected files on them.  is it safe to run a norton antivirus scan on each thumb drive (e or f drives) from my home pc w/out infecting my home pc?  

i thought VBS.LoveLetter.C(1) was an old virus from back around 2000 that current antivirus programs caught?  i input some personal bank account information earlier in the morning on my office pc---does VBS.LoveLetter.C(1)  virus able to retrieve that kind of information?  thanksMost modern day anti virus programs have what they call a "Real Time Scanning" function which is by default enabled. This catches and stops any viruses by files which are being actively accessed, i.e. ANYTHING on your flash drive that you open (if it is infected) will either be cleaned or quarantined, depending on your anti virus program settings. If you have no antivirus program, I would scan the flash drives on another computer first. There are so FAR 82 variants of this virus.
Norton says this about the virus:


This worm sends itself to email addresses in the Microsoft Outlook address book and also spreads to Internet chatrooms using mIRC. This worm overwrites files on local and remote drives, including files with the extensions .vbs, .vbe, .js, .jse, .css, .wsh, .SCT, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .avi, .qt, .mpg, .mpeg, .cpp, .c, .h, .swd, .psd, .wri, .mp3, and .mp2.

The contents of most of these files are replaced with the source code of the worm, destroying the original contents. The worm also appends the .vbs extension to each of these files. For example, image.jpg becomes image.jpg.vbs. However, files with .mp2 and .mp3 extensions are merely hidden and not destroyed. Norton SystemWorks users can recover these files if NProtect is running at the time of infection.

VBS.LoveLetter also tries to download a password-stealing Trojan horse program from a Web site.
    


Also Known As:  Lovebug, I-Worm.LoveLetter, VBS/LoveLetter.A, VBS/LoveLet-A
  
Type:  Worm
Infection Length:  10,307 bytes
  

Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected:  DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x


Wild

Number of infections: 0 - 49
Number of sites: 3 - 9
Geographical distribution: High
Threat containment: Moderate
Removal: Moderate
 Threat Metrics
 
        
Wild:
Low
 Damage:
High
 Distribution:
High
 
 

Damage

Payload Trigger: On execution of email attachment
Payload: Overwriting files
Large scale e-mailing: Sends itself to all addresses in the Microsoft Outlook Address Book
Modifies files: Overwrites files with the following extensions: .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .mp3, and .mp2. Files with extensions of .mp2 and .mp3 will be hidden from the user by setting the hidden directory attribute. The overwritten files can be recovered if the user is running NProtect from Norton Systemworks or Norton Utilities at the time of infection. Variant G also overwrites .bat and .com files.
Degrades performance: Might clog the email server
Distribution

Subject of email: ILOVEYOU
Name of attachment: Love-letter-for-you.txt.vbs
Size of attachment: 10,307 bytes
Shared drives: Overwrites files located on network drives
Target of infection: Overwrites files with the following extensions: .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .mp3, and .mp2. Files with .mp3 and .mp2 extensions will merely be hidden from the user's view and not actually destroyed. Variant G also overwrites .bat and .com files.

When executed, the worm copies itself to the \Windows\System folder as both Mskernel32.vbs and LOVE-LETTER-FOR-YOU.TXT.vbs, and to the \Windows folder as Win32dll.vbs The worm checks for the presence of Winfat32.exe in the Windows\System folder.

If the file does not exist, then the worm sets the Internet Explorer start page to a Web site with the Win-bugsfix.exe file. This Web site has been shut down.
If the file does exist, the worm creates the following registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WIN-BUGSFIX

and executes the file during system startup. The Internet Explorer start page is then replaced with a blank page.

For each drive, including network drives, the virus attempts to infect files that have .vbs and .vbe extensions. The worm also searches for files with the extensions .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .mp3, and .mp2. When files with these extensions are found, the worm does the following:
Overwrites all files having the extensions .js, .jse, .css, .wsh, .sct, .hta, .jpg, and .jpeg with VIRAL code. It then makes a copy of the file and adds the extension .vbs to the file name. For example, if the file is named House_pics.jpg, the overwritten file is named House_pics.jpg.vbs. The original file is then deleted. These files must be deleted and then restored from a backup.
Creates copies of all files having the .mp3 and .mp2 extensions. It then overwrites the copy with viral code and adds the .vbs extension to the file name. Next it changes the attribute of the original .mp3 or .mp2 file to hidden. Because of this, the original copies of .mp3 and .mp2 files are still unaltered--though hidden--on the hard drive. The modified files should be deleted.

CAUTION: Do not attempt to run files that have been overwritten or renamed by this worm. If you do, the worm is executed again.

[highlight]You can download a removal tool here http://www.symantec.com/avcenter/fixlove.exe[/highlight]

Hey guys, I would APPRECIATE a little help, I'm having a little trouble with PC-Cillin Internet security 2006. My computer specs (if it matters) are as follows

MSI K7T Turbo 2 Motherboard
1 X 20 GB HDD (system)
1 X 80 GB Seagate HDD
512 MB PC-133 RAM
AMD Duron 1.15Ghz Processor
Running Windows XP HomeEdition SP 2

I've had PC-Cillin for over 1 year now, and have had no trouble with it at all this whole time. Just recently (within the past few days) we have been unable to access the internet with PC-Cillin running. We can disable PC-Cillin and the net works fine, but as soon as PC-Cillin is running, internet access is stopped. I first tried stopping and restarting it in the services manager in ControlPanel, but that didn't do anything. I then did a system restore to a few days earlier, which also proved to do nothing. I looked into the list of firewall exceptions, and it appeared that it had SOMEHOW been reset or the file corrupted and restarted, but even still, after allowing all the internet accessing programs, nothing has worked. I am considering reinstalling and seeing if that would help, but I would rather not have to if anyone has any ideas. Thanks for any suggestions.It expires after a year, so did you renew it?

I would recommend uninstalling and using something less resource hungry like AVG Free for virus protection. Free firewall substitutes are also available. But a reinstall would be possible too, especially if you have invested in it.

(P.S. I was a BETA tester for this PRODUCT!   )Yeah, it was still a valid license (not in need of renewal) but I renewed it tonight anyway, and I'm currently upgrading to version 2007, so we'll SEE if that fixes the problem.Managed to fix it by erasing the old firewall profile and making a new one, then buying version 2007.Glad you are all fixed up and thanks for posting back.  No problems, if I found a solution I might as well let others know in case they have a similar problem.

I am having a problem with my Internet explorer that i can not change my Home Page even my account is full access and also there is a problem with my run command "Start>Run" it is not there and also not working.
my web page "Home Page" which is now fix is"http://thecoolpics.net/"
Please any body tell my how to change my Home page and BRING back my Run command. :-?
You are INFECTED with spyware and probably viruses as well.

What were you using, because it did not work?Most likely spyware has infected your computer and used the registry to lock your homepage. TRY this...highlight text and save as homepage.reg or whatever.reg
Code: [Select][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:0000000

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:0000000
and reboot. or if this doesn't work just navigate there using regedit.exe and change values to 0 (But be careful not to modify your registry in any other way cause it COULD damage your OS. hope this helps.This is the problem i can not EDIT my registry. there is no Run Command and it's not working.
DLoad the following tool :

http://www.bleepingcomputer.com/files/smitfraudfix.php

Create a new folder on the desktop and un-zip the file into this folder (you can name it smit for example )

Disconnect your modem/router and re-boot into safemode... this is done by repeatedly tapping F8 when the machine is starting.

Open the smit folder and double click the smitfraudfix.cmd icon in the folder you created. A Command window will open...select option #2 which is "clean".

After awhile it will run diskclean, when finished it will ask if you want to clean the registry...select yes .

When it is done it will ask re-boot ? ? select yes.

This should fix things.

You need to add some protection programs to that machine. Post back with a list of what you currently have and we can give you some advice on the good ones...Use this software to solve your homepage problem: Click below link to download
http://dw.com.com/redir?pid=10379544&merid=6238250&mfgid=6238250&ltype=dl_dlnow&lop=btn&edId=3&siteId=4&oId=3120-8022_4-10379544&ontId=8022_4&destUrl=http://www.download.com%2F3001-8022_4-10379544.html

And, Restore your System to get back your run command. I had same problem few days before now Okay. (You can not see and get regedit untill restore your system), So must restore your System

Best of Luck,
PaGaL Tamang
Doha, Qatar

Hello EVERYONE ... A friend of mine mentioned use of a large host file with redirection to 127.0.0.1 for sites that he wanted to BLOCK users from snagging adware/spyware at as well as redirection of websites to block access to.

Question: Is this a good method of blocking these problems in ADDITION to software that blocks adware/spyware, or is it a waste of time to maintain up to date HOSTS files with a Blacklist redirected to 127.0.0.1

Thanks.. :-/Spybot S&D will do it all for you, maintaining is only a matter of updating and immunizing.
Running Spybot in Advanced mode gives you other OPTIONS like locking the HOSTS file too.
You can ALSO use your HOSTS file to speed up web browsing too.

I already read NTLDR is missing at this site and this site not told me it can cause from virus.
But recent few weeks ago I found many of my clients have this problem and all of them are the member of antivirus server and then I decied to close this antivirus server.

