Explore topic-wise InterviewSolutions in .

mission accomplished!! emtied the vault!
now I AM rejoicing1.........Good to HEAR. Good LUCK keeping your computer CLEAN; we'll be here if you have any more PROBLEMS.

Some ware along the line I picked up an item that resides next to my clock in the bottom bar of my system [Windows XP]. It is a red shield with an X that changes to a blue shield with a [?]. A left mouse click opens your website. A right mouse click does nothing. Periodically this icon will generate a ‘System Alert’ balloon telling me my system is under attack. It also interferes with my eireless keyboard, mouse and ties up my system briefly. I don’t seem to be able to remove it. It has become very annoying. Please help.This is a virus or similar malware PROBLEM.
Grab Hijackthis and post a log as well as what protection you have, and I'll move this to the virus section.
I have cleaned a PC with something similar before, but our virus experts will no doubt have an easier and more thorough method.does it look like this?



If it does, it is the icon of the Windows Security Center. Try hovering your mouse cursor over it, and see if a tooltip appears. You can click on it and open the Windows Security Center and configure various settings.

If the above does not happen, what happens when you right click the icon?
looks similar but changes color. the website that opens is VirusProtect ProIt's a Zlob infection. Zlob Trojans masquerade as video or audio codecs REQUIRED to view a movie or listen to a audio file. In reality, though, these Trojans instead install VirusProtectPro as well as other malware on to your computer without permission.

When the Zlob Trojan is launched on your computer, it will automatically download and install VirusProtect Pro. When VirusProtectPro has finished downloading and is installed, it will automatically launch and start a SCAN of your computer. This scan will provide exaggerated or false results and state that the only way to clean these "infections" is to purchase the commercial version of the software. They do this purely as a way to scare you into purchasing the full commercial version of their software. Needless to say, you should not purchase VirusProtectPro.

Another byproduct of the Zlob Trojans are that you will see fake security alerts in your Windows taskbar saying there is a problem with your computer or that you are infected. Once again these alerts are false and are only being used as a scare tactic. When you click on the alert, it will automatically launch VirusProtectPro and do a scan.

Removal tools here

http://www.bleepingcomputer.com/forums/topic98219.html





It worked great!! Even a SENIOR citizen with little experience did it. THANK you.
paul
As this issue appears to be resolved, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

my sister is running windows xp on a LAPTOP which was badly infected with spyware. We run ewido and removed what it found (alexa and eurocliock).
She is getting pop UPS that tell her that there is problems with the registry. they look like genuine windows warnings. they tell her to go to registryfix and to regfix.info    
Is this safe to do or is this more spyware?More spyware.  Genuine Windows popups do not tell you to go to places other than Microsoft.com...Thanks. Any ideas on how to remove this spyware? I thought her HIJACKTHIS log looked o.k.
Ran Ewido and spybot in safe mode but they arent picking anything else up. I then went to zonelabs to get her a firewall, and
did the free check  and it showed up alexa toolbar. (after deleting alexa  from the ewido quarantine)
Anyone know the name of the spyware that sends these bogus windows warnings?I bet these things are popping up with Internet Explorer?  I suggest you wait for one of our resident spyware removal experts here to come along and provide further instructions.  thanks     shell27......
Alexa Toolbars 4, 5, and 6 may also be uninstalled using your computer’s Add/Remove Programs feature. Open your Windows Start menu, go to Settings, click on Control Panel, and then double click on Add/Remove Programs. Click on Alexa and then click the remove button. The next time you open a new browser window, the toolbar should be gone.
Tools which you should have available for the prevention and control of Malware ....:
A PROVEN anti virus program ........ with the latest updates
Spybot Search and Destroy ( with Resident activated) ......with the latest updates
Ad-Aware SE PERSONAL ......with the latest updates
MicroSoft AntiSpyware beta.......
CCleaner ...... with the latest updates  run this at least once a day .
Ewido .......

It might also be prudent to run a scan with hijackthis and post it here .
If this laptop is (was) full of crap , it would be a good idea to run all the above mentioned apps from the safe mode .......... ( with the system restore turned off )
Don't get into the habit of clicking on something offered by a warning popup   it is almost always trying to sell you something by suggesting that your machine is infected and in a few minutes it will be running like new..... they usually will do some sort of a scan and then tell you that there are all these issues ....... Then the kicker ......... please have your credit card handy and click here ....... and all the issues will be fixed ........ LOL


dl65  

I still see no evidence that the procedures have been followed. However, run Hijackthis and fix the following entries. Ensure that you make backups as my Brazilian isn't that good:

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe

O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe

O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe

O4 - HKCU\..\Run: [SysBrand] C:\ARQUIV~1\iGv6\sysbrand.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.4rf.com

O20 - WINLOGON Notify: CONTROL PANEL - C:\WINDOWS\system32\enlol1331.dll

O23 - Service: SAFMMSEventsService - Unknown owner - C:\Arquivos de programas\SAF Tehnika\SAF Management\service\SAFMMSEventsService.exe


Reboot to Safe Mode, archive the following files and/or folders using Winzip or similar and then delete them:

C:\windows\keyboard5.exe
C:\windows\mousepad5.exe
C:\windows\newname5.exe
C:\WINDOWS\system32\enlol1331.dll
C:\ARQUIV~1\iGv6\

Reboot normally and post ANOTHER logfile.

Remember, you absolutely must keep backups!!!After several unfruitful attempts I decided to format C: partition and made a new installation of XP.
All things  are now back to normal. The invaders were growing in quantity and "quality" each time computer were turnned on.

Does anyone know where a fella like myself can get a free antivirus trial? I am a BROKE college student and I rely on my computer to get me through school. I can’t risk going another day without protection. I appreciate the help   SlowBurner.......LOL ...... Don't they teach you how to use Google in College ?
If I were you I would sign up for a course in googling ......... LOL .
In the meantime , go to ...... http://www.majorgeeks.com/download886.html
and download the free version of AVG ...... It's fully functional ....... once you have it downloaded , get the latest updates.

dl65   Quote

Does anyone know where a fella like myself can get a free antivirus trial? I am a broke college student and I rely on my computer to get me through school. I can’t risk going another day without protection. I appreciate the help  

Thankyou for your help CBmatt,
I will like to KEEP this TOPIC locked for sometime, till the downloading issue gets solved in the other thread that has ALREADY been started.

This thread was flamed unnessarily and the topic was changed so many TIMES that it sure was hard to keep track of what is being solved.

Thankyou .

Hello. I am OPERATING on a 2001 DELL Dimension 2300 with WINDOWS XP installed.
EVEN with my knowledge of computers somewhat, I still manage to experience problems daily. I surf the WEB using AOL 9.0 Optimized on a dial up connection  (I know, bad move). I have Spybot S&D, Ad-aware,Spyware Blaster,AVG anti virus, Hijack This,CW Shredder,and Zone Alarm free firewall.
I recently decided to open up my ntuser.dat file which is located in C:\Documents and Settings\All Users.  
I had reason to suspect something might have been installed without my permission, while surfing the internet. Someone had told me to look there first.

My ntuser.dat file reads:

 "regf     ¥HêfQÆ                     d   s e t t i n g s \ a l l   u s e r s \ n t u s e r . d a t           Backdoor:Win32/Spyboter.DI                                          Backdoor:Win32/Spyboter.DI                                          Backdoor:Win32/Spyboter.DJ                                          Backdoor:Win32/Spyboter.DJ                                          Backdoor:Win32/Spyboter.DK                                          Backdoor:Win32/Spyboter.DL                      q†š?          
 
What does this mean? Would spyware be listed in this file with the NAME "spyboter"? Could a programmer be this stupid?
Could it be something to do with Spybot and its protection?
Please help. This bugs me.

Somebody, Please help me. While I was at work - a window popped up while my mother was using the computer and she downloaded some crap that won't even let me get into my control panel to remove the program. All my personal ACCESS to my own computer is GONE!!! It KEEPS telling me to contact my system administrator. It's called the AVSystemCare - some spyware of sorts.

I am trying hard not to go berserk on my mom - Although I have warned her so many times against this stuff....now she is just looking at me and saying, "Oh, I don't know, go fix it." That doesn't sit well with me, as you might imagine.

Does anyone have some advice for me??? PLEASE???press windowskey + r and type in appwiz.cpl, and press ok, that will open the add and remove programs part of control panel.Try a system restore. Try to remove it in safe mode.This virus has blocked me from access my Add/Remove Programs. I can't even get into my Control Panel. The icon doesn't even show anymore. I can't CHECK my emails either.

How do I remove it in Safe mode? i don't know what that means - I'm having no luck with getting rid of this virus. read and follow, google spybot search and destroy

then read this To boot into safe mode what you have to do is reboot your computer and press F8.  You can keep PRESSING it to MAKE sure if you want to.  Then you will have a DOS screen with some options.  Choose "safe mode".  Then once your computer boots up try to access control panel from there.  Also run your anti virus and anti spyware scans from safe mode as well.

ps:  It's normal to have some text scroll by on a black screen when booting into safe mode.  Also if it seems like it's freezing don't touch it.  Some take longer to load then others.  Good luck.AVSystemcare is a fake "computer security" program that gives false warnings of security threats in order to induce people to buy a paid for version.

The application reports the presence of the following fake threats:

    * Trojan.Backdoor.IROffer
    * Trojan.Spy.DKangel

The user is then prompted to pay for a full license of the application in order to remove the fake threats.

This is how to remove it. If you do not feel competent to follow these steps (they involve dealing with the registry and if you do this wrongly you could make things worse!) I STRONGLY suggest you either find someobody you trust to do it properly, or take the laptop to a computer repair company and get them to do it, and present your mother with the bill. Don't let your mother use the laptop in future.

