Explore topic-wise InterviewSolutions in .

I recently had either a virus or spyware that placed a terrible background wallpaper on my pc.  I cannot change it.  I cannot delete it.  I have tried everything I know to GET rid of it.  My computer runs great except for this.  As far as I know I have no viruses now.  In control panel, I cannot change the background or even scroll up or down for any other selection...I even went to the internet to set a picture as my background and this does not work either...The background filename was wp.  I searched for files named wp, then went and deleted this file.  This did not work either.  Any help would be appreciated...
is it a web object where you drag and drop on desktop? did you check to see if its that? Maybe thats y its on the desktop. If it was spyware or virus im sure they would of found it and delete it allready. What wallpaper u using anyways?did you try disabling ACTIVE Desktop yet and if so is the problem still there ? ?

patio. I tried to reset active desktop, but it is greyed out like it is not an option.
I usually just use one of the standard windows backgrounds.  This background is solid black with "warning, your computer can be infected with spyware ect..." writen in yellow.  This is all over the desktop.  I dont know how it got there or how to get it off.  I have run virus scans and spyware programs...nothing seems to work.Is this a shared pc?.......Did you re-boot after deleting it?Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- Online anti virus scanner.

Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Firewalls
Use both a hardware and software FIREWALL.
Be advised as dual software firewalls may cause problems

ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware REMOVER. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker.Try some of Raptor's Tips and then LET us know. Be careful of what you download and keep those systems up to date!!



You could have my dog on your desktop. Is that worse?passing on something i got from here, check out postings dated 11/20 in this section. i had similar problem. tried al the usual run anti spyware, spybot, spysweeper, ccleaner, anti virus. not much luck until someone (Fed) said to go to control panel and open "appearances and settings" (in my case it was display; xp pro) and in the display properties click on desktop tab.  then click on customize desktop. click on web and delete the "security"

Microsoft's AntiSpyware may stop running without warning. An updated version is available.

I noticed tonight that the telltale bullseye icon in the System Tray which indicates MS AntiSpyware is active was curiously missing. No error messages, no notification... NOTHING. Starting it manually didn't work. Repairing/updating through the Control PANEL didn't work. In my case, it had to be COMPLETELY uninstalled and then downloaded and installed anew.

The updated version seems to humming along fine - for now. Get it here.


Microsoft Antispyware is not scheduled to die for another few weeks?
The question is, what turned yours off  A little something called Error 101. Microsoft won't tell me what that means.http://www.microsoft.com/athome/security/spyware/software/releasenotes.mspxYep, I saw that. But they don't tell you exactly what causes the error. They just tell you to fix it.

What gets me is that I don't make a regular habit of checking my System Tray, so I have no idea how long I was without it.

Grrrr.  i have a lot of problems with MS antispyware, maby becouse it is a BETA version, but is really sucks i thinkblackberry
Quote

i have a lot of problems with MS antispyware

dl65  

I have to do a research project on computer viruses and i need as much info as possible if you help ill be 4eva gr8ful here R the questions
How are computer viruses created?
Who created the first computer VIRUS and why?
How do Anti-Virus programs work to destroy viruses?
And last but not least what r the BEST ways to protect ure computer from viruses ure help will be apriciated
     We've had this homework question before. Head on over to:

http://www.howstuffworks.com/Ya that was me i used my real name this time but i tried the LINKS waz hard 2 find even on thoses links u sent me its somthing 2 do with macro n STUFF just hope i can find the answers
TTFN (ta ta 4 now)
James Goku.   Here's some info from Wiki:

http://en.wikipedia.org/wiki/Computer_virus

with regards

downloaded ccleaner due to major issue with spyware but never really got it working.  installed on win 98 (PII) but when i run the analyze function, no items get displayed?  am i reading more into this than there is?queball.....This is what is does ........what is it your trying to achieve ?

Cleans the following:
Internet Explorer
Temporary files, URL history, cookies, Autocomplete form history, index.dat.  

Firefox
Temporary files, URL history, cookies, download history.
Windows
Recycle Bin, Recent Documents, Temporary files and Log files.  

Registry cleaner
Advanced features to remove unused and old entries, including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more... also comes with a comprehensive backup feature.  

Third-party applications
Removes temp files and recent file lists (MRUs) from many apps including Opera, Media Player, eMule, Kazaa, Google Toolbar, Netscape, MS Office, Nero, Adobe Acrobat, WinRAR, WinAce, WinZip and many more...  