Very Surprise!!! I didnt found it again til this time but I dont sure there was a virus that can make this problem?  If someone know about that pls. call meFrom the Googleship:

http://www.google.com/search?hl=en&lr=&q=NTLDR+is+missing+from+virusEven if this is from a virus, you can fix this by doing a repair installation of Windows, or if you are in a network with a server using a server image, you can re-image the machine. Then I would SUGGEST a better anti-virus program if this was from a virus. I have had this problem before without a virus though.Before you try reinstalling Windows, check the connections on your hard drive. Just the other day, my younger sister complained about an error: "operating system not found". On an E-Machine, things breaking is nothing NEW. HOWEVER, I also knew that there were several OCCASIONS where the IDE cables had come loose. Tightening them fixed the problem. (Sub-standard IDE cables -- remind me to chalk that up as another reason to hate the E-Machine.)

Even if they don't look loose, tighten the connections between the hard drive and the motherboard. If there is still a problem, then no harm is done and you can proceed with the above instructions made by pheonix910.It's a problem with NTLDR, a specific component of windows, rather than the entire operating system. If it was a lose IDE cable, I doubt that it would come up with only one specific component, but still doesn't hurt to check. Something I found to do before you reinstall windows using the recovery console, found on the boot CD:
Once you are in the recovery console, type map, and then press ENTER. Note the drive letter that is assigned to the CD-ROM drive that contains the Windows XP CD-ROM. Type the following commands, PRESSING ENTER after you type each one:
copy c:\i386\ntldr c:\

copy c:\i386\ntdetect.com c:\
If you are prompted to overwrite the file, type y, and then press ENTER.

NOTE: In these commands, there is a space between the ntldr and c:\, and between ntdetect.com and c:\.  
Type the following command, and then press ENTER:

type c:\Boot.ini


A list similar to the following list appears:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
                                    
If you receive the following message, the Boot.ini file may be missing or damaged:
The system cannot find the file or directory specified.

If this is the case, you will have to create a new Boot.ini, which I will let you know how to do if you need to. Hope this helps (this is supposed to and does for many people, but I haven't tried it personally yet).Oops, mis-read the error.

Ok I just finished a diagnostic of my friend's computer:  (Dell, Pentium 4 CPU 2.00 GHZ, 1.99 Ghz, 1 Gig  RAM, XP Pro 2002 SP2)

I ran a full scan with AVG free.  Found and deleted 7 trojan horse downloaders.  Ran spybot found a couple of things and they were deleted.  (did the scans in safe mode with system restore off.)  I also had to get rid of his old Norton Anti-virus because it was slowing the system.  

Only problem left is that his IE would lock up.  usually it would do this if you were trying to logon with username and password to a website.  Had to End Task everytime.  Should I tell him to get Ewido or something?  As I said, he's got Spybot S&D, AVG free, and Adaware.  (all updated)  Ewido, now known as AVG Antispyware sure wouldn't hurt.make sure to do the scans in safe mode with system restore turned off...


also try adaware se personel


unlovedwarriorHe already has AdAware... Quote

He already has AdAware...

Flip81 also stated the scans were ran in safe mode with the system restore off.

 

Quote

Flip81 also stated the scans were ran in safe mode with the system restore off.

 

that he did

As far as I can see there are no experts resident here.

My Norton keeps saying I'm infected with backdoor.trojan. How do I remove it??

I have a compaq with Windows XP by the way.

Thanks!Remove it with Ewido/AVG Online SCANget avg antispyware free


spybot

Ccleaner(also run the issues scan to clean your register up a BIT remember to back it up when it asks to)

dl and install update run scans and SEE if that helps and do the scaans in safe mode..

unlovedwarrior QUOTE

My Norton keeps saying I'm infected with backdoor.trojan. How do I remove it??

ollylock...... Were you able to remove this running process ?
[highlight]C:\WINDOWS\system32\msasvc.exe [/highlight]

dl65  Hmmm... All my DESKTOP icons have disappeared?

I can run the internet fine, however when I minimized the windows, there was no icons to get onto HijackThis...

How do I get my icons back?OH, and yes, I could remove that running process.Most recent HijackThis log file:

Logfile of HijackThis v1.99.1
SCAN saved at 02:27, on 06-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet EXPLORER v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Oliver Lock\tel.exe
C:\WINDOWS\system32\tel.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Oliver Lock\Desktop\HijackThis.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
F2 - REG:system.ini: Shell=
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{301B5~2\Bar888.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{301B5~2\Bar888.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [{701B57B5-0BB0-1033-0223-04120503002c}] "C:\Program Files\Common Files\{701B57B5-0BB0-1033-0223-04120503002c}\Update.exe" mc-110-12-0001411
O4 - HKLM\..\Run: [{701B57B5-0BB0-1033-0223-041205030001}] "C:\Program Files\Common Files\{701B57B5-0BB0-1033-0223-041205030001}\Update.exe" mc-110-12-0001411
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu]  /L:ENG
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PAHomeRouter] C:\Program Files\ProgrammerAce\PA Home Router\PAHomeRouter.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)ollylock.......  Do you have your desktop icons back ?

Exactly when did they disappear ?

dl65  ollylock  ..... this entry .......
[highlight]O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) [/highlight]

leads me to this .....   http://fileinfo.prevx.com/adware/qqa7de44001476-MSAS22915957/MSASVC.EXE.html

I think , I would try the removal tool ........ if thats not whats doing it ...the removal tool will not do any harm. Follow the instructions exactly .

http://info.prevx.com/downloadremove.asp?determination=G

dl65  dl65, I've downloaded the Privx1 and installed it.

I've been on my desktop for about 5 minutes and haven't had the annoying framework of a window POP up or the AVG and A-sqaured prompting me for programmes such as:

C:\WINDOWS/System32/svchosts.exe
C:\awqalwt.exe
C:\bbdx.exe

etc.

I haven't yet opened up MSN Messenger, which I will do now (I'm fairly apprehensive!) and talk to the odd person on it, and then report back.

I appreciate your help in all this, and will report back.

Thanks

Hi, I need some help. A few weeks ago I scanned my system with the trial version of Spy Sweeper + Antivirus. At that time, it picked up the following (Ignoring the cookies it picked up...):

security2k hijacker:
hklm\software\microsoft\windows\currentversion\pol icies\explorer\run || ishot.exe (twice)

trojan agent winlogonhook:
hklm\software\microsoft\mssmgr

Addition:
I also have troj/keygen-q

It couldn't remove it so I just took a screenshot and left it about. A couple of weeks later I managed to get Spy Sweeper (w/o antivirus), and I scanned it with this nothing came up. Then I put the other one back on with the antivirus and it didn't pick it up either. I navigated to the keys or whatever, and they don't exist.


Also, every time I update my definitions for my Symantec Antivirus (Corperate)...After it installs it says this:
Symantec Antivirus may now be ABLE to repair the infected file in quarantine.
It asks to quarantine the items now, and I hit next...
Then it says the following viral infections well be quarantined: ...\Desktop\addon3394.zip. Under virus name it is blank. That file does not exist on my desktop.
So I click next again to repair it, and it says items in quarantine can not be repaired using the virus definition files that have just been delivered. When I do a system scan with it it doesn't pick up anything.

Other than this Spy Sweeper, Adaware SE, and AVG Antispyware have just picked up on cookies, and a dialer ->. (AVG) (I don't have the information on what dialer it was I forgot to save a log but it seems to be gone)

I have Win XP MCE SP2. All windows updates are installed. I use FF 2 and IE 7. All virus and spyware definitons are updated. System Restore is turned OFF.  I have a Dell E510 w/2GB ram and a 80GB hard DRIVE.  If you need any more info please let me know.  Thanks a bunch.

EDIT: I'd like to add a few more things.  My Spy Sweeper picks up and blocks to advertisement websites when the system first starts up.*** (After you log in and everything loads)  Also, at times my FF will go white and black as in you can't see anything on the page.  Also the right click will go away and it won't let me do Ctrl+Alt+Delete.

***Some of the things Spy Sweeper internet communication shields pick up:
adgate.info
admin.targetad.net
ads.delfinproject.com
ads.delinfoproject,com
ads.dns-lookup.com
ads.surfsidekick.com
adsextend.net
*adult URL*
aflashcounter.com
aflaportal.com
allaboutsearching.com
allcrazyporn.com
allmegabucks.com
all-tgp.org
antispylab.com
antispywarebox.com
antivirusgolden.com
app.ezula.com
approvedlinks.com
apps.deskwizz.com
apps.webservicehosts.com
awbeta.net-necleus.com
awmdabest.com
ax.web-nexus.net
axload.to

It seems to go in alphabetical order right up from a big list...Also do you think it'd be better to wipe it and backup everything?