   1. Disable System Restore (Windows Me/XP).
   2. Update your antivirus software definitions. (You do have antivirus?)
   3. Run a full system scan.
   4. Using Regedit, navigate to and delete the following subkeys:

      HKEY_ALL_USERS\Software\AVSystemCare
      HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator
      HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator.1
      HKEY_CLASSES_ROOT\AppID\PopupG.DLL
      HKEY_CLASSES_ROOT\AppID\{7F7775D5-1EC8-4c0d-9BD7-6F3380959861}
      HKEY_CLASSES_ROOT\CLSID\{C4514FE1-54AA-42f0-B212-BA8065206F8F}
      HKEY_CLASSES_ROOT\CLSID\{D3B4C621-6024-410b-9F0F-22CBD6981F5E}
      HKEY_CLASSES_ROOT\G.Object
      HKEY_CLASSES_ROOT\G.Object.1
      HKEY_CLASSES_ROOT\Interface\{D961C9CA-59B3-46DD-9CEE-47714CFE2831}
      HKEY_CLASSES_ROOT\TypeLib\{55B49019-E69E-47FD-A67F-F28D83E5B695}
      HKEY_CLASSES_ROOT\TypeLib\{7F7775D5-1EC8-4C0D-9BD7-6F3380959861}
      HKEY_LOCAL_MACHINE\SOFTWARE\AVSystemCare
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UGA6P_is1
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\AntiVirus
      HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\AVSystemCare
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AVSystemCare
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FOPF

   5. Navigate to and delete the following entries:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"atf_reinstall" = "%ProgramFiles%\AVSystemCare\atf.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AVSystemCare" = "%ProgramFiles%\AVSystemCare\pgs.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"rtasks" = "%ProgramFiles%\AVSystemCare\rtasks.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"uga6pcw" = "%ProgramFiles%\Common Files\AVSystemCare\atf.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"%ProgramFiles%\Common Files\AVSystemCare\"UGaChk.dll" = "1"

   6. Restore the following registry entries to their original values, if required:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"AntiVirusDisableNotify" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"AntiVirusOverride" = "1"

   7. Exit the Registry Editor.
   8. Re-enable System Restore.

AVsystemcare is one of the programs that RogueRemover targets so give it a try if your unsure about editing your registry.
If you decide to edit your registry take care and backup before you start.Suzanne, if you're using windows vista or windows XP, then create a GUEST account. That way, if you ever let your mom use your computer, she logs in as a guest so she can't mess with your files.

I believe you can find a way to restrict certain things so that she can't unknowingly change settings on your computer or make it not work...

I was answering a post about a "keylogger" so I googled and tried to C&P a link. However, when I got back, I couldn't type anything. Cut-and-paste was this:

5**-**4-**** cell (I changed the numbers to *'s to secure the privacy of the person)

I did type this in, but I don't remember putting it on the clipboard. And I could type in notepad, but nothing worked in the post box. I closed and restarted, a little ANNOYED. Normally I get a dialog box asking "start from previous" "start X session" "start with blank" "start with none". However, I gat about:blank as the page. I - *censored*

The hijacker APPEARS to have deleted itself - no, I ran the aboutBuster. But I don't know if it'll come back. Just in case, I'm attaching a HijackThis logfile.Dilbert....... So are you certain you have completely removed the highjacker ..... and I noticed that you did not include all the info in your hijacker log ......  the very top info is missing and that is important .
BTW .... I have recently sent you 2 pMs and you dont seem to reply to them , is there some reason you dont ?

dl65  I only got one, and I replied to it.

OK, SORRY. I removed the top info to save space because attachments weren't working for me as they should. Top info is:

Logfile of HijackThis v1.99.1
Scan saved at 3:46:29 PM, on 4/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Dilbert , ok ...... How did you get RID of the hijacker ? I ask so I may suggest what apps to run to ensure your clean.


dl65  I ran AboutBusterDilbert , the scan you attached....... was that from before you started the cleanse or after you finished ?

dl65  Right after.

Ad-Aware came back with a Tracking Cookie and removed it. Norton found nothing. Spybot found and removed the following:

Comet Cursors
MyWay.Mysearch
Windows Security Center.AntiVirusOverride
Windows Security Center.FirewallDisableNotifyAn aside: I downloaded SpyBot on my mother's computer. She insisted that her limited Internet use KEPT her safe, but no less than 22 problems were founds, including Windows Security Center.FirewallDisableNotify and Windows Security Center.AntiVirusDisableNotifyDilbert....ok ,  In your running processes ...... Use the device manage to kill....

  C:\WINDOWS\system32\cfpsys.exe  

Now mark for removal the following :

O4 - HKLM\..\Run: [Warning: do not remove it! (system)] cfpsys.exe

017 ..... ALL of them UNLESS THEY ARE ASSOCIATED WITH YOUR ISP

O23 - Service: MySQL - Unknown owner - C:\MySQL\bin\mysqld-nt".exe (file missing)

If they are all marked .....click fix checked ......

Then reboot and post a fresh logfile .

dl65  OK, the cfpsys.exe does look suspicious, but it's actually part of a password-protect program I downloaded. Info is here:

http://www.bleepingcomputer.com/startups/cfpsys.exe-14104.html

And removing the 017 things, I've found, causes issues with DynDNS updater. I've found this out by removing them, not being able to get online and getting errors from DynDNS, then restoring them and finding everything condition Green again...

The last one I fixed, but I'm going to bed. I'll post another one in the morning. (GMT-8 shows 11:10 PM. And it's a school night!)

So, G'night. Dilbert ...... Quote

017 ..... ALL of them UNLESS THEY ARE ASSOCIATED WITH YOUR ISP

Logfile of HijackThis v1.99.1
Scan saved at 19:45:27, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\WMPEnc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Kids\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,[email protected]
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E669B3-7C3D-4CFF-A4B8-04348E3B9F76}: NameServer = 85.255.115.46 85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FF8C4E-E1B9-40C7-BEB4-7398C4863721}: NameServer = 85.255.115.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA384C8F-8E59-46F5-9BFD-B6086054A9FC}: NameServer = 85.255.115.46
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.46 85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E669B3-7C3D-4CFF-A4B8-04348E3B9F76}: NameServer = 85.255.115.46 85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.46 85.255.112.154
O18 - PROTOCOL: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
whats the problem? how is your computer acting? what scans have you ran?Sorry I am trying to fix a mates pc, her brother has been downloading loads of crap...
What i have done so far

1.Virus & spy ware scans
2.Safe mode Virus & spy ware scans
3.Defrag
4.Registry Cleaner
5.Safe mode hi-jack this scan

The computer has just been acting really really slow, pop-ups etc just your general crap that needs cleared... Had a quick look through the log file... There's a bunch of toolbars in IE there I'd get rid of, toolbars annoy the *censored* out of me.

Only other thing I would take a look at is fraps.exe. While this application is harmless, some virus's can appear as this file.

There could be more, I only had a quick glance as I need to go do some actual work today, heh.

CBMatt is great with HJT log files, if he's online at some point I'm sure he'll tear the log file apart and give you some good advicedon't do the hijackthis in safe mode do it in normal modeunlovedwarrior is right; you need to do the HJT scan in Normal Mode.  However, your log looks like it's from Normal Mode (despite what you said in your post), so I'll just give my advice...

What anti-virus is on this computer?  Whatever's on there, it isn't active.  It's important to have an active anti-virus scanner.  Otherwise, this is pointless because that computer will just get infected again.



Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O17 - HKLM\System\CCS\Services\Tcpip\..\{19E669B3-7C3D-4CFF-A4B8-04348E3B9F76}: NameServer = 85.255.115.46 85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FF8C4E-E1B9-40C7-BEB4-7398C4863721}: NameServer = 85.255.115.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA384C8F-8E59-46F5-9BFD-B6086054A9FC}: NameServer = 85.255.115.46
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.46 85.255.112.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E669B3-7C3D-4CFF-A4B8-04348E3B9F76}: NameServer = 85.255.115.46 85.255.112.154

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
(SweetIM isn't exactly malicious, but it's considered a form of adware/spyware.  Take a look at some of this quote from its EULA...)

Quote

When you conduct a search through our toolbar, we send our advertising partner your IP so that they might be able to serve ads targeted to your location geographically.

My pc affected virus w32.spybot.
my symantec antivirus SCAN tihs virus and the program called" firefoxupdateg.exe"
then i deleted the risks.
seems no more virus.
but when my pc 1st on,the IE page will auto run.why?

i'm using WINXP PRO,IE 6.0
Do you have FireFox on your computer? Does your homepage come up or another page?i uninstall fire fox and delete all the file contain firefox.
because my pc is very slow,the page is blank but loading,i didn't wait it then close it.
any method that i can fix this?under registry or...TRY going to Start, then All Programs, then Startup Programs, and see if IE is in there no ...startup folder is emptyDownload SUPERAntiSpyware, update it, and scan with it in Safe Mode.  Then restart your computer and POST a HijackThis and we'll take it from there.hmmm.... ive had the same problem A trojan somehow magically whent away and My homepage was MSN.comDue to lack of feedback, I am closing this topic.  If you are the original poster and you would LIKE this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I got a virus, and instantly it TURNED off my windows firewall and now it wont let me turn it back on! I immediately disabled my ''local area connection", but now when i go to enable it, it creates this "internet connection" icon too(in network connections), and it wont let me disable it( and when i click to disable it, my boyfriends computer , which is connected to the same router, instantly loses its connection. My internet still works though, unless i do what i just mentioned, but it works again when i unplug the modem and router, etc. But when i disable the local area connection, it goes away! So since then I installed a personal firewall, which hasnt helped, and about everyday I get the BLUE SCREEN OF DEATH(it shows up randomly). I know the BEST THING to do would be to reinstall windows, but i hate doing that, and thought id see if there was another way first. Any help or input would be very much appreciated!!! By the way, im running avg pro, and it caught the virus when it attacked, and said that it healed it, but it kept popping up. Ive also installed trojanhunter and that didnt help, also aluria scanner but no go on that since it doesnt let me remove anything without buying it. Someone on another site GAVE me some links to look at, but they were SO confusing and very tedious. I'm hoping for some help or any info here, IT WOULD BE GREATLY APPRECIATED! Thanks so much!
Reply With Quote kelsmit3093......  Did you happen to get or have the name of the virus which attacked your machine.  After going off line ......
Did you think turn off your system restore ?
Did you reboot into safe mode and run your AVG pro ?


dl65  i dont remember what the virus name was, and its been about 3 weeks or so since that happened and i run a scan with avg everyday and it doesnt find anything.  ive seen a lot of people posting their hijackthis logs in the help forums, but i have no clue if it would be of any help to anyone, but ill post it anyways:

Logfile of HijackThis v1.99.1
Scan SAVED at 2:51:55 AM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\Starter.Exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spy Emergency 2005\SpyEmergency.exe
C:\Program Files\AdWare SpyWare SE\AdWare SpyWare SE.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\MalwareSweeper.com\Malware Sweeper\MalSwep.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdWare SpyWare SE\AdWare SpyWare SE.exe
C:\Documents and Settings\KelSmit_3093\Desktop\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINDOWS\System32\Starter.Exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"
O4 - HKCU\..\Run: [Adware Spyware SE] C:\Program Files\AdWare SpyWare SE\AdWare SpyWare SE.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\Malware Sweeper\MalSwep.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogI am no expert but theres something wrong with that log. Its only half a log.