ANOTHER EDIT: My system is starting to get pretty bad now I have to use the last known good loadup thing when you have the option of safe mode.Logfile of HijackThis v1.99.1
Scan saved at 6:31:54 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround

Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\WEBROOT\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Wallperizer\Wallperizer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Verizon

Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&

cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page

= http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess -

{5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} -

(no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655}

- (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922}

- (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event

Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program

Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [A Verizon App]

C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Motive SmartBridge]

C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program

Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Wallperizer.lnk = C:\Program

Files\Wallperizer\Wallperizer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet

Cont below.O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm

.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi

Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime

Object) -

http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.appl

e.com/qtactivex/qtplugin.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B}

(DownloadManager Control) -

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activ

ex-2.0.6.5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/c

lient/wuweb_site.cab?1135544427414
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86

/client/muweb_site.cab?1147650916390
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} -

http://www.programchecker.com/dll/nixon.cab
O18 - Protocol: livecall -

{828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml -

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program

Files\Windows Live Mail Desktop Beta\mailcomm.dll
O20 - Winlogon Notify: NavLogon -

C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O20 - Winlogon Notify: WRNotifier -

C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch)

- Symantec Corporation - C:\Program Files\Symantec

AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R)

Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program

Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation -

C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs,

LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine

(WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program

Files\Webroot\Spy Sweeper\SpySweeper.exe"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"IntelMeM" = ""C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"" ["Intel Corporation"]
"CTSysVol" = ""C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r" ["Creative Technology Ltd"]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"]
"A Verizon App" = "C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" ["Verizon Internet Solutions"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"Motive SmartBridge" = "C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray" ["Webroot Software, Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
                                        \StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
                                       \StubPath   = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
                                       \StubPath   = "rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title PROVIDED)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "DriveLetterAccess"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {HKLM...CLSID} = "Display Panning CPL Extension"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
  -> {HKLM...CLSID} = "VpshellEx Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
  -> {HKLM...CLSID} = "Universal Plug and Play Devices"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "My Sharing Folders"
                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0168.00.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]


Cont below.  \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{D7B929B6-F1FB-4C42-B3FA-C3BEC1F4CACE}" = "Shell Message Handler"
  -> {HKLM...CLSID} = "Shell Message Handler"
                   \InProcServer32\(Default) = "C:\Program Files\Windows Live Mail Desktop Beta\mailcomm.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
  -> {HKLM...CLSID} = "DriveLetterAccess"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
  -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~4\MpShHook.dll" [MS]
<> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
  -> {HKLM...CLSID} = "MCPShellInstantiator Class"
                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" ["Stardock"]
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"]
<> winbjt32\DLLName = "winbjt32.dll" [file not found]
<> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {HKLM...CLSID} = "VpshellEx Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {HKLM...CLSID} = "VpshellEx Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoControlPanel" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoFind" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoMultiIE" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWA" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWB" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWC" = (REG_DWORD) hex:0x00000000
{unrecognized setting}


Cont below."LWD" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWE" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWF" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWG" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWH" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWI" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWJ" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWK" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWL" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWM" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWN" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWO" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWP" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWQ" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWR" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWS" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWT" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWU" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWV" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWW" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWX" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWY" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"LWZ" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDrives" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoActiveDesktop" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}

"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"ClassicShell" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}

"NoThemesTab" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Enable Active Desktop}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktopChanges" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableClock" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispCPL" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}

"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoColorChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSizeChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Desktop tab}

"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoSelectDownloadDir" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}

"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Wallperizer_Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\wpgldfsh.scr" [MS]


Cont below.Startup items in "Brandon" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Brandon\Start Menu\Programs\Startup
"Stardock ObjectDock" -> shortcut to: "C:\Program Files\Stardock\ObjectDock\ObjectDock.exe" ["Stardock"]
"Wallperizer" -> shortcut to: "C:\Program Files\Wallperizer\Wallperizer.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
"wrSpySweeperTrialSweep" -> launches: "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /ScheduleSweep=wrSpySweeperTrialSweep" ["Webroot Software, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
  -> {HKLM...CLSID} = "&Links"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Real.com"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
Media Center Scheduler Service, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."]
Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON Printer Port\Driver = "Eplpmx02.DLL" ["MK Systems CO.,LTD."]
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]


----------
<>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 49 seconds.
---------- (total run time: 116 seconds)


I'm really sorry this is so long.  Thanks for your time.Is it possible for you just to reformat and reinstall windows?, it would most likely be quicker and easier (but wouldnt be as much fun as battling the nasty viral demons back to *censored*, although their screams of agony while you reformat the hardrive is quite satisfying in itself)

First off try google for "trojan removal tool" many antivirus companys offer these removal tools for free to consumers. Download a couple and let follow their instructions. http://www.google.ca/search?hl=en&q=trojan+removal+tool&meta=
Next rescan with an internet based scanner like Trendmicro housecall and let it hunt and kill a few baddies

Absolutely avoid anything to do with free programs by the name of "winantiviruspro" it in itself is a virus UNLESS its a tool to remove winantiviruspro.

Get hijackthis http://www.majorgeeks.com/download3155.html it will scan your computer and provide a log for the adims to read and see any suspicious behavior or usless programs (it is the most common tool used for virus removal as it will show anything left behind after a cleaning)

Im no professional but this will get you started in killing the nasty buggers
Also note- many viruses back themselves up in your system restore and disabling system restore is the only way to make sure they dont reappear from the sytem restore
he gave a hijackthis log already reply one and two


have you tried spybot?

did you do the scans in safe mode?



yes reformat would be esaier and it would also remove anything in your computer letting you start fresh again.

unlovedwarrior Quote

he gave a hijackthis log already reply one and two


have you tried spybot?

did you do the scans in safe mode?



yes reformat would be esaier and it would also remove anything in your computer letting you start fresh again.

unlovedwarrior

It started yesterday or the DAY before when I turned on the computer. I realized something was installing so I quickly turned off the computer before it could fully install. I turned it back on to DISCOVER there was only minor damage.

IE crashes and decides to close randomly. It only does it right when a page loads or I click on something. I actually had a problem registering because I had to go to hotmail to get my code and password, but it KEPT crashing. I was FINALLY able to get them.

I've run Norton Antivirus 2005 but it didn't detect anything which I find surprising. And some stupid WinAntiVirus THING keeps popping up asking to install. I click no every TIME but it keeps popping up every so often.

What should I do? :/Please test RogueRemover for me, it claims to remove winantivirus.
http://www.malwarebytes.org/
If it fails then there is another way.

Hi,

Yesterday while visiting a share website i clicked a link and a BOX appeared which looked very suspect. it was what looked like a windows box which said something to the effect of "execute command" in the title bar with a field underneath which has something highlighted but you could see what it was. i pressed "ctrl+alt+del" to exit out of it through my tasks manager.

as the box came up my virus scan flashed up with three different items (not sure what they were as i panicked a bit) and so i instructed my virus software to remove them. i then restarted the computer with an avast scan on startup which found a couple of items that i also deleted.

when my computer came back on everything seemed fine but when i tried to connect to the internet i got the message that "the page cannot be found" and all the reasons why ie. is it spelt incorrectly, is my computer connected to the internet, etc. i tried to connect to google as a test and it could not find it.

i checked to see if i was connected and i was. my computer must have an active connection as after i had restarted it i managed to download the windows updates from a notification albeit very slowly.

is there anything that i can try which may enable me to get my browser viewing pages again? i was going to try and do a trend micro housecall scan but until it recognises the page i cannot start it.

i am currently running windows xp and the latest windows upadte installed internet explorer 7 (the update was done after i found out i couldnt get on the internet so i know its not that)

I have been down to my local computer shop and explained my problem from my other post and he says that it sounds like my browser has been hijacked and that he can fix it using hijack this..........at £35 an hour.

naturally i would like to save myself some money so i have managed to get a copy from a friends computer and run it on my own. here are the results. any action to be taken needs to be in non computer jargon cos im not very good with stuff like that. note that there are only 2 antivirus packages due to the fact that i installed avast to try and get rid of what was causing it but to no avail. i normally use f secure.

I have managed to get a hijack this log to run but it is too long to post on a message. if anyone is a bit of an expert with such logs i can send it on email.

Thanks to anyone that can help.

For the Hijackthis (HJT) just put it into multiple posts. Where you cant fit it all in one post post as much of it as you can, then put the rest of it into another post.

ChrisLogfile of HijackThis v1.99.1
Scan saved at 20:59:38, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blueyonder.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115748314765
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (HOTMAIL Attachments Control) - http://by18fd.bay18.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeyou only need one antivirus... pick one and delete the other..


get avg antispyware

spybot

adaware

Ccleaner(run this one first to see if it fixes it. also run the issues scan to clean up your register,  make sure to back up when it asks)

unlovedwarrior

run them is safe mode and try to update them before you go into safe modeThanks for the reply.

I only normally run F-Secure antivirus. The reason avast is on there is because i downloaded it and used it to perform a boot up scan after i found out i had the problem. my intention was to uninstall it afterwards.

my problem with getting the programs you mentioned is that i cannot access the internet on the infected pc and i have to download them onto another pc and then move them via memory stick and hence cannot ge the updates.

i have used f-secure and avast to remove the actual virus and it is no longer showing on scans. i just need the registry cleaning up so that whoever has hacked into my internet connection can no longer access it and i can start to use it againfor some of thoses programs like spybot you can actually dl the updates seperately. and even though you can get the updates now the programs my still be able to help reestablish the connection if the connection loss is due to malware, so you might want o give them a shot.


if you just need the register cleaned up a bit then use the Ccleaner issues scan to do that just back up your register when asked


unlovedwarrior gaz2195.....
This must be removed ....  mark for removal

[highlight]O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)[/highlight]

These should also be removed

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)




dl65  
should all the scans and removal be done in safe mode?

am i right in thinking that to remove the said items i run a HJT log and then tick the BOXES at the side of the items i want to remove......then some sort of "delete" button? im actually on my works pc at the moment so i havent got it in front of me. gaz2195 ........ Re the scans ........ If you think your MACHINE is infected , run programs like your Anti Virus , Ewido or A-Squared from safe mode for best results ..........
However , run hijackthis from normal mode , as we want all the running processes to be shown ....and in safe mode the number of running processes is reduced .

Now as far as how to remove selected items with hijackthis ........
put a checkmark in the box of the item you wish to remove and then click on the button marked ....... "Fix checked"  

dl65  First of all thanks for your continued time in giving me advice. So far I have

1. removed the said items from the HJT log in normal boot up mode
2. ran ccleaner (both scans), spybot, avg antispyware and adaware se in safe mode. a few files were removed using ccleaner but the other scans showed up with no critical infections (i deleted the negligible items in adaware anyway just in case)
3. was told on another forum to use winsockfix (sic?) so i have run that.
4. was also told to use IEfix on another forum. when i tried to run this program it failed because it wasnt supported by internet explorer 7.

after trying everything i got a bit excited only to find that when i clicked into my browser, it still wouldnt find any webpages and the same error message came up. is there anything else i can try? i will post up my new HJT log when i get chance.Im thinking of doing a restore to some point LAST week before everything went wrong. my anitivirus and all spyware tools now dont show anything,does this means that my restore files have also been cleaned?

would you advise against a restore or is it a case of 'cant do much harm'?depends cause if the infection used the restore files then you could just be reinfecting yourself

unlovedwarriorIf you or the computer made a restore point after infection point, and you remove said viruses and restore to that point, you will just reactivate the viruses -- no question. My advice is to disable, then re-enable System Restore. This will clear all the restore points and give your PC a slightly fresher start. I can't really comment further, as I never turn Restore on. Blasted thing never works for me.

I bought an IPOD off of ebay and after plugging it into my computer, now I can't open documents or programs.  It takes 10 minutes or so to boot up and then it wont let me open ANYTHING.  Has anyone heard of this?  I am guessing the iPod was infected?

Thanks for any help that you can offer.
RThe iPod is not infected, you do not have to worry about that (unless you RAN a program off the iPod which in tern was infected which is highly unlikely if you are using for nothing but MUSIC or videos).
Try updating to the latest drivers, maybe that may help.Amd oh by the way, what ARE you using for virus/spyware protection? Have you updated and run your scans in safe mode lately?

Hey everybody !
How areu all of you ?
My SYSTEM is infected from a virus ? 
Its CHANGES MY COMPUTER TO  RECYCLE BIN  and VICE versa .

PLease help me
And give me response  quick ! dineshverma ....... Perhaps some info on the system you have ?
The OPERATING system in use ? .........
What was going on just PRIOR to whatever occurred?
Quote

My system is infected from a virus ? 

Sounds like you might have SmitFraud.  Give me a few minutes and I'll take a look at your log. Quote from: pleasehelp on June 18, 2007, 11:41:01 PM

to personalize avg?

You're very welcome.  I'm GLAD I could help you out!As this issue appears to be resolved, I am CLOSING this topic.  If you are the original poster and you WOULD like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you REQUIRE help, please start a New Topic with information about your computer and your problem.

Hi,
problem on my notebook introduced me with this forum.....!

I am using windows Vista Home Premium, my computer security is automatically or somehow turned off, then I can not turn it on. I tried my best but I found no solution........
In security senter I get message like.." the security senter SERVICE can't be started"
can anybody help me please?what program is it what PROTECTIONS do u haveOh,
 I have windows firewall,
windows defender, and windows update and firewall was turned on, now no one is working........Do you have ani anti-virus PROTECTION?
Windows Defender is only for spyware and isn't a good one.

Jonas No, I only have those I mean spayware and its not working too? What antivirus can be good for Windows Vista and where can I get it?avg free

avast home edition

is the subcription over with?? i hope so its two YEARS old roughly... if so remove it and replace with a free better alternativeI did, but its not my question  i know just getting the facts and what youve done. get ccleaner (without the yahoo toolbar) and run the cleaner, then run the issues scan(on the left side) the issues scan and fix the register, back up when ASKED..How long have you had this problem?
Have you tried using System Restore to go back to a time before this started happening?
Did you install another firewall that might've disabled Windows Firewall?


You could be infected, so go ahead and post a HijackThis log for  us to take a look at.Thank you all,

I got point.You should really post a hijack logfile there is a chance that you are infected and Chris is really good in this.
Let him check, and you will see.
It the best for you.
Let us know what you actually did. (for the protection)
Sow we can give you any advice.
Is the problem solved now?

Jonas Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

The official drivers page is here:
http://h10025.www1.hp.com/ewfrf/wc/softwareList?os=228&lc=en&cc=us&dlc=en&product=304535&lang=en#

The driver Jonas suggested is also on this page, I believe.  Make sure you are completely installing the included drivers and software.  If it's STILL not WORKING, you can try ORDERING a CD for free.  A link to do so is on the page I posted.I think it is a CABLE problem as the driver installed properly but will not print.
Thanks.If that's true than the only possible solution is: A new cable
But I think you know that to.
Just try it and let us know.

Jonas DUE to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

And what about this one

Logfile of HijackThis v1.99.1
Scan saved at 08:32:17, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZyXEL\ZyXEL G-202 Wireless Adapter Utility\ZyXEL G-202.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike\My Documents\HijackThis.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SIS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [QAGENT] "C:\Program Files\QUICKENW\QAGENT.EXE"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ZyXEL G-202 Wireless Adapter Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: SUN Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4963/mcfscan.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
I can see that you run HiJack this in C:\Documents and Settings\Mike\My Documents\HijackThis.exe Witch is good but I suggest to save it in a program folder like
C:\Program files\HJT\HijackThis.exe
I can see that you have a Mcafee firewall and you have AVG AV But I don't see any antispyware protection  or did I look over it?
Next to this the log looks clean for me accept for:
C:\WINDOWS\system32\mrtMngr.EXE
mrtmngr.exe is a part of the Intuit QuickBooks application. This process should not be removed to ensure that your Intuit QuickBooks software is working properly.See here
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
These are the one I should fix but I should wait and see what CHRIS (CBmatt) has to say
Because this is my first time.

Jonas
BTW: Chris thanks for the info about HJT. You made it possible for me to read.This log also looks cleans.  Go ahead and fix these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O18 - Filter: text/html - (no CLSID) - (no file)

Also...Jonas is right; C:\Program Files\HJT would be a better place to run HijackThis from.  The program and its backups are a lot safer there.  And you appear to be running two instances of HijackThis...why is that?






Quote from: Jonas Wauters on June 22, 2007, 01:46:39 AM

I can see that you have a Mcafee firewall and you have AVG AV But I don't see any antispyware protection  or did I look over it?

Next to this the log looks clean for me accept for:
C:\WINDOWS\system32\mrtMngr.EXE
mrtmngr.exe is a part of the Intuit QuickBooks application. This process should not be removed to ensure that your Intuit QuickBooks software is working properly.See here

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.

BTW: Chris thanks for the info about HJT. You made it possible for me to read.

Also...Jonas is right; C:\Program Files\HJT

Ok guys and girls basically , i posted in Networking i am haveing seriously slow dsl , but it appears my hole pc seems to running on the slow side its like really bad lag , i know i only have a 256mb ram at the moment but my computer has never ran this slow . and i havent gone near any torrent sites since my pc has been wiped , im gunna post a high jack this log feel free you look at it , thanks for looking , if any can see anything i should fix let me know .

Logfile of HijackThis v1.99.1
Scan saved at 09:56:37, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system\CmSNXeye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/uk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25977479-06F4-4A36-B404-B44EAE0383B9}: NameServer = 212.139.132.7 212.139.132.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{25977479-06F4-4A36-B404-B44EAE0383B9}: NameServer = 212.139.132.7 212.139.132.6
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Looks clean to me, Tony.  For once.  Ha.  I'm not really too sure what might be CAUSING your lag.