Malware Sweeper, Adware Spyware SE, SpyEmergency, Spy Watcher, SpywareTerminator all look sus to me.

Hey, i was skimming through my system folders recently to see if anything seemed out of the ordinary and noticed that there was a new file in my Local Disk called command.exe. I didn't think it was anything bad until I realized that command.com is the authentic system file that causes no harm and is located in the same folder. I googled it and certain websites said that it's an undesirable file that should be removed immediately.

Due to my hectic schedule I delayed a while in doing anything about it until yesterday when both my Sygate Firewall and WinPatrol notified me about strange behavior resulting from that file. I ran my AVG Free Antivirus but it didn't scan command.exe as a harmful file. I've ALSO got Spybot S+D, SuperAntiSpyware, and Ad-Aware installed on my comp. Should I just scan my computer with each of those programs in order to get rid of it? (I scanned with Superantispyware for an hour but it still hadn't gotten to scan that file and I didn't have anymore time to wait.)

I'll appreciate whatever you have to say, THANK you.  I think this is malware, there shouldn't be a command.exe file in your windows folder. Try uploading the file to this site, the file will be scanned with a range of different AV solutions.
http://www.virustotal.com/Very helpful website, thank you.

Antivirus  Version  Last Update  Result

AntiVir  7.4.1.66  2007.09.02  HEUR/Malware

CAT-QuickHeal  9.00  2007.09.01  (Suspicious) - DNAScan

eSafe  7.0.15.0  2007.09.02  Suspicious Trojan/Worm

Ikarus  T3.1.1.12  2007.09.03  Backdoor.Win32.Prorat.19.i

Panda  9.0.0.4  2007.09.02  Suspicious file

Sophos  4.21.0  2007.09.02  Mal/Heuri-D

Webwasher-Gateway  6.0.1  2007.09.02  Heuristic.Malware

File SIZE: 13824 bytes
MD5: a60aa52b2f1c62390e1b4535355976a5
SHA1: a42d4a966a7f3719e992f21042b4cdd0d08892c 1
packers: PECOMPACT, BINARYRES
packers: PecBundle, PECompact

So, 7 out of 31 engines found it to be harmful. Next?DLoad and run Stinger.
Then DLoad install update and run AVG Anti-Spyware...iight, i ran stinger but not much happened, i'll update as SOON as i'm done with AVGIf the file still exists, you should delete it in Safe Mode.  Then go ahead and post a HijackThis log and we'll see if anything else might running in the background.Good idea, i'll update asap.Due to lack of feedback, I am closing this topic.  If you are the original POSTER and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I got this virus a while ago from Limewire called W32.Alcra.f.

Up until now I thought I had properly deleted it. One of the things that is did was create a folder "%userprofile%\Complete" or "C:\Documents and Settings\Jay\Complete" with the hidden +H and system +S directory attributes. The virus downloaded all sorts of pornography into the folder. When I found it I knew I was infected, so I scanned with AVG and Ad-Aware. It found the infection, and said it deleted it. The virus no longer shows up in my scans anymore or does some of the other things it was supposed to. Somewhere during the process I thought maybe it would be a good IDEA to reinstall Limewire. After I reinstalled I picked another Limewire folder at "C:\Documents and Settings\Jay\LIMEWIRE" rather than the default "%userprofile%\shared". I no longer get any pornography in my "complete" folder.

After a while I noticed pornography was being downloaded to my LIMEWIRE folder. At first I thought it was my brother, but I've seen more porn download even when no one has been on.

How do I get it to stop? What should I do to fix it? :-?

Does it have something to do with my Limewire configuration file? :-?You know the drill by now. HijackThis log, please.Wraith...... Quote

I got this virus a while ago from Limewire called W32.Alcra.f.  

Up until now I thought I had properly deleted it.

%System%\netstat.com
%System%\ping.com
%System%\regedit.com
%System%\taskkill.com
%System%\tasklist.com
%System%\tracert.com
mFiles%\outlook\outlook.exe.

Why doesn't F8 work though? What am I doing wrong?

I believe im infected with viruses... please help, suppose to be giving laptop to my sister tomorrow.. yikes!!!

virus is believe infected with is Win32/PEMask

running on Windows XP

Logfile of HijackThis v1.99.1
Scan saved at 8:16:20 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://djmissyd.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe



Run Agv, spy bot search and destroy all in safe mode try a registry cleaner.


If your given it to your sister you could try wiping the whole thing all you NEED is the windows disc ! Just give her the virus infected computer. It dont MATTER if you aint using it. Quote from: mycompisbroke on September 03, 2007, 09:25:08 AM

Just give her the virus infected computer. It dont matter if you aint using it.

Run Agv, spy bot search and destroy all in safe mode try a registry cleaner.
If your given it to your sister you could try wiping the whole thing all you need is the windows disc !

I have a 'file missing' entry too but the file is there, correct SPELLING & path as well.
I CHOOSE not to delete the entry because HIJACKTHIS has GOT it wrong, see below for details.

O23 - Service: Prevx Agent (PrevxAgent) - Unknown OWNER - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)

I have a windows me computer & last night I was searching the web for birthday graphics for my sons myspace. All the sudden my antivirus (Avast) kept going off & wouldn't repair the viruses it was detecting, my pop-up blocker went crazy & my computer kept freezing & then didn't want to boot up. I finally got my antivirus to scan & it kept popping up some win32-gen something that wouldn't delete, & wouldn't go to the virus chest. I finally downloaded a trojan remover & ran that. My computer seems to be ok...not quite as good...a little slower booting up. I found in my msconfig a couple of places where it says LLDSRNGR.EXE (I know very well that wasn't there before) & they are unchecked. Spybot S&D picked nothing up. Was needing someone to look at my Hijackthis log to see if I got everything. I'm not sure how to post it but here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:03 PM, on 8/31/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hometownohio.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.hpwis.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google TOOLBAR Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - .DEFAULT Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_12\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_12\BIN\SSV.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader OBJECT) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab

--
End of file - 5970 bytes
Did you run those scans (spybot etc.) in safe mode with system restore turned off?Like Flip81 IMPLIES, you should run your scans in Safe Mode.  I would also suggest giving SUPERAntiSpyware a shot.

As for your log, there are only a couple of questionable things I see...  Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
(WildTangent isn't malicious, but it's not needed.  And their privacy policy states that they collect information about you and your activity and share it with third parties.  I would get rid of it.)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab

Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

Alexa
WildTangent

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\WildTangent
C:\WINDOWS\wt

Navigate to and delete the following file(s) if present...

C:\WINDOWS\web\related.htm

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up.  Let me know how everything's running now and if you had any problems following my steps.



Also, your Java is out of date.  You'll want to correct this quickly, as it will help provide further protection for you.  To do so, go here and click on Free Java Download.  You will be given instructions on what to do next.

And you're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo.  They're all good free firewalls.  Just be sure you only have one installed at a time!I'm sorry, I've been really sick with pneumonia...feeling slightly better now...I'll get to work on this. Also noticed when I go to start...programs....disabled startup items I see TA_Start.... This is new too I'm figuring spyware or trojan??? Ran Avast in safe mode system restore disabled:

Having problems getting rid of WIN 32 trj This is what the scan says when I try to move it to the chest/vault:

Win32:Downloader-IB [Trj]

The RPC serveris unavailable
can not process c:\_RESTORE\TEMP\AOO35647.CPY file  what do I do?

Also had this on 8/30 go into the chest....thats when my computer went haywire..

Win32: Vundo-gen46 ...& it is listed 7 times on my avast for the same day
Win32:VB-ESB trj ...& is listed 3 times

On 8/31 this was in the virus chest/vault

Win32: Adware-gen. & is listed 3 times

Quote from: SillyLilRose on September 06, 2007, 09:49:58 AM

I'm sorry, I've been really sick with pneumonia...feeling slightly better now...I'll get to work on this. Also noticed when I go to start...programs....disabled startup items I see TA_Start.... This is new too I'm figuring spyware or trojan???

Ok i have what is supposed to be a film in a folder in my documents im running windows xp pro sp1, i have tried deleting the movie but to no avail all i GET is the ERROR msg this file is being used by another program or person, so i thought in my infinate WISDOM boot into safe mode and delete the file, alas all i got was the same error message, i have tried veiwing the properties but the window just does not appear, i have tried deleting the folder it is in but nothing seems to be WORKING, i had this problem before, but i cannot remember how i resolved it now. Please help, oh and in addition i did disconnect the cable modem whilst trying.

thanks in advanceGoogle for KillBox.exeOk got it thanks, it was a bit stubbourn and the standard file kill wouldnt do it, but the delete on reboot option worked however it moved the file into its own folder at C:\!KillBox again i tried to remove it and the standard file kill did not remove it so once again i done the delete on reboot option, i have since searched for the file and all traces now appear to have gone, so thanks a lot Fed  Thanks for the feedback, we thrive on it.

So I was stupid enough to download something from an "adult" website and now I think I've got a virus.  It started out with internet pop-ups saying "fatal error" and a bunch of computer lingo I didn't understand.  My computer started showing me virus alerts but the software is out of date so I tried downloading some free virus protection offline.  It doesn't really seem to work, it just pops up a "detection" window that asks me if I want to delete, deny access, ignore or quarantine the virus.  Another part of my computer tells me I've got malware.  My computer is really slow and sometimes my icons or tool bar don't show up when I boot up. 