Have you installed any new programs recently?
Have you tried using System Restore to go back to a TIME before the lag started?
Have you installed any of that new hardware, or are you still waiting on it?Im still waiting on all my new hardware , and i aint installed anything i know and im sure you know off that will affect my system so BAD , i really am blank here , my computer was wiped when i had my askrock board put in so it would be pointless doing a system restore , and they dont work for me anyway lol . Im defragging at the min with a good little program off of majorgeeks IObit smartdefrag , it may imrpove my comp a bit , everything on my comp is pre-set so the only THING i can think of thats causeing this is my new board .... is that possbile If these problems started after installing your motherboard, then I would definitely suspect it.  However, I'm not a hardware expert, so it's hard for me to say.  This may be a question for the Hardware section of the forum.well at least we clearly the per-longings of a a bad virus , if i dont get any gfood results for hardware i will take my motherboard out insert it all myself. *censored* computer shop me and calum suspected him from the start im gunna have tradeing standards investgate him , as i feel he is not doing his job properley , have a look at his poorley constructed site for one thing , HIS BANNER WAS MADE FROM WORDART  http://www.tezco.net/Ouch.  That site hurts both my eyes and my brain.  I don't blame you for suspecting him; I myself have to wonder how legit he is.  Especially if Calum is also weary (he has a good eye for these things).  With the right guides and a bit of help from some of our hardware experts, I'm sure you could easily do all of this yourself.What i dont understand is ive seen , full blown work men g o in there , that acutally look like i-t speacilsits  and my  gf has seen them to, working with him , oh well  im sure tradeing standtards will investgate him , i dont know if calum told you , but he also stole my ghrapics card , and and told me my onboard ghrapics on my motherboard where better what a jack*** , i phoned him up and said i wanted my old one back radeon 9250 , and told me yh sure its here come and pick it up....  now that sounds dodgey the guy could of had put it in some poor lads computer and charged him full price for my 2nd hand card.Yeah...that certainly is a bit suspicious.  The guy could be legit, but I personally wouldn't trust him.  Especially if he took my graphics card.  Heh.  Not sure how much it would help, but you might want to update your motherboard drivers.  And you should also see how things run once you get your new RAM installed.

It's ODD to me, though, that this would affect your internet connection.  Just out of curiosity, have run any scans in Safe Mode to see if they FIND anything?  It's worth a shot.  Though, you've had internet problems before that didn't seem to be caused by infections.  You might want to give your ISP a call.As this issue appears to be resolved, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I have BitDefender v10 on my XP and as it was scanning for viruses a virus alert pop-up showed up saying my computer has been infected by Trojan.Exploit.Vbs.Phel.M and Generic.XPL.Phel.7A2777C0

There are several infected files, all of which are located in:
c:\documents and settings\helen\local settings\temporary internet files\content.ie5\k3yrq7gt\...

I click OK to close the virus alert but it keeps popping up. Also, I can't seem to use BitDefender when this VRUS alert is shown. During the scan it told me 0 infections were found and the virus alert box says "BitDefender has blocked this virus - your computer has NOT been infected".

How do I remove?
Thankswhat os?? what other protections do you have?? have you tried in safe mode?? Quote from: EleniZee on June 22, 2007, 05:27:57 PM

I have BitDefender v10 on my XP and as it was scanning for viruses a virus alert pop-up showed up saying my computer has been infected by Trojan.Exploit.Vbs.Phel.M and Generic.XPL.Phel.7A2777C0

There are several infected files, all of which are located in:
c:\documents and settings\helen\local settings\temporary internet files\content.ie5\k3yrq7gt\...

I click OK to close the virus alert but it keeps popping up. Also, I can't seem to use BitDefender when this vrus alert is shown. During the scan it told me 0 infections were found and the virus alert box says "BitDefender has blocked this virus - your computer has NOT been infected".

How do I remove?
Thanks

As this issue appears to be resolved, I am closing this topic.  If you are the original poster and you WOULD like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you REQUIRE HELP, please start a New Topic with INFORMATION about your computer and your problem.

Is there any way to remove this MESS without buying anything? I have tried deleting it off my computer but to no AVAIL. Please, someone, help!Deleting what?What protection do you have, what EXACTLY have you done to try to remove it, etc. Details are important.Starting your computer in Safe Mode usually lets you delete undeletable files.           Please answer the above questions.

Then GO ahead and post a HijackThis log.  This will fill in any of the gaps.Hey Patio, what's with the giant tooth? Quote from: CARBON Dudeoxide on June 24, 2007, 09:39:31 AM

Hey Patio, what's with the giant tooth?

Can someone tell me what BlackCore is? Spybot's found it twice now and I don't know where it's coming from.
I found a few threads through Google but no one says what it does.Check this out

http://www.spywareguide.com/product_show.php?id=858The link Carbon provided will give you a bit of info.  Basically, it's a trojan that can allow other infections to enter, and you definitely don't want it on your computer.

What OS is this?
Is Spybot the only protection you have?  If not, what else do you have?
Have you SCANNED in Safe Mode?

Go ahead and post a HijackThis for us to take a look at.I use Windows XP sp 2.

I use these:
Spybot S&D
Ad aware
CCleaner
Norton
AVG
Spyware Blaster
Spyware Doctor

After finding it for a third time yesterday I haven't seen anything from it since. But it might be rebuilding itself or whatever.

log file:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\admin\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.66.105.14:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component MANAGER] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O9 - Extra button: c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
First...I see that you have HijackThis running from your desktop.  You have it in a permanent location, which is good because it makes important backups that you may end up needing.  However, to help you avoid clutter and to help ensure that the backups stay safe, I would like you to MOVE it to a special location.

• Double-CLICK on My Computer to open it and navigate to C:\Program Files.
  
• Right-click on the empty (white) space and go to New > Folder.
  
• Name the folder something like HJT and move HijackThis into that new folder.
  
• If you would still like to run HijackThis from the desktop for convenience, right-click on HijackThis and click on Create Shortcut.  This will create a shortcut to the program; move the shortcut to the desktop.

Hi,all. after scaning my mums gateway gm501
mediacenter xp2 profestional. with avg free, it
showed host file change.i could not find this in
faq,s.and i have no idea what this is.could somebody
tell me please.thanks for your time...p.This is nothing to be concerned about.  It simply means that there has been a change in the Hosts file, which is a file that blocks certain sites/domains from displaying.  For more info on the Hosts file, SEE the following...
http://en.wikipedia.org/wiki/Hosts_fileOnce agian thanks for your help CBMatt.
cheers......Hosts File Info...No problem, Paul.  patio has a good reference there as WELL.Thanks........If this was my computer I'd want to know what changes were made to my hosts file, your hosts file can be used to deny access to anti-malware sites or more importantly it can redirect your internet banking just to name a COUPLE of things.
Don't dismiss this warning without full investigation to SATISFY yourself all is well.

A newly identified malicious program not only messes up its victims' computers, it taunts them too   

The program, called the BotVoice.A Trojan was first spotted by security vendor Panda Software SA last week. It is a Trojan HORSE program, which the victim must download first. But once installed, it gets nasty.

The Trojan soon sets to work trying to delete everything from the victim's hard drive, while at the same time endlessly repeating an audible message, apparently designed to taunt the victim.

"You have been infected I repeat you have been infected and your system files have been deleted. Sorry. Have a nice day and BYE bye," the Trojan says.

It does this by using a text-reading program that is part of the Windows operating system, Panda said. Users of Windows 2003, XP, 2000, NT, ME, 98 and 95 are all at risk.

Unlike a virus, BotVoice.A does not jump from computer to computer on its own, but spreads via P-to-P (peer-to-peer) networks or storage devices such as CD-ROMs or USB (UNIVERSAL Serial Bus) memory drives.

The Trojan is unusual because unlike most malware written these days, it appears to be designed to perform mindless vandalism, said Roger Thompson, chief technology officer with Exploit Prevention LABS Inc. "I haven't seen brainless vandalism like that for years," he said via instant message. "The good news is that such a Trojan will never be widespread, because everything is profit-oriented now, and there's not a lot of money in taunting someone."

http://www.pcworld.com/article/id,134206-c,trojanhorses/article.htmlthanks and thats kind of koolwelcome   Haha, that sounds like a MOVIE.   

Like if someone gets infected.

I've just been running Ad-Aware 2007 and noticed it had found exactly 384 infections. Could this be the cause of my PC freezing?Pretty much...

That's a start...having found theses infections, they should be deleted and/or quarantined.

Once you're done checking for spyware...I'd also run an antivirus program.I just ran AVG Anti-Spyware, also known as Ewido.

I attached the report.



[Saving disk space -  old attachment deleted by admin]So now your COMPUTER is free of adware and spyware.

Have you run an antivirus scan...if so...was it clean as well?

Are you still having issues with your computer freezing?I am running Active Virus Shield now. I'm at 37%, and am running one hour, 45 minutes and 45 seconds already.

It seems it is going to finish in 3 hours.

I am clean so far. I think my C drive is clean as well. And no, I haven't experienced freezing today, I had some freezing yesterday which was quite severely, THOUGH.These scans should never take this long.

I would stop the scan you are currently running.  UPDATE my protection...boot into Safe Mode and run the scsans again....individually.  Run the antivirus scan first...then the AVG spyware program...in Safe Mode, though.  Let them delete and/or quarantine what they find.  Boot into Windows normally and run your scans again.Oh, no. The finish time is reducing. Never mind about the 3 hours waiting time.

And I have TONS of games on my drives.still i have 400 gigs of hhd space and and pletty of used and mine never takes this long. try avg free antivirus. Get spybot search and destroy and superantispyware. Then scan in safe mode with everything updated

I am a member of several forums on the web and pretty much always use the same login name:  Allochthonous.

About a month ago, I joined the iPod Hacks forum and asked some questions.  A couple of weeks later, I received the following e-mail in my Hotmail, which is the account I use to register for forums, etc.

Dear Allochthonous,
Your account on iPod Hacks Forums has been locked because SOMEONE has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The PERSON trying to log into your account had the following IP address:
70.86.138.114

Don't forget that the password is case sensitive. Forgotten your password? Use
the link below:
http://forums.ipodhacks.com/login.php?do=lostpw

All the best,
iPod Hacks Forums

I shrugged this off as odd, but did not really worry. I just figured that some visitor of the site was messing around or had a login that was similar (or wanted that one).

Well, this morning I received this email in my Hotmail:

Dear allochthonous,
Your account on Digital Camera Resource Page - Forums has been locked because someone has tried to log into the account with the wrong password more than 5 times. You will be able to attempt to log in again in another 15 minutes.

The person trying to log into your account had the following IP address:
72.233.34.186

Don't forget that the password is case sensitive. Forgotten your password? Use
the link below:
http://www.dcresource.com/forums/login.php?do=lostpw

All the best,
Digital Camera Resource Page - Forums
I joined this forum about a year ago and have not been there in several months.
Both of them are in my Favorites.  A little freaked, I traced the IP using http://www.arin.net/whois/ to the DALLAS, TX metro. They appear to be different providers, one in Dallas, one in Frisco.

I really do not think my system has been jeopardized, as I use real time antivirus, have Windows firewall turned on, am behind a router, and am a relatively SAFE internet user.  I check my security at Shield's Up about once a month, just to be safe.  I am invisible, according to it.  Besides, why in the world would anyone who has hacked into my system give a crap about FORUMS??

My only other lead is that I have a friend who lives north of Dallas. He has a 12 year old son who messes with computers quite a bit. I have found that you can Google "allochthonous forums" and it will pull up quite a few of my posts on various sites.  He does know that I use this as a login name, but I don't know that he would know how to spell it.  HOWEVER, when i lookup his IP, it shows up as CableOne.

I am willing to accept the identical verbiage in the letters, as they are both vBulletin forums and probably use a standard letter for this warning.

Could it be a bot?

What the heck?

PKAllochthonous .......  Well the first thing I would do would be to log into both of your accounts and change the password.

Record the 2 ip addresses just in case they are required in the future.

Let us know if you have any issues when changing your passwords.


dl65  Found this:

http://www.dcresource.com/forums/showthread.php?t=32112

Seems I am not alone on the DCRP forum.

PKmaybe a bot try to crack your info? got your name off the sites or just someone This is certainly an odd issue.  It might be a bot like warrior suggests.  At this point, I don't think there's a whole lot you can do it about.  Just keep a close watch on that thread and report any other e-mails you may receive.

my brother has recently downloaded something and it is freezing up my computer/internet. my internet connection is very very slow and disconnects from time to time. my computer in general has been very slow. i downloaded mozilla firefox thinking it would make my connection a BIT faster but it didn't and started giving me random pop ups. i don't know what to do. do i need to reformat it because i want it to be like how it was when i first bought my laptop. please help me!!! i also get trojan.vundo, infostealer, WinFixer, MisleadApp, trojan.Metajuan, and DriveCleaner on my Norton Antivirus. i just got a TRACKING cookie on my norton scan. risk is lowok.. what operating SYSTEM...


look at my signature... get spybot, superantispyware, Ccleaner, avg antispyware



reboot in safe mode
(tap F8 rapidly)

make sure all protection are updated..

RUN scans one at a time... remove what they find... reboot in normal mode.... report how you computer is doing...  also get hijackthis and post a log for us to look at... it will take 2 or 3 posts to get the whole login.Istall avast it will get rid of trojans.i a heart beat. avast :::Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Hi, I have a fujitsu laptop with windows xp home edition
Yesterday i was searching in google using different words for
advertising & the searches were fine. Today i typed in the word
Advertising and clicked the search button and WITHOUT WARNING my
connection to the internet was terminated. I can type advert,
advertisement and do a search and i remain connected but if i place
advertising in the search box i am continously disconnected. I tried
the same search in yahoo and the computer was STILL disconnecting. Can
anyone give any advise. i have checked my computer with spybot , avast , zonealarm virus checker, adaware but none of these seem to find anything wrong.
Can anyone help
thanksIs your malware protection up-to-date?

Have you tried a full system scan in Safe Mode?

Is your Windows operating system up-to-date?I don't believe I've ever heard of an infection doing such a thing.
It could just be a coincidence...  How many times have you tested this?
Do any other words cause this to happen?
Who is your ISP and what kind of connection do you have?
Are you the only user of this computer?  Someone may have downloaded something that's causing this.Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a NEW Topic with information about your computer and your problem.

Hi,

Has anyone heard of the setup.exe virus? And how do i remove it? Because USING the anti-virus to scan only makes it WORSE and programs cannot be used after. PLEASE ADVISE


Thanks
Greghttp://www.symantec.com/security_response/writeup.jsp?docid=2002-091913-2922-99&tabid=1We need a lot more info.

What OS do you have?
What protection is installed on your computer?
Where is the file located?
How about a HijackThis log?

setup.exe could be just about anything.  It's one of the most common filenames out there, for both infections and LEGITIMATE programs.  It could be Ajim, the Klez worm, Hidden Dragon (let's hope not), Win32Agent, or any number of other worms and trojans.  If you know the location of the file, then upload it to VirusTotal and POST the results here.

Also, go ahead and scan with Panda ActiveScan and post those results here as well.



In your next post, I'm looking for: answers to my initial questions, and logs from HijackThis, Virus Total, and Panda ActiveScan.Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

And what about the VIRUSTOTAL log(s)?

Quote

Trojan.Malware
   C:\Documents and Settings\Owner\Desktop\access

Quote

Trojan.Malware
   C:\Documents and Settings\Owner\Desktop\access

Is this where the detected infection resides?  It doesn't give a specific file?  What's in that folder?

I have a problem.  I have been trying to install some progs. from disk via my dvd/cd drive.  I only use it because my cd drive isn't showing up.  Anyway, it keeps telling me there are CRC errors for every thing I try to unzip.   This just started about a week ago.  My dvd drive is new (3 months old) and it's a light scribe.  I haven't had a problem with it before.  Could there be a VIRUS causing the problem in my dvd drive?  Any suggestions?No...as of yet thank goodness a virus cannot attack your CDDrive...

CRC errors are caused by corrupt DLoads...where are you DLoading these files from ? ?I have a WEBSITE.  The web host gives free web templates to download.  I downloaded them (they are in zip format) and since i live way out in the country and can only get dial up connection t took forever to download so I put them on cd.  I have used them before and didn't have a problem also I bought a cd on ebay with zip files on it.  It worked fine until a couple weeks ago and it's doing the same thing.  (Nothing ILLEGAL.) Just more templates and logos and banners.  I also have Dreamweaver that I bought and is very expensive.  I had it installed before and couldn't figure out how to use it so I uninstalled it about a year ago.  Now when I try to install it, it gives me error message.  Just in the last two weeks.

So any suggestions?

Thanks,
MollyMollyBaloney ........ Did your cd drive not showing up and the problem reading these cd's that contain the zip files start at the same time ?

I would try this ......... Try the cd's in another pc and see if they will open ok.
That will confirm that they aren't corrupted.

Who installed the new dvd/cd -rw ?
If it was you, SHUT down the machine and unlpug the data cable from the dvd/cd -rw and then plug it back in again ...making sure that the connection is nice and snug. Then do the same thing where the data cable from the dvd/cd plugs into the motherboard.

Will the dvd/cd-rw play a music cd ok as well as a movie dvd ?

You might also have a read in the link below
http://www.pcanswers.co.uk/tips/default.asp?pagetypeid=2&articleid=35711&subsectionid=616



dl65  Hey the disk can be damaged! Chek if it is so and if true go buy a cd repairer!The advice above yours will let her know if the CD is damaged or the files are corrupted...

I don't put much credence in site advisor at all...I agree that SiteAdvisor does tend to be inaccurate at time.  The site for Free Download Manager, for example, is red-flagged because one of the sites it links in turn links to a site with ADWARE.  And certain sites like DoubleClick are sometimes green.  But it's all still a work in progress.  You will still have to use your own discretion at times when using this program.  Whenever visiting a site that you're not familiar with, it's always a good idea to actually read the reports, as they give you a lot more information to work with.  With that said, perhaps I should start including a disclaimer when suggesting this program.  Thanks for making me think of this.  Heh.