Tonight when I get home i'm going to reinstall the virus protection on my computer and try and delete that other stuff...it just doesn't seem to be working and I'd rather do what my computer tells me.  I have no idea what I'm doing....any help?You should be very careful when downloading anything, especially from adult sites.  Many of them are chock full of viruses...a bunch of politics we don't need to be getting into right now.  Anyway...

Assuming you have Windows, which version is it?
Exactly what protection do you have?

Go ahead and post a HijackThis log and we'll take it from there.Ok....... first of all the internet is a great place for Fun and games but most sites are made up of viruses I hope you get this problem fixed soon...
get AVG virus software just google AVG or Avast Or NORTON internet security.
And Scan in safe mode if you have no clue how to get into it please post saying you DONT know how.Due to LACK of feedback, I am closing this topic.  If you are the original poster and you would LIKE this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Okay, I use a friends computer from time to time to watch DVDs because my computer doesnt have a DVD drive. He hardly every uses it himself except to listen to music and write documents for school/work, so theres no file sharing or chats as far as I KNOW.

Its a HP Pavillion 555e, not running any firewalls or other applications to keep it safe...(I am going to get on him about installing some)

The problem is when I first sign on, this error ALWAYS comes up - "The ordinal 139 could not be located in the dynamic link library LIBEAY32.dll"  Is this a virus?

IM thinking this might tie into the problem of the CD-R/RW drive not being recognized at all by the computer even though Device Manager sees it and when I updated the drivers, it said new software was detected, but the drive still wont read CDs of any sort.

Help please?   faechan.....  This is what I can tell you ..

The libeay32.dll library is required for Filezilla to function correctly. If you use Filezilla you should not terminate or remove libeay32.dll, unless it is causing problems for your system.


dl65  Okay, but I dont even know what Filezilla is nor did I know it was even on the machine.
And what do you mean by 'dl65'?

I feel bad because this thread got so many views but only one REPLY...am I blatantly ignorant of something? =/Don't feel bad, we all have things to do aside from being here.
I looked at your thread, did a quick Google and decided to leave it to someone else to answer.
I don't think you have a virus but you may have to get a new LIBEAY32.dll file, try Google for the file name and you will know all about it too.
Once you get that part sorted out start a new thread for your  CD-R/RW problem.libeay32.dll is a library of encryption functions and its used for secure comms. Divx is the suspect. Quote

Don't feel bad, we all have things to do aside from being here.
I looked at your thread, did a quick Google and decided to leave it to someone else to answer.
I don't think you have a virus but you may have to get a new LIBEAY32.dll file, try Google for the file name and you will know all about it too.
Once you get that part sorted out start a new thread for your  CD-R/RW problem.

After a free trial put on by someong fixing our internet, we have decided to pay for Panda ANTIVIRUS - before we send off the order could anyone here say whether Panda is ACTUALLY any good (I've experienced no problems yet) or if Norton or McAfee are much better

Thanks  I have a client who is currently having serious difficulties with Panda. Whether or not there are any software issues we just don't know as it cannot be used.
He signed up to a 3 year subscription contract for Platinum 2005 iirc just over a year ago.
After major hardware problems, a complete reinstallation of the OS was necessary. The Panda installation went well but when he tried to update definitions etc it simply would not budge.
After some 6 weeks and multiple emails, Pandas singular reply was that as they no longer offer 2005, his prepaid 3 year subscription is invalid! If he wants updates, he must pay for 2006!
I believe the matter is now in the hands of UK consumer law experts.

The best AV solution on the consumer market is from Kaspersky Labs. A full "internet security package" is in the final days of very exhaustive beta testing sessions and is due for public release at any time. If you can afford to wait and Kaspersky pricing is competitive, it may be the one to go for.Panda isn't a really good anti-virus program. If you want free antiviruses which work wonders.. trying downloading AVG Free from Download.com it packs a really good punch for a free program either that or pay for a antivirus program like Kaspersky and that will get the jump done. I recommend the internet security package from Kaspersky.. It includes the antivirus program, anti-hacker, and anti-spam. Good luck on finding a really well program.whatever you do don't get norton. get kaspersky adn if you do, when and if it picks up anyhting it'll scare the crap outta you! When it finds a virus it screams like *censored*.......turn your sound down when you scan.Norton makes a loud sound when it finds a virus? Are you serious?  :-? I knew McAfee did, but Norton...

Flameno KASPERSKY scares the crap out of youIve had Mcafee on here for a year, and it always notified when a virus would try to slip onto my computer.RE Norton: Norton is okay if you have freeware scanners and the like to go with it, but it won't do enough on its own. I have norton, got it free with my motherboard, so heck, I'm using it. I USE the following regularly:

Norton SystemWorks (AntiVirus, Firewall, and Internet Security in one)
Ad-Aware SE Personal
SpywareBlaster
HijackThis

I also keep saved in case of emergency:

AboutBuster
SpyBot
CCleaner

There's probably more. There's really nothing stopping you from getting all these minus Norton plus another AntiVirus and having a steel-reinforced computer. At least, I know I'm clean. Check to see if your Internet SERVICE PROVIDER provides any Anti-Virus/Anti-Hacker protection.

Common services that have protection:

Quest
MSN
Yahoo
Comcast
Verizon\


EDIT: A year ago (or so) I made a HUGE mistake. I installed more than one AV scanner (because Norton is a *censored* head and does not like being removed from computers) and my computer would not start.
If for some reason this happens to you, start your computer in Safe Mode and uninstall the AV scanner that you no longer want to fix the problem.
Also: avast! is an excellent FREE virus scanner. Its just not good at removing Adware/spyware.
And McAfee and Symantec do not remove all adware and spyware.avast! Now that is great, i got it free with my laptop. I would recomend it easy, it recently won best anti virus beating off the likes of Norton, Mcafee and avg, with many more! More can be read here:

http://www.avast.com/eng/avast_wins_sc_award.html

Anyway back to the subject it really is a great scanner, for me its very quick and does a great job. Very easy to use and for the one i have which i think has been payed for comes with many cool features. Like a P2P sheild, have no idea wahts that is but lets face it, it sounds cool. You can also have something called VRDB which helps to repair files that were infected during loss from a virus, but you do have to create a database. May take up alot of space on hard drive not sure. If you do happen to get a virus on your system it tells you all you need to know about it and the best action to take, this can also be found on their website. There are also many more features. If your intrested i have posted a link for their homepage.

www.avast.com

C}{r1$

I need help!!!!!! My internet searching is jacked up. It is if I have been HIJACKED.  Whenever I put in what I am searching for in my interenet browser the results do not match what I asked for.  It is bringing up results for sights like monstermarkertplace.com, toseeka.com, findstuff.com,shopping.com,lowpriceshopper.com etc...... these are just some examples of what I get every single TIME no matter what I say I am searching for.  I have re-installed my internet explorer and I don't know whatelse to do now.  Does anyone have any suggestions of how this happend and how do I fix it?

Run in safe mode...

Virus scans
Spyware scans
Registry Cleaner It won't let me start up in safte mode any other suggestions?How are you TRYING to get into safemode and what error message is telling you it won't let you in ? ?No error message, it would just not go into safe mode.
That's odd...pamford:

What exactly happened when you could not get into safe mode??  How did you try to get into safe mode in the first place?It started up in regular mode.  My husband new how to start it up in safe mode.  I am not exactly sure what he did but it would not do it. It looked like it was going to do it once but then switched back into regular mode.We have now taken off windows explorer and am reloading it to SEE if this will work.  Any other suggestions would be appreciated. pam:  did you guys ever run any scans at all???  even in regular mode?Yes.  We did all the scans anti virus, spyware, registry, and adware  in regular mode and nothing fixs the issue.  I am hoping installing the new internet explorer will work or at least maybe I can try the safe mode again.  What is the best way to do safe mode?Ok sorry for the late response.... .

When the computer first starts up keep hitting F8 sorry just to double check you are doing the right thingMy suggestion:

Start up your computer normally and download HijackThis (USE another computer and transfer it with a disk/flashdrive/CD if you have to), run a scan with it, and post the log here.  This will hopefully give us a better idea of what's going on.Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

My grandmother has a computer, but it is dying. My thinking is that viruses got the better of the machine combined with hardware problems. Anyway, her PC won't shut down, not even the power button works, among a slew of other issues. But that's hardly an issue; she has got all her data backed up at my request. I won't dare go through the horror of doing a HijackThis fix by EMAIL. She's going to save and get a new PC, a Dell. I made sure the PC was good enough to handle her needs (she does some photo work and book writing, and Email, but not much else) but not too pricey. The PC we like has Trend Micro PC illin Internet Security with Antivirius, Firewall and Spyware removal on it. She wants to know what to think of it, and I personally have never heard of it before. What do you guys think about this software?What model # is this? Make sure enough RAM and...well, you know the rest. I just got a free copy of that PC-Cillin product (because I was a Beta Tester) and it seems fine for a Windows box. EASY to use and feature rich with regular updates.I am making sure the specs at least match the Sony VAIO she was using. It worked OK for pictures and books.

Anyway, I meant to ask how good it is at blocking viruses. She, like us, currently uses Norton.Dilbert.....  If GRAMS got msn messenger installed ..... why not use remote assistance and you can connect to her machine and run thru the fixes remotely

dl65  Well, viruses aren't the only PROBLEM. Her hardware is dying, too. It's old, very old. I would rather go to her house and do it, but extenuating circumstances prevent me from doing that. I'd rather not get into details. Anyway, CD-ROMs die, Floppy drive dies... it's undergoing hardware decay.I thought you were going to tell us it's another eMachine.   It's an old Sony VAIO. No clue what the serial # is.I got one more question. She has a fairly decent-sized hard drive (I won't say no to... 40 GB? 60?), and after she gets a new system in the future, I get her hard drive. I intend to make it a slave, and format it to use as a bin for files when needed. If there are viruses, can they run on my system if I don't boot from that hard drive? I can handle them if so, I got a ton of protective software, just wondering.Depends what, if any, malware is on there, but it would be a good idea to format the drive first. That guarantees safety.  Absolutely.  I know of no virus that can self-populate without its code being run; so on a slave drive, you would probably need to double-click on something in order to ACTIVATE the virus.  But why take the risk?  FDISK & FORMAT and have done with it.  (Format on its own is not enough, since it could leave boot sector viruses in place.)

Hi.  I am new here and I am not computer savvy.  I have been reading as many posts as I can trying to FIND an answer to my own problems.  I have downloaded programs that were recommended to others but I am at my wits end with this computer.

Here is my brief history:
I have had this Dell computer for less than a year.  Used it very rarely because we were on slow dial up.  We had a company come in and install a satellite but before I had a chance to do anything with it, my boys were on here DOWNLOADING stuff so I am not sure what is good or bad.

I am using Microsoft Windows XP PS2

The first clue that there was something wrong was when we started getting pop ups that we had adware and they wanted me to buy a cleaner.  Also, every time I do a web search it takes me to a different site than the link says and I can see it says "redirect" in the bottom window.  It never takes me to the same site twice.  I no longer get the pop ups but I still get redirected.

I have downloaded several things and they have found several things:

Spybot S&D:
Zlob video activeX Access
Magic antispy
Spylocked.fake alert
Zlob DNS changer
Drivecleaner 2006 (can not delete)

AVG
Virus Vault: Trojanhorse Dowloader Zlob

SuperAnti Spyware Quarantined:
Malware Drivecleaner
Malware Virus Protect Pro
Trojan Smitfraud Variant
Adware Tracking Cookies

All of these were ran in "Safe Mode" and they say their clean, except for Spybot's DriveCleaner2006, and I still get redirected.  Why do none of the others find DriveCleaner 2006?

I also downloaded a firewall but I am not sure on the very first thing that comes up.  What is IEXPLORE.exe?

What should I do next?  I tried running Combofix but Spybot went crazy and I was afraid to continue.

Thanks to anyone who can help this computer newbie...
I'm not expert with this sort of thing, but you might get better response if you posted in the virus section. It appears that you are infested with lots of malware. Be patient waiting for a reply as our experts are all volunteers and for various reasons are not immediately available. Quote

I also downloaded a firewall but I am not sure on the very first thing that comes up.  What is iexplore.exe?

you might get better response if you posted in the virus section

iexplore.exe is Internet Explorer.

I would recommend reinstalling windows starting with a nice new clean computer...

What is your firewall?

Now, as CBMatt would say, post up a HiJackThis log (get it from here).

I've been scanning for rootkits with RootkitReveal and came up with the following log which I do not understand at all:

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed      4/15/2006 9:04 AM      80 bytes      Data MISMATCH between Windows API and raw hive data.
HKLM\SOFTWARE\TrendMicro\PC-cillin\14\ScanInfo\LastScanFile      4/15/2006 9:04 AM      46 bytes      Windows API length not consistent with raw hive data.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\0ECA619Ad01      4/15/2006 9:07 AM      18.28 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\5D859893d01      4/15/2006 9:19 AM      65.37 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\76CDE01Bd01      4/15/2006 9:19 AM      32.26 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\7EB53FF9d01      4/15/2006 9:06 AM      65.34 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\B0E78B8Ed01      4/15/2006 9:07 AM      36.24 KB      Hidden from Windows API.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsrh69r3.default\Cache\FF09FDFDd01      4/15/2006 9:20 AM      18.07 KB      Hidden from Windows API.


ANYTHING to be concerned about?  Should I use other rootkit scanners?  I'm seriously reconsidering reinstalling XP.  I'm certain I didn't DOWNLOAD anything malicious... fairly certain at least, but had problems with my firewall a few months back and didn't realize ports were out in the open.I also have results under rkdetector that I don't understand:No idea, personally - this is a relatively new field of development.  (Aside: I wish we COULD just have one malware detector for everything - that actually worked - rather than virus checker, dedicated trojan checkers, rootkit detectors (subset of trojans), spyware checkers, browser hijack detectors, ad infinitum.)  It would make sense to TAKE this query over to Sysinternals' forum where you're more likely to find lots of people who have already played with this.

My computer is at a stage where it takes 35 plus seconds to open a desktop folder.  I have looked at the generic recommendations on many of the forum posts and have done the following:

1.  Removed desktop clutter into folders.
2.  Ran CCCleaner and removed some older stufff and reduced startup requirements.
3.  Ran AVG
4.  Ran Spybot S&D
5.  Ran RegCure
6.  Ran Rogue Remover
7.  Defragged the computer
8.  Reran 2 - 6

I swear this is true:  I cannot install SuperAntiSpyware.  I get to a screen on the computer requesting my e-mail, and it will not go any further after clicking "next screen."   Last evening I left the computer on this screen for over 2 hours and it would not advance.

I would sincerely appreciate your assistance.  Here is my log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:33:10 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Irv K3IRV\My Documents\Download\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no FILE)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Irv K3IRV"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu ITEM: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://amer-ml23.amer.csc.com/iNotes6W.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{784B6C43-5C2A-4905-A782-C49E4FECD64B}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7323 bytes

R/Irv.for the sas try in safe mode it might work. also

Quote from: unlovedwarrior on September 22, 2007, 11:41:21 AM

read this and this one too and do everything in safe mode and then reboot into normal mode and get hijackthis and post a log (it might take more than one post to fit it all in)

1.  Come on, who doesn't like Talking Heads?

2.  You could ALWAYS start a new sentence...  You wouldn't believe the number of stories I've read that have several sentences!Too Late ! !

Don't even try to justify your faux pas by changing the subject to music or the wrath will be even more SEVERE !Someone has smitten me twice today. Matt must have gotten to me before I could get to him.. I hate these silent sneak attacks, why can't I see who had smitten me? What if one of my allies smites me and I keep applauding him? Yeah?

Uh...um...hey, look, the OP said "mousse"...  Recipe time?

*cough* Quote from: Raptor on April 18, 2007, 08:27:26 PM

Matt must have gotten to me before I could get to him..

Down by 2 in less than an hour. That means at least two people are at work. I'm going to stop caring, too tired.

When I wake up in the morning, I'm going to be genuinely pissed if I see a minus 10 karma on my account.

Another truly off-topic topic........ever since the Off-Topic forum was introduced, loads of topics are going off topic after the op's question is answered...somtimes not even.

Quote

I don't claim to be expert but all of you in answering this newbies post give him the impression that you are. Its you lot that should keep QUIET on subjects that you obviously know nothing about. Redirect users to somewhere that KNOWS how to deal with the issues.

Users should be aware that the information regarding malware viruses etc at this site is at best below average and at worst very dangerous

Lead on master and enlighten us all. We are not worthy.....

I am running windows XP home on a Dell 4500 Dimension. I recently upgrade from my 80gb to a 400gb hard drive. When I loaded the operating system back on it gave the drive the letter K . I have SINCE downloaded ADAWARE and Spybot search and Destroy. But when I try to run the programs I get a window that says   Windows-No Disk  , There is no disk in the drive. Please insert a disk into drive. Then I have 3 choices Cancel , Try Again or Continue. If I click on continue repeadly Spy Bot will run. Any Help This is driving me crazy. Is it because of the drive letter. It was loaded to drive K.

Thanks BaumerIf that is the only hard drive in the machine it should be C. If it is not, REMOVE all partitions, create what you like and load Windows on C. There is no advantage in a single 400 Gig. drive, but that's your choice.

Make sure at least SP2 is installed, the firewall is on and Spybot is loaded before even connecting to the Internet. Don't plug in an ethernet cable or anything until that machine is protected, or you will be doing all of this again very soon!

Spider,

I did install the drivers first. Then shut down and installed the new network card into a different pci slot. But it still does not come up in device manager anymore. And the green light on it does not come on.

So i decided to put the old network card back in with new updated driver. It does not freeze up the computer but it does not connect to the internet. It says network cable unplugged. ...now the green light is not on this one now...

I also tried to restore a couple of times but it says it cannot restore to that date. I tried to restore a to a couple of days ago and then back to 8/1 and it says it cannot restore back to that date.

The other thing it is taking 5-10 to boot up now. Now sure what I did to cause that.

Thanks
TerryI think i am almost there.

It is "Acquiring network address"  and i cannot get and further than that?

Any ideas?

Thanks
Terryhi If the card does not have any lights or has orange or red lights, it is possible that either the card is bad, the card is not connected properly, or that the card is not receiving a signal from the network.

are you using a hub or switch,  or router? VERIFY that the cables are properly connected and that the hub or switch has power.

if you have a router... you may have to reset them!

as for getting your ip address.

click start,Run,cmd, ipconfig / all
check your ip address if you see 0.0.0.0
type ipconfig /release then ipconfig /renew

are you sure you have the right up dated driver?
Verify that the network card is capable of pinging .....To ping the card or the localhost, type either

ping 127.0.0.1

This should show a listing of replies from the network card. If you receive an error or if the TRANSMISSION failed, it is likely that either the network card is not physically installed into the computer CORRECTLY, or that the card is bad.

Let me know and good Luck! 
spider





I am getting a green light. I reset the D-Link Router. I believe i have the right driver.

When i do the ipconfig/release then ipconfig/renew I get.. "an error occured while renewing interface Local Area Connection 16: The RPC server is unavailable.


When I ping 127.0.0.1 I get.."Unable to initialize Windows Sockets interface, error code 0."

Thanks
TerryRepair The WinsocK:
Another Potential cause of your inability to connect to the internet is a winsock file that has been altered or damaged by spyware or other digital threats.
Fortunately, repairing the winsock is easy to do. The appropriate method of repair depends on whether you have installed a special collection of windows security patches ...Known as Service pack 2.

which service pack do you have on your computer?
then I can help you better! spider

I have Service Pack 21.click the start button in the lower-left corner of windows.

2.click Run.

3.A winddow opens. Type cmd in the blank, and then click button labeled OK or press the enter Key.