Now, as for this slow computer you speak of...if you want to post a log for it, go right ahead.   No matter how busy it gets here (and thankfully, it's not too busy this weekend), I'm always happy to do what I can.  As with all cases, it won't tell us everything, but I'll see what might stand out.Logfile of HijackThis v1.99.1
Scan saved at 13:50:59, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

RUNNING processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v8\System\VC8SecS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RaConfig2500.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\OEM\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3981
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.systemaxpc.co.uk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P40 "EPSON Stylus Photo RX420 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX420 Series (Copy 1) on ACERASPIRE3000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P63 "Auto EPSON Stylus Photo RX420 Series (Copy 1) on ACERASPIRE3000" /O22 "\\ACERASPIRE3000\RX425" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RaConfig2500.lnk = C:\WINDOWS\system32\RaConfig2500.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.systemaxpc.co.uk/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://r1bena.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145636885156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v8\System\VC8SecS.exe

Thanks Chris!!!


ChrisNothing malicious stands out to me in this log.  You could TRY disabling a few programs, which might decrease lag, but I highly doubt it would change the internet in any way.  From a virus standpoint, all I can suggest is scanning with Avast and AVG, and maybe get Spybot on this computer.  Is the Avast firewall installed on this computer?  If not, what firewall does it have?

As far as I can tell, this computer's speed issues are likely a hardware and/or network issue.Hey there, sorry for late reply it's been a crazy week. Been in A&E twice within seven days
Anyway it has no software firewall on, but however it does have the hardware one provided within our Wireless router. The issue of the wireless is not really something that affects us, because we have the two laptops, but it is something id like to sort, just for the knowledge.
Anyway thanks for everything man.
Your a legend.

ChrisNo problem, Chris, I'm glad to HELP.  I hope you manage to get this issue figured out.

Got a potential new client that has this little mother.  Done some "Googling" and found some very long, contorted fixes.  I wonder if any of you have come across this and fixed it short of a wipe & install.

Alan &LT;><  Alan, this is the standard fix...

Download CWShredder here to its own folder.

UPDATE CWShredder

• Open CWShredder and click I Agree
  
• Click Check For Updates
  
• Close CWShredder

Hi, I think I posted this in the right place... I searched and didn't see any solutions on the board.

I have recently been getting popup advertisements when I use Internet Explorer.  They randomly popup and have "CiD" in the top.

In a quick google search, a solution that was suggested was to uninstall the "CiD Help" from the add/remove programs in the control panel.  I've uninstalled that... is it completely removed from my system now?

Does anyone have any suggestions?

Thanks!

I have an Acer Aspire 5600 with Windows XP.  1.6 Ghz Intel Core Duo Processor T2050, 1G RAM and 100 GB hard drive.I noticed in other threads that people were asked for a "HiJackThis" log.. so I went ahead and installed HiJackThis and here is my log: (2 parts)



Logfile of Trend MICRO HijackThis v2.0.0 (BETA)
Scan saved at 7:09:24 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Installer Files\HJT2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\Torrent101\TorrentManager.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime TASK] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [build mess ace mail] C:\Documents and Settings\All Users\Application Data\Noun Bind Build Mess\PLATFORM FORD.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [frag grim] C:\DOCUME~1\Kelly\APPLIC~1\FUNKNU~1\trust mess.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155489351562
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11073 bytes
SK,
We haven't forgotten you but our resident experts for Hijack logs are a bit backed up right now...

Here's what to do in the meantime.
Update all your protection programs.
Disconnect from the web and re-boot into SAFEMODE and run all your scans .
Re-boot , re-connect to the web and post back with a list of all your protection apps and any results they gave you...Yes, open The "Add/Remove Programs"-program.
If You have The "Messenger Plus! Sponsor Program" installed; remove It.
You don't have to remove The whole "Messenger Plus!"-thing from Your computer; just remove The "Sponsor Program".
This worked for Me (I had The CiD-sh*t).  Really not sure how this post got by me, but in any case...

specialkel,
If you're still around, download AVG Free, Ad-Aware SE Personal, and Spybot - Search & Destroy.  Install all of them and update them to the latest definitions.  Then follow patio's instructions of scanning in Safe Mode.

Post back with your results as well as a new log.  However, please remove your current version of HijackThis and use this version instead.  Version 2.0 is still beta, which is basically another word for "software that doesn't work yet" and I prefer to not use it yet.It got by cause of a one month bump but not from the OP....

Since malware often changes browser settings, it could be as simple as changing them back. If this is the only problem, that would be the first thing I'd check.

my PC is Infected by virus all files become word icon and i cant open it they need a converter if im not mistaken the virus exe file is lsass.exe is this a virus?

how can i recover my files to open ti again?
how ca i delete this virus?

thanks lsass.exe is a valid file, but there are INFECTIONS that use this filename.

Clean up with CCleaner (install WITHOUT Yahoo! toolbar) then download AVG Free, AdAware SE Personal, and Spybot - Search & Destroy.  Update all of them and scan with them in Safe Mode.  Clean any infections that are found.

Once you've done that, POST a HijackThis log.and superantispyware(i love this PROGRAM)I was going to suggest it, but I thought I'd leave it for you.  Heh.

Hi, in the past few months I have had trouble with my computer shutting down on me. It does this only when I run a program or game that uses full screen mode (no window) and it always does it 1 or 2 minutes after the program starts. The computer simply turns off abruptly (blank screen, no power). I have run numerous scans for viruses and spyware and have found nothing (spyware cleared out some stuff, as usual, but not thing that was causing the problem). Any help resolving this issue would be greatly appreciated.

System:

Microsoft Windows XP
Professional
Version 2002
Service Pack 2

Computer:
Mobile AMD Athlon(tm) XP-M
Processor 2800+
1.60 GHz, 992 MB of RAM

I have been using AVG free edition and Trend Micro's Sysclean to scan for viruses and Spybot to deal with spyware. In case it makes a difference, my computer uses a built in graphics card (64mb I think) that struggles with even simple graphics, but this problem has occurred even when no strain on the system was EVIDENT. Thanks in advance.ok make sure your case is free of dust
and

dl
avg anti-spyware
superanti-spyware
adaware se personal
Ccleaner

update and do full scans in safe modeWell, I'm beginning to doubt that this is a virus, although I welcome any help in discovering what it really is and how to fix it. I downloaded the recommended programs, brought all their files up to date, and ENTERED safe mode. Here is how it went:

Ad-Aware: Found and removed some things, mostly cookies.

AVG Anti-Spyware: Same as Ad-Aware

Cclean: Cleaned out a pile of files

Spybot: My computer pulled the shutdown thing on me when this was about 75% through it's scan.

Super AntiSpyware: Same as Spybot except that the shut down came much earlier.

AVG Anti-Virus: This is where things got weird. My computer has 2 disks. It scanned the first one, which contains windows, without problems but my computer shut down on me part way through scanning the second hard drive (used for storage). I restarted my computer and did a scan again, following where it was scanning up until it crashed, noted the program it was scanning, and removed the program from the system. I then ran Spybot again, and the crashing persisted. At this point I ran AVG scanning specific drives. I first scanned the second drive and the scan completed with no problems and no viruses found. I then had it scan the first drive and it again had no problems completing the scan and found no viruses. Now I ran a complete scan again and the complete scan got through both hard drives without shutting down and found no viruses. So now I ran spybot again and... it shut down as before.

So, if anyone has any idea as to what could be causing this and how to fix it (or who I should ask about this) it would be a big help. Thanks alot. Quote from: FredLOMD on May 08, 2007, 09:37:16 PM

I restarted my computer and did a scan again, following where it was scanning up until it crashed, noted the program it was scanning, and removed the program from the system.

ok make sure your case is free of dust
and

dl
avg anti-spyware
superanti-spyware
adaware se personal
Ccleaner

update and do full scans in safe mode

Is anyone aware of viruses etc. that attack the monitor itself? Or is the monitor a completely "passive" device? My flatscreen flashes on and off with "signal out of range" for the first ten minutes then works without problem. I have reloaded drivers, adjusted resolution, cleaned the registry, scanned etc... Nothing seems to affect the problem except patience (10 minutes).

I want to test my monitor by replacing it. I fear contamination and would like some assurance that this is safe first.

Thank you in advance.infections dont attack monitors.

whats your OS and what protections do you have? and is the video card a addon or intergraded??


unlovedwarriorWindows XP sp2
NVidia G-force
integrated

Symantec
Spybot

I'm away from the computer in question.  I can run diagnostics and give more complete info tomorrow. I have read the faq's and searched the other boards.ok dl avg anti-spyware

superantispyware

Ccleaner

adaware se personel

scan with those and tell us what they find( save and post the logs if you can save them)I appreciate your time and advice, and I will keep these suggestions for future reference. At present high speed internet is not an OPTION where I live except through satellite. My dial -up is intermittant and only slightly faster than an earthworm in dirt. DOWNLOADING the programs would take hours if not days. (I am at work now)... i have learned a great deal from your posts and those of others.
Again thank you.you cant dl them at work or a friends house??

and your welcomeDownloading at work is risky and is a good WAY to get fired. I work two jobs and have 4 kids under the age of 5 to take care of at home... I think I need to bite the bullit and invest in satellite so I can download late at NIGHT. A friend's house is a good idea. Would a thumb drive be a good medium? As you can probably guess i am new to computers...yes 128mb will doHi there,
Just out of interest do you know how many start up operations you have?! It could just be that the P.C is taking a while to load up all that is necessary to display the images on screen. Do me a favour and just click Start---->Run--->Then type MSCONFIG--->Then click the Startup Tab, and just give me an approximation as to how many objects are ticked.
Hope this helps

ChrisThanks for the idea. I will have to reply tomorrow. Got to go teach a class... Quote from: whorton on May 08, 2007, 02:01:36 PM

A friend's house is a good idea. Would a thumb drive be a good medium? As you can probably guess i am new to computers...