4.A command Window opens. Type "netsh winsock reset" and then press the enter key. This restores your winsock to its original, default configuration.

5.Shut down your computer and restart it.

6.If you can successfully connect to the internet, you may discover that this fix has altered or corrupted your antivirus program, antispyware program, software firewall, or other programs that monitor your internet activity. In that case, you must reinstall those programs by following the steps below. This requires their original installation CD_ROMs or their digital installers and License Keys.


a. Click the start button in the lower-left corner of windows.

b. Click the control  panel. If you don't see this option, your Start menu is in classic mode. In that case, click settings, and then select the control panel.

c.double-click add or remove programs.

d.  A window opens. Scroll down the list until you see the name of your antivirus,antispyware, or firewall program.

e Click the name of the program, and then click the button on its right labeled remove.

f. If a message pops up and asks you if you want to uninstall the program, click the yes button.

g.After the software has been successfully removed, reinstall it by using  its CD-ROM or its INSTALLER program.


Note: When you uninstall a program, you also must restart the computer each time.



good Luck!  spider Spider,

That worked!!!!!!!!

Thanks alot for all the help!

Terrynot a problem, glad I can help .. make sure your anti spyware and virus programs is up to date.
scan for a virus ....also go to microsoft UPDATE windows too.

once you scan for a virus.... go to http://housecall.trendmicro.com/

 scan for a virus there too because some antivirus program can detect better than others.

take care !   spiderThis Link will tell you what a winsock is...
http://home.centurytel.net/nacent/guru/learn/dasock.html

spider

These two files are in your running processes...

C:\WINDOWS\inf\svchost\svchost.exe
C:\WINDOWS\inf\svchost.exe

I don't know if they're related to your problem, but you should get rid of them.  Reboot into Safe Mode, enable hidden files and folders, and delete those two files.  Don't get them confused with C:\WINDOWS\system32\svchost.exe, which is legit.  If you have any problems deleting those files (you may need the help of Killbox), let me know.  You should post a new HijackThis log so I can see if we're making any progress.I deleted..still not working.  I have questions I am no pro but..maybe I deleted that dll FILE thats let me share?  Is it possible to download that dll file?  (hey I don't even know what a dll is so I could be total off based! ).  I am just desperate SINCE most geek/tech stores are closed.It's possible that a missing file could be causing problems, but I think it's unlikely.  However, we may be able to find out.  Do you have an official Windows CD for your computer?  Do you have trouble logging into other sites, or just eBay?  Also, have you tried contacting eBay to get their opinion?

I'm still interested in seeing a new HijackThis log.OK last TIME here...do I go to another forum to start as a new hyjack?   I did ask ebay  and they said since I can log on from another computer that is my laptop not their problem.  Last night Dell logged on to my computer..basically did what everyone told me here to do and still couldn't fix it (they tired for about 2 hours!)..he said it was ebay's problem, since I only have a problem with their website!! I really don't want to pay someone big bucks to tell me the same thing and not fix it.  Any other suggestion would be greatly appreciated!!no you can post it in this topic, it might just take more than one post to get the complete thing POSTED Quote from: Fed on September 21, 2007, 11:56:03 PM

How did you set IE to it's defaults?
Was it something LIKE the following?

1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Security tab
6. Reset all 4 security zones to Default
 
1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Privacy
6. Restore 1 Default button
 
1. Start
2. Settings
3. Control Panel
4. Internet Options
5. Advanced
6. Restore 1 Default button

You may need to do the following as well
 
1. Start
2. Settings
3. Control Panel
4. Internet Options
5. General tab
6. Remove cookies, temporary files and history

Kudos to Raptor.

Ok, here's one for the pros. I have spent a few hours cleaning out a bunch of crap from my Mom's Windows machine. It's running ME, and had previously been host to Kazaa and a lot of other junk.

 Most of it seems to be gone, and AdAware and Spybot don't show anything, but when Windows is done loading the dial up connection still keeps trying to connect. It's QUITE annoying I would imagine. I have also run Hijack and took out quite a bit but I am no expert with it so here's my file:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:54 PM, on 4/21/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WMIDHY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
C:\PROGRAM FILES\INTUIT\QUICKBOOKS\COMPONENTS\QBAGENT\QBDAGENT2001.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - C:\PROGRAM FILES\FTK\FTK.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [wmidhy] c:\windows\system\wmidhy.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2001.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq.com/falco/SysQuery.cab


Anyone have any ideas about why I am still getting this connection attempt? (It's just the normal default connection to the dialup ISP)

thanks,

mox_PERL

EDIT: I TOOK IT OUT OF BOLD. SORRY. Fix:

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL

It may be the issue. Here's what it does:
http://www.webhelper4u.com/tnewswritigs/ceresbuddy_exe.html

Is that the entire HJT log? Nothing after that? Also, I would appreciate it if you didn't put it in boldface in the future. It's a little difficult for me to READ, strange as it seems. I daresay you got a lot of any crap on that machine. Excellent work on that. 8-)mox_PERL....Just had a look at your logfile and in addition to what has been suggested , I would be removing ........

O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - C:\PROGRAM FILES\FTK\FTK.DLL    

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL    [highlight](this one has been targeted in Diberts response.)[/highlight]

In your running processes I note ....... C:\WINDOWS\SYSTEM\WMIDHY.EXE    if you know what it is leave it , however if you don't know what it is ..... use your task manager to shut it down .... ( CTRL , Alt , Del) ........ once its been shut down ......
mark for removal  .....
O4 - HKLM\..\Run: [wmidhy] c:\windows\system\wmidhy.exe  

dl65  

Quote

Fix:

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL

It may be the issue. Here's what it does:
http://www.webhelper4u.com/tnewswritigs/ceresbuddy_exe.html

Is that the entire HJT log? Nothing after that? Also, I would appreciate it if you didn't put it in boldface in the future. It's a little difficult for me to read, strange as it seems. I daresay you got a lot of any crap on that machine. Excellent work on that. 8-)

mox_PERL....Just had a look at your logfile and in addition to what has been suggested , I would be removing ........

O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - C:\PROGRAM FILES\FTK\FTK.DLL    

In your running processes I note ....... C:\WINDOWS\SYSTEM\WMIDHY.EXE    if you know what it is leave it , however if you don't know what it is ..... use your task manager to shut it down .... ( Ctrl , Alt , Del) ........ once its been shut down ......
mark for removal  .....
O4 - HKLM\..\Run: [wmidhy] c:\windows\system\wmidhy.exe  

dl65  

Let us know if that fixes it. And when I said you got a lot of crap on it, I meant that you deleted a lot of crap (i.e. viruses) off the system. You've got the cleanest Logfile I've seen in a while, normally HJT responses require essays!

Maybe that clarification explains the "Excellent work" bit.

Hello, I am getting a lot of popups and alternate search engine popups.  I have scanned with Computer Associates Anti-Virus has found Zenotechinco virus and it says it removed it, AVG Anti-Spyware 7.5 finds Adware.ZenoSearch as malware and says that it quarantines and deletes it but I still have the issues and it is still there. downloaded and RAN HiJackThis based on other posts read here.  Below is the Hijackthis log. PLEASE help, the popups are BAD and often unsavory!!!  

Logfile of HijackThis v1.99.1
Scan saved at 3:25:32 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Novadigm\AXF\Bin\XFSrvcNT.Exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\Program Files\Symantec\SPA\snac.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\system32\IFXSPMGT.exe
C:\WINNT\system32\IFXTCS.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\SPA\SmcGui.exe
C:\Program Files\Novadigm\AXF\Bin\XFStatus.Exe
C:\WINNT\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Communication Now\2119264\Program\Communication Now.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\winnt\system32\lldsrngk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Belkin\F1U201.401\usbshare.exe
C:\WINNT\system32\pwinmmdt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Antivirus\caaviftest.exe
C:\Program Files\McAfee\Common Framework\UpdaterUI.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JBISHOP1\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

here is the remainder of the log from Hijackthis part 2 of 3:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cwinsider.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Countrywide
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,PROXYSERVER = PLAPROXY:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D1410B3-3870-4802-AC4A-D0A042719D3A} - C:\WINNT\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINNT\system32\urqroli.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {73000BDA-18CB-44C0-812D-2283F33B26CC} - C:\Program Files\Windows NT\hotehyt4444.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: (no name) - {E421A606-1576-4809-9877-645BA903F353} - C:\Program Files\Windows NT\hotehyt83122.dll (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINNT\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MobileCfgMgr] C:\Program Files\Mobile Configuration Manager\MobileCfgMgr.exe Activate
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [zCMDConnectLaunch] C:\Program Files\CmdConnectLaunch\CmdConnectLauncher.exe
O4 - HKLM\..\Run: [Communication Now] "C:\Program Files\Communication Now\2119264\Program\Communication Now.exe" -startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RADUserCon] C:\PROGRA~1\Novadigm\radrexxw.exe USER.REX USER
O4 - HKLM\..\Run: [RadiaUserInfo] c:\progra~1\novadigm\radrexxw.exe userinfo.rex
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{8E-E4-44-4A-ZN}] C:\winnt\system32\lldsrngk.exe CHD003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!AXF XFRunOne.Exe] "C:\Program Files\Novadigm\AXF\Bin\XFRunOne.Exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINNT\system32\pwinmmdt.exe CHD003
O4 - HKLM\..\RunOnce: [!AXF XFRunOne.Exe] "C:\Program Files\Novadigm\AXF\Bin\XFRunOne.Exe" /1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
looks like Vundo

so follow this guide

and dl superantispyware

do them in safe mode too

I have a question...Me and my brother both have our own pc's...Mine runs almost 24/7 but I have Norton and firewalls...His doesn't use firewall or security...We use dsl so the internet is on 24/7...His pc got hacked while it was off and mine did not...Does turing a pc off while having 24/7 internet and no security prevent someone from pinging and or hacking you?..Its late here and I need to go, thanks for any info. Quote

...His pc got hacked while it was off and mine did not...Does turing a pc off while have 24/7 internet and no security prevent someone from pinging and or hacking you?..Its late here and I need to go, thanks for any info.

What he is telling me now is when he turned on his pc it said he was hijacked..

..From what Bellsouth dsl said, you will be pinged all the time so keep a firewall up....i'm confused

Well I downloaded SOMETHING today, and Norton popped up saying I got a downloader. So I unplugged my ethernet cable from my computer and ran norton. Norton picked it up and SAID it couldn't remove it. So I removed all the temporary internet files because thats where the downloader was. So now im running Norton again and im not sure if it'll show up or not. So basically I need to find out how to remove the downloader. If it doesn't show up this time in the Norton scan does that mean it gone?


THANKS,
MikeI ran the scan and the downloader did not appear this time.try avg free its really good at finding downloaders and seeing how you cleaned out your temp files that might have got rid of it tooYou should give unlovedwarrior's suggest a try and then, if you're still suspicious, you can post a HijackThis log.Due to lack of feedback, I am CLOSING this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you REQUIRE help, please start a New Topic with information about your computer and your problem.

i scan with avg & norton 2003 but its not detected!its updated man...so,any other UTILITIES antivirus that sure can wipe it?I have had success with the free version of Avast!, so that may be something to look at.Also you can DLoad and RUN Stinger.
That should clear it out.A HijackThis log might also help.i already TRY avast (updated) but it's not DELETED..hehe..& hijack this,same prob..but anyway tq,i  used norton 2006 and succeed.tq Are you saying Norton was able to handle it and AVG did not ? ?

Something's fishy here...yup!swear to God!
i REMOVE the virus using norton 2006,the earlier i use avg but it dont detect the virus,just going through the file while scanning...its very weird..i still remember a long time ago i remove it with avg...but not this time.Well, fishy or not, I'm glad you managed to get it sorted out.As this issue appears to be resolved, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

I'd like to know how I can get rid of this, what I suspect is a virus:


Microtel Notebook computer running on Windows XP
Use resident Zone Alarm
continuously boots
different boot selections result in same rebooting cycle
blue screen of death appears for half a second during boot sequence


Also, how would I get a boot disc with a virus cleaner on it?Sounds like a hardware problem.
Did you change any hardware lately?
Are you able to boot in safemode?
From the Windows Start menu, go to Turn off computer and click Restart.
As the computer restarts, watch for a progress bar at the bottom of the screen. press F8 about once every second.
Immediately press F8 before the progress bar reaches the right side of the screen.
From the Windows Start-up menu, highlight Safe Mode and press Enter.

Jonas Thank you for replying.

1. No.
2. Safemode results the same.
Goes back to selection screen, (which type of boot do you want to do).
After it reboots it goes to a Selection screen. If I choose any type of booting, it flashes the blue screen then starts all over again.
Tried your suggestion and it repeated the cycle.Does the blue screen give you any kind of error message?  If it goes too fast, try hitting the Pause Break key on your keyboard as soon as it appears.Yes:

Quote

Stop: c0000218 {Registry 4:le
Failure }
The registry cannot load the hive (file): \Systemroot\System32\config\SOFTWARE
or its Log or Alternate.

It is CORRUPT, absent, or not writable.

Beginning dump of physical memory

Physical memory dump complete.

Contact sys Admin or Tech support for further Assistance.

Pop-ups have been appearing and my Avira Anti-Virus has continually popped up with numerous alerts of TROJANS and Viruses lately. After a bit of research, and a AVG Anti-Spyware Scan, I believe that I either have Virtumondo or Zeno/Think-adz, I'm leaning towards the latter, but I might have both. I did a scan with HijackThis and here's the log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:54:28 PM, on 8/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\GUARD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\windows\system32\lrdsrngp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\K-Meleon\k-meleon.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [{F6-67-70-06-ZN}] C:\windows\system32\lrdsrngp.exe CHD003
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lrdsrngp.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinsmdt.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -  http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -  http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 4951 bytes



Any help on the identification and removal of this adware would be very appreciated.shadou,
I apologize...things can be rather busy around here, especially when taking my personal life into account, and I seem to have overlooked your post.  A quick look at your log tells me that you do indeed have a ThinkAds INFECTION.  Because your log is too old to work with properly, please run a scan with AVG in Safe Mode and then come back with a new HijackThis log.  If you're still encountering any problems, that is.Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Hey,
  Attached is a recent HJThis Log Could some body look it over, My internet connections have been Lagging behind.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI ROBOFORM\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147756917436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148103011968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
try this and then follow this to see if that helps then post a fresh logThis may take a while, but thaks so far I'll get back toy you as soon I I get that done.no problem take your time..and make sure you do it rightnewest log after the two steps from previous post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:17 AM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
BOOT mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147756917436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148103011968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6626 bytes
can you describe the problem better? like does it act sluggish all the time? just when you open your browser? on certain websites? does it take FOREVER to boot? ectI don't even know why i posted that new log before, it seems to be working better again. Thanks for all your help. Quote from: Frankymobs on September 20, 2007, 07:23:11 AM

I don't even know why i posted that new log before, it seems to be working better again. Thanks for all your help.

Quote from: Frankymobs on September 20, 2007, 07:23:11 AM

I don't even know why i posted that new log before, it seems to be working better again. Thanks for all your help.

please read this
http://www.hijackthis.de/#anl

Quote from: FED on September 19, 2007, 03:47:32 PM

Upgrading all the way to W2K would be a better option.

I feel LIKE I'm STALKING you lately Comp Guy.

Does anybody know how I can get RID of the AntiVirGear spyware thing. Or at least get rid of the icon that POPS up on the task bar. I don't want to spend 30 or so dollars on proper spyware rempovers to be honest. Cheers folksCheck out this page here...
http://www.bleepingcomputer.com/forums/topic108399.html

And just so you know, there are plenty of free legitimate anti-spyware programs such as Spybot - Search & Destroy and SUPERAntiSpyware.  If you're still having any PROBLEMS after following the instructions in the above link, feel free to post a HijackThis log.

I have 104 temp files in the :windows.c.temp file.  Everytime I try to delete them, it says "another PERSON or program is using that program".

I've shut down everything that I know of.

The file is always either CS66C or C566C.  I can't tell if it is an S or a 5.  My guess is S.  The ending is different on all of them.  One of them is CS66C1B.tmp

Does anyone know what program creates those files?

System:  Win XP Pro. Current versions of all the following: AdAwareSE, Spybot 1.4, Systemworks 2005, Spy Sweeper, ZoneAlarm (free).  I use IE 6 and Firefox.

I am on dial up.

Any help is appreciated.YBC......  reboot into safe mode and then try deleting the files .

dl65  If you still have trouble Google for KillBox.exe  Dude, I almost have the same problem.  Okay, I'm at my sis school, and i was being stupid and took something out of the recycle bin.   But now when I try to delete it, it just says it can't delete the first file of the folder!!

And I tried deleting the other stuff too, but they say the same thing as the first one!!   Dude, what the heck do I do to delete this thing!! I have a similar problem also.  Windows XP, C:\winnt\temp folder has a temporary file I cannot delete.  It is associated with a Trojan Downloader/Wintools.  I try to delete it and I get "Access Denied."  I tried Killbox as well as some other SOFTWARE, nothing works.  Even tried a HEX editor to CHANGE it, no luck there either.  I can rename it and was able to move it to a folder that is not in the path, but really need to delete it.  Any ideas?Did you set killbox to delete it on reboot?Guess you can't delete it.... sooo i guess just leave it alone. or change it into a hidden folder by opening up the properties thingy.Check the date, this could be a CH record.
September 19, 2005, 11:55:11 AM

Topic locked.

Logfile of HijackThis v1.99.1
Scan saved at 8:35:16 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4Duet\plugin\bin\pchbutton.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\wmconnectb\wwm.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Netscape\COMMUNICATOR\PROGRAM\AIM\aim.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\nicktomsic\prefs.js)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\geedb.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works UPDATE Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4Duet\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnectb\wmtray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\COMMUNICATOR\PROGRAM\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{920D29DE-862D-417D-B99A-CEA3BA0D4BC3}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (FILE missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative TECHNOLOGY Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe


 nat1....Ok ....your log file doesnt look good ...why are you asking for it to be looked at......... What is (was) happening .........?

Here's what should be removed ......... Unless you know that they are legite entries.....

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp  

O1 - Hosts: 216.19.0.250 idenupdate.motorola.com

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\geedb.dll

  [highlight]O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll    [/highlight]    I would remove this one and if you really need it put it back once your ststem is clean.
 

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [Sonic RecordNow!] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe

O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnectb\wmtray.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{920D29DE-862D-417D-B99A-CEA3BA0D4BC3}: NameServer = [highlight]205.188.146.145 [/highlight]   If you know the highlighted ip ADDRESS leave it otherwise fix it .... This ip address is AOL ...if its your ISP leave it

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe

I would mark for removal all above , with the possible exception of the ones highlighted ..... ( if you know them)

DL65  

My LATEST update tells me I must find True Vector in DEVICE Manager and disable it before it will update.

However, I cannot find True Vector. Where is it and is it safe to disable and then re-enable it once the update is complete?

I have Windows ME.

Thank you. I have Zone ALARM too, but don't REMEMBER it asking me to disable it in device manager as it is not a device, but a service instead.

To disable it:
1. Right click on the ZA icon in your system tray (lower, right corner)
2. Click "Shutdown ZoneAlarm Pro"
3. Click yes in the pop-up window

This MIGHT be a little different because I have XP, not ME, but should be similar, if not the same. venus_hunter...... Quote

My latest update tells me I must find True Vector in Device Manager and disable it before it will update.

Not really sure where I should post this, but here seemed like the right place:

I was recently blessed with an invite to demonoid.com, but upon downloading a season of Frasier, I started to wonder how safe demonoid truly is.  I would think that .avi files would be generally safe from malicious CONTENT, but then again, I guess that nothing truly is safe.

So what's your take on the safety of demonoid (or even other bittorents, while we're on the topic)?none are completely safe just scan your computer often and scan any files before OPENING them or don't dl torrentsAlthough Demonoid appears to be one of the safer sites of this nature, I'd still be hard-pressed to actually call it safe.  It's about as safe as picking up hitchhikers...some of them are nice and friendly, and some of them have knives.  And you usually can't tell which is which until it's too late.50/50 you might get knifed you might not


Always ware a condom (firewall, agv, search and destroy) while downloading torrents.... thanks for the input  Quote from: keybowvio on September 16, 2007, 09:54:25 PM

...  I would think that .avi files ...