Norton has scaned the virus named 'Trojan.PSW.WorldOnline' but it can't be deleted.
I don't know how to kill it. Help!!!
You can add a remote request in www.pc-onlinehelp.com/supportlist.aspx. They provide live remote desktop support now. You can have a try.  jimkopc  ........  Does Norton indicate where it is residing ?

Here's what I would suggest trying.
d/L ......  ccleaner if you don't have it. Get it at  http://www.ccleaner.com/
Note.... when installing ccleaner, do not install the yahoo toolbar.
d/l AVG Antispyware ...  get it at  http://free.grisoft.com/doc/20/lng/us/tpl/v5
once you have it installed , get the LATEST updates.
Next , run ccleaner ......... just the cleaner part ...... remove whatever it finds.

Next, shut off system restore.

Next .... reboot the machine into "SAFE" mode
To get into safe mode, just as the machine is starting to load, repeatedly tap the F8 key and when the list of how do you want to start appears.....
select SAFE mode ....... then let it load.
Once it's FINISHED loading ( your desktop will look differant than the normal mode) run a SCAN with AVG Antispyware.  The elusive trojan should be found . Either quarantine it or delete it, and write down where it is (was ) residing .
Once Antispyware is finished ......... run your Norton again , while still in Safe mode on the off chance there are any more infections.
Reboot back into normal mode....... and report your findings here so we will know if you have removed it or not.

If it has been successfully removed, turn system restore back on .

dl65  Quote from: badboydy on May 10, 2007, 01:56:40 AM

You can add a remote request in www.pc-onlinehelp.com/supportlist.aspx. They provide live remote desktop support now. You can have a try. 

AVG, as I recall, only scans the files about to be booted during its bootup scan.

Boot-Time scan, however, is like running your OnDemmand scanner, but quicker, and with more resources available, and no files in use. By the way -

A sometimes handy little tool to have:
http://en.wikipedia.org/wiki/Eicar_test_file


I can't seem to FIND it/download it at  http://www.eicar.org/    ,   but it is easy to make it with the info found on that wiki page.


Besides using it to test your own system,  it can provide a bit of fun if you can get a copy of it onto a friends system.      Quote from: Zylstra on May 06, 2007, 04:15:38 PM

AVG, as I recall, only scans the files about to be booted during its bootup scan.

Boot-Time scan, however, is like running your OnDemmand scanner, but quicker, and with more resources available, and no files in use.

Quote from: Zylstra on May 06, 2007, 04:15:38 PM

AVG, as I recall, only scans the files about to be booted during its bootup scan.

Boot-Time scan, however, is like running your OnDemmand scanner, but quicker, and with more resources available, and no files in use.

Ah.
Ok.

Thanks

Quote from: WillyW on May 06, 2007, 04:19:18 PM

Quote from: Zylstra on May 06, 2007, 04:15:38 PM

AVG, as I recall, only scans the files about to be booted during its bootup scan.

Boot-Time scan, however, is like running your OnDemmand scanner, but quicker, and with more resources available, and no files in use.

Ah.
Ok.

Thanks

This is inaccurate...

p.s. Zylstra do me a favor...make a folder and nest it 5 levels deep and place eicar in there and see if Avast finds it even on it's thourough scan....a root beer says it won't.

Quote from: WillyW on May 06, 2007, 04:19:18 PM

Quote from: Zylstra on May 06, 2007, 04:15:38 PM

AVG, as I recall, only scans the files about to be booted during its bootup scan.

Boot-Time scan, however, is like running your OnDemmand scanner, but quicker, and with more resources available, and no files in use.

Ah.
Ok.

Thanks

This is inaccurate...

p.s. Zylstra do me a favor...make a folder and nest it 5 levels deep and place eicar in there and see if Avast finds it even on it's thourough scan....a root beer says it won't.

Quote from: patio on May 06, 2007, 09:49:25 PM

Quote from: WillyW on May 06, 2007, 04:19:18 PM

Quote from: Zylstra on May 06, 2007, 04:15:38 PM

AVG, as I recall, only scans the files about to be booted during its bootup scan.

Boot-Time scan, however, is like running your OnDemmand scanner, but quicker, and with more resources available, and no files in use.

Ah.
Ok.

Thanks

This is inaccurate...

p.s. Zylstra do me a favor...make a folder and nest it 5 levels deep and place eicar in there and see if Avast finds it even on it's thourough scan....a root beer says it won't.

I'd like to know why that would make a difference.  Any scanner that can't do this would have to be very poorly designed.  I wouldn't say that Avast! is the greatest, but it's certainly not that bad.

One thing I would like to point out, though, is that AVG detects Eicar the very second it's created.  As soon as I save the file, AVG notifies me.

Try packing it 5 levels deep in an archive then, rather than folders.

As soon as I click on the link to download it Avast warns me.

Quote from: Calum on May 07, 2007, 02:20:13 AM

Try packing it 5 levels deep in an archive then, rather than folders.

No matter what I try to archive it with, access is denied.

Try packing it 5 levels deep in an archive then, rather than folders.

...

It also depends on the scan type.
(A lot of virus scanners allow a user to not scan .zip and other packers, since it takes longer)

I cant even start downloading the virus file, since Avast stops it before I even click "Save As"

I did superanti, adaware, search and destroy, and AVG anti virus SCANS in SAFE mode.
Search and Destroy found some WindowsDisable stuff. I REMOVED that, but there is still an error COMING up for autoprotect for norton. I've done the scan a couple of TIMES, and the same thing keeps coming up.

The Norton  AutoProtect error comes up after 3-5 minutes of the computer being on. Before then, it's fine. I'm not so worried about Norton specifically, but rather that it means there is definitely something wrong.

Take a look at this thread.  It sounds like Norton may be overriding your Windows Security Center settings.

My mom wants me to install VB .NET 2003 on her laptop (compatibility problems with 2005 Express). Now, I've got the discs, but I keep GETTING told that another program wants the PC to reboot. This is a red flag; she didn't do anything to prompt this today.

I removed the Norton software (ugh!) and I've installed Avast!, SpyBot, A2, SpywareBlaster, ZoneAlarm, and HJT. Just running A2 and SpyBot, I've got: 521 from A2, and 143 from SpyBot. That's 666 problems between the two programs.

I have a feeling her PC will run much better when I'm done with it.

EDIT: 801 is the final count, and I haven't run Avast! or Ad-Aware yet.

EDIT: 803... Quote from: Dilbert on May 07, 2007, 10:50:55 PM

666 problems between the two programs.

Hey guys, on Wednesday I went with an older senior CITIZEN to help her purchase a laptop computer with Windows Vista.  A purchase was made at a Best Buy store.  One of the sales reps in the store mentioned anti-virus software; specifically, he mentioned a package they offer which includes making a restore CD from the restore partition on the hard drive, installing anti-virus software (I'm not sure whether this included the software or just the installation of it), and I THINK maybe something else for $149.  I told him I would take care of the anti-virus.  He asked me what I was thinking of installing.  I said AVG Free.  He said it's not compatible with Windows Vista.  I was skeptical and still declined their package. 

I see that Vista is one of the OS listed at http://www.download.com/3000-2239_4-10695030.html.  I did not have time to try installing AVG on her computer yet.  She does not have Internet access yet.  Just wondered whether any of you have used AVG with Windows Vista or have any personal knowledge about this issue.

Edit: I just found some info on AVG's website that shows Windows Vista as one of the compatible OS, as I would expect.  I suspect the Best Buy sales rep was simply not well informed.It runs fine on Vista...

Being able to create restore CD's for the machine is free if she visit's the manuf. site for instructions.

If she wants the SECURITY of a backup program as well ACRONIS True Image can be shipped from newegg for less than 35 bucks.

You just saved her $115.00 Good Job !

Quote from: soybean on June 15, 2007, 11:21:35 AM

Edit: I just found some info on AVG's website that shows Windows Vista as one of the compatible OS, as I would expect.  I suspect the Best Buy sales rep was simply not well informed.

I am using Avast 4.8 Home Edition and have the Windows Firewall on. My OS is Windows Vista SP2.  I am puzzled as to the uses for the Standard shield, Network Shield, Web shield, and P2P shields and whether these "count" or together ACT as a firewall.  I have a custom set up (excluded D: from any scanning as shadow copies are on D:). Is anyone familiar with Avast? Am I going to have TROUBLE with using these providers with Windows Firewall on>
npersn31I have Avast. Never had trouble when I only had windows firewall. you should be able to get help here , but if not try below

http://forum.avast.com/These features act in a way that is similar to a firewall, but the program doesn't necessarily replace a firewall.  You shouldn't have much trouble using this while still keeping your firewall ENABLED.