By default Windows hides extensions of known file types so a nice.avi could easily turn out to be a nasty.avi.exe.

You can't infect an avi by any of the usual means since an avi file isn't executed, ...

I used Panda to do a free scan. It came back showing 2 viruses and some adware. It says for 12.95 I can BUY 6 months of service and disinfect my system.

should I do this?? I mean is this a good program or should I buy something else?? I was using Norton but it seems to slow everything down.

thanks!
AmandaIt's a good program, but another resource hog...just like Norton.

There are plenty of free prgrams out there that accomplish the same thing without ANY out-of-pocket expense...AVG for eample.Ccleaner
(During install, uncheck the Yahoo Toolbar option)
Adaware
Spybot S&D
AVG Free
Ewido/AVG Antispyware for W2K & XP

All free and all good.I ran the AVG INSTEAD but it didn't find any viruses. The Panda Antivirus said I have 2.

What's the deal with that?? What did Panda say it found?  Please be a little more specific...Panda will allow you to save the scan results as a text file.
Copy & paste the results in here.Here's the report. I've already ran Spybot so Im off to run Ad Aware. Hopefully that will take care of the spyware but how do I remove these viruses??

Thanks Everyone!

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Potentially unwanted TOOL:Application/PRScheduler                               Not disinfected               C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe                                                                                                                                                                          
Adware:adware/oemji                                                             Not disinfected               Windows REGISTRY                                                                                                                                                                                                                                                
Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jvybhlni.default\cookies.txt[ad.yieldmanager.com/]                                                                                                                                    
Spyware:Cookie/Server.iad.Liveperson                                            Not disinfected               C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jvybhlni.default\cookies.txt[server.iad.liveperson.net/]                                                                                                                              
Spyware:Cookie/BurstBeacon                                                      Not disinfected               C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jvybhlni.default\cookies.txt[www.burstbeacon.com/]                                                                                                                                    
Spyware:Cookie/2o7                                                              Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                        
Spyware:Cookie/2o7                                                              Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                        
Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                            
Spyware:Cookie/PointRoll                                                        Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                              
Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                      
Spyware:Cookie/Bluestreak                                                       Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                
Spyware:Cookie/BurstNet                                                         Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                  
Spyware:Cookie/Clickbank                                                        Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                  
Spyware:Cookie/Com.com                                                          Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                        
Spyware:Cookie/Go                                                               Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                        
Spyware:Cookie/MediaTickets                                                     Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                  
Spyware:Cookie/Lop                                                              Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                  
Spyware:Cookie/Overture                                                         Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                  
Spyware:Cookie/Overture                                                         Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                              
Spyware:Cookie/Hitbox                                                           Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                
Spyware:Cookie/QuestionMarket                                                   Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                             
Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                 
Spyware:Cookie/Searchportal                                                     Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                   
Spyware:Cookie/Searchportal                                                     Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                   
Spyware:Cookie/Server.iad.Liveperson                                            Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                     
Spyware:Cookie/Statcounter                                                      Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                               
Spyware:Cookie/Clicktracks                                                      Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                         
Spyware:Cookie/Target                                                           Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                     
Spyware:Cookie/Traffic Marketplace                                              Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                 
Spyware:Cookie/Tribalfusion                                                     Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                               
Spyware:Cookie/BurstBeacon                                                      Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                           
Spyware:Cookie/BurstBeacon                                                      Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                           
Potentially unwanted tool:Application/KillApp.B                                 Not disinfected               C:\hp\bin\KillIt.exe                                                                                                                                                                                                                                           
Virus:Trj/Goldun.D                                                              Not disinfected               Local Folders\Norton AntiSpam Folder\The New Security System - SecurityEgold\SecurityEgold.rar[SecurityEgold.exe]                                                                                                                                               
Virus:Trj/Goldun.Q                                                              Not disinfected               Local Folders\Norton AntiSpam Folder\[Norton AntiSpam] E-Gold.com has implemented New Security System\setup.rar[SecurityEgold.EXE]       Both listed as trojans so Ewido/AVG Antispyware for W2K & XP will take care of them for you.I ran the Ewido/AVG and then reran Panda. Here's the new report...

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                       

Potentially unwanted tool:Application/PRScheduler                               Not disinfected               C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe                                                                                                                                                                           
Adware:adware/oemji                                                             Not disinfected               Windows Registry                                                                                                                                                                                                                                               
Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                     
Spyware:Cookie/BurstNet                                                         Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                   
Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                               
Spyware:Cookie/Go                                                               Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][1].txt                                                                                                                                                                                                         
Spyware:Cookie/Lop                                                              Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                 
Spyware:Cookie/Target                                                           Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                     
Spyware:Cookie/BurstBeacon                                                      Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                           
Spyware:Cookie/Zedo                                                             Not disinfected               C:\Documents and Settings\Owner\Cookies\[email protected][2].txt                                                                                                                                                                                                       
Potentially unwanted tool:Application/KillApp.B                                 Not disinfected               C:\hp\bin\KillIt.exe                                                                                                                                                                                                                                           
Virus:Trj/Goldun.D                                                              Not disinfected               Local Folders\Norton AntiSpam Folder\The New Security System - SecurityEgold\SecurityEgold.rar[SecurityEgold.exe]                                                                                                                                               
Virus:Trj/Goldun.Q                                                              Not disinfected               Local Folders\Norton AntiSpam Folder\[Norton AntiSpam] E-Gold.com has implemented New Security System\setup.rar[SecurityEgold.EXE]                                                                                                                             
Are these real viruses or something that Panda has MARKED as a virus?? I can't find much on the internet about this specific virus or how to remove it.

ThanksI'd expect this one is a false positive or something that has already been quarantined by Norton. (Are you using any Norton products?)
Run the rest of the scans and see where you stand then.

PS, don't forget to update those scanners first.Have you tried running any of these scans in Safe Mode?

Problem:
 
*A computer RUNNING Windows XP and McAfee was infected with two Trojan Horses (don't know exact names)
*Removed them with directions online.
*Noticed a few weeks after the incident that the computer will not open pdf files.
*Computer is also a bit sluggish now.
 
What I tried:
 
*Uninstalled and reinstalled Adobe Reader 7.0
*Restored the computer to a date before the Trojan incident.
    -When I did this the McAfee had issues and would not work.  
       -Uninstalled Adobe Reader again and reinstalled anyway.
       -Was able to view the first page of pdf file but computer froze immediately.
*After trying to open pdf again and again unsuccessfully, restored computer back to today's date.
*McAfee was restored to working order at this point.
*Uninstalled and reinstalled Adobe one more time.
*After playing with computer a bit I realized that even after I stopped Adobe from trying to read the pdf file AcroRd32.exe kept running using 94% of the CPU (under task mgr. processes)
*RAN Lavasoft's Ad-aware SE.  Only found a few TRACKING cookies which I deleted.  
 
Here's the problem...I'm out of ideas.  
It looks like you have taken all options.

I dont know what else you can do but wait to see what other people think.


R0SSflyingfam..... It quite possible there are stilll some leftovers in your system ....
Let's try this .... using hijackthis .....  http://www.majorgeeks.com/download3155.html  .......
Download it to a separate folder on your desktop..... then run the scan and save the logfile ......... Post that logfile here.....for us to look at ...and we can go from there .  ( If the logfile is too large to get in one post , use two posts ) or zip it and post it that way.

dl65  When you're finished don't forget to remove the adobe virus too.
http://www.foxitsoftware.com/pdf/rd_intro.php
Your computer will love you for it.May i also ADD that system restore doesnt get rid of recent viruses.  Just fore future refrence Quote

May i also add that system restore doesnt get rid of recent viruses.  Just fore future refrence  

Quote

May i also add that system restore doesnt get rid of recent viruses.  Just fore future refrence  

Please , don't ever use system restore in an effort to remove a virus ..........

dl65  

Logfile of HijackThis v1.99.1
Scan saved at 8:31:08 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
C:\Archivos de programa\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Archivos de programa\Comodo\Firewall\CPF.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADEADV~1\CONFIG~1\Temp\Directorio temporal 3 para hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Archivos de programa\SigmaTel\Controladores de sonido SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Archivos de programa\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [hcenter] "C:\Archivos de programa\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Archivos de programa\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Archivos de programa\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{367010B0-92E9-471C-B838-6A4AC5BE14E9}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Archivos de programa\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

well, don't just gave us thing like this,at least post the the thread,the prob?
it's not an easy to analyze logs   Quote from: kuszmania9999 on September 16, 2007, 01:01:15 AM

well, don't just gave us thing like this,at least post the the thread,the prob?
it's not an easy to analyze logs  

I cancelled a program called moviepass.tv after a 3-day trial period and $1.95. However, they not only didn't acknowledge my cancellation, they send me REGULAR pop-ups, claiming I failed to cancel (untrue) and telling me I must PAY a $29.95 cancellation fee! Even when I minimize their anoying pop-ups, I get a CONTINUOUS, annoying sound track, which I can only mute by muting everything. I tried deleting their programs using Search, but coudn't delete every one.
Any suggestions?Run a SPYWARE scan it might kill it.

Also try going to the control panel and then Add/remove programs. If you see any of their CRAP in there just remove them though that.

R0SShttp://profend.com/answers/moviepass.html

Have Windows XP, Microsoft INTERNET Explorer v 6.0, Norton virus protection program...I am a NOVICE so thats all I know so far...I started getting alot of runtime error msgs so came here and tried to find the codes that kept coming up.  (just moved to TN and did not have this problem before) Error msg code #1104 and #17 (unterminated string constant)-what ever that MEANS??

Bought a program and it did manage to clean up most but the above two that KEEP popping up...

Any help would be appreciated..thank youWhen exactly do these errors appear?  How long have you been experiencing them?  Did you ever try System Restore?  And do you have Microsoft Visual Basic by any CHANCE? Quote from: realphoto on September 16, 2007, 12:34:39 PM

Bought a program and it did man....