This app isn't a antispyware .
It does a good job of cleaning out the things listed above .......What spyware apps are you using ?

let us know
dl65  

yes but i should think that the right hand side pane which shows the progress bar on top should display items that it finds.  mine is always blank but i really don't think that should be the case. even disccleanup in windows shows something.  this is with the Windows tab selected.  the application tab shows items as well as the "issues" scan....so am i just being overly *censored*?..thanks by the way for your help.  i'm fairly conversent with a lot of stuff but the much of the bacground stuff is new to me, but i'm trying to get better.queball........what happens if you open ccleaner ...and when it opens ........you click on "Issues" on the upper left side .......and then click on scan for issues down at the bottom just left of center ?

It's POSSIBLE that if you already emptied your temp internet files and the like that nothing will show up when you run the cleaner part .
BTW which version of ccleaner are you using ?

dl65  
thanks dl65...tried it on my other system and got some items.  much like you say temp files were already gone on the first puter i tried it with.  using version 1.25 i BELIEVE (from download.com)

anyways  works nicely it seems.  but maybe one question.  if you make a back up of the registry, how do you restore it?...haven't figured that out yet...only  a matter of time but if ya feel like it ...clue me in..It's possible it accomplishes the cleanup so fast a progress bar doesn't show up...
On my system when i press Clean it says done.

BTW there is an online Help LINK on the lower left side of the CCleaner window but here is the answer to your registry question:

Does it clean all the user accounts on the computer or just the current one?

   At the moment CCleaner supports cleaning the current user's account only. This MAY change in a FUTURE release.
Do I need to be an administrator to run this?

   Ideally yes. Although you can still run this as a normal or restricted user, however, some files may not be deleted.
How do I select all issues on the Issues list?

   Right-click to bring up the menu.
How do I restore registry backups?

   Right-click on the .REG file created and select 'Merge'.
   By default these files will be saved into your 'My Documents' folder.
When I run the program it closes during cleaning. Why?

   There is an option to close the program after cleaning. This may be checked in the Options section.

patio.  8_

Im Doing a school report on computer viruses and one of my key QUESTIONS is how there made I've looked for hours but cant find the answer plz HELP me my teacher is PUTTING alot of pressure on me Did you try google?

http://www.howstuffworks.com/virus.htm


http://www.google.com/search?hl=en&q=how+to+computer+virusYa but there wasnt alot bout the actual makin just about that guy wh made that worm in 2001Did you try those links?  

Sometimes it has to do with how you PHRASE the question.

lookin for the best i no there are GOOD things to some and annoying things to others but which is you pb rate each from 1/10 put ure comment and the goos things about em or the bad thingsAVG.

Norton products are no longer allowed closer than a half mile from any of my machines...

Avast is also a good one and the price is right.

patio.  We've also been hearing good things about Ewido.I thought avast was free. I hate norton ever since it hogged up all system resources. I have an old computer!
Norton does not care for the old computer! Norton is old computer discriminating. McAfee... I guess its ok but I do not like to pay to cheap!

Were all cheap... well many of us are.Hopester Ewido is strictly a trojan scanner, no AV protection.

patio.  Apologies.  every1 noes nortan has blew there chance at bieng the best scince 2003 mcaffe is ok.. not 2 sure bout AVG is cool but i dont no alot bout avast does it do auto updates and is it as good as AVG or Avast (nortan backs away and CRIES in corner) also i need some ratings on this so far i say AVG is pretty good any thoughts if AVG or Avast compare 2 it
ps. like ure sig patio might USE it now
 JAMES Goku.   ohh its catchy

Hello Forum: Top Choice site rates BitDefender anti-virus tool as best on market.  Rates McAfee as 3rd. Anybody have it? Is it better? .  If so I am not renewing McAfee. If I can get better protection for a better price I will switch. Also,McAfee CONSTANTLY annoys with renewal reminders for their Firewall which I do not have.  I am USING Windows Firewall.  The reviewer SAYS that McAfee does not protect the registry and that BitDefender does. My McAfee subscription runs out in 2 months. Any advice would be appreciated.   I am using Windows XP. ,  IE6.0, Dell Dimension with NetZero dialup. Thank You!AVG and Avast are both fine products and both offer a free version.
I run AVG.

patio.  AVG for me too.  Make it unanimous.Thank you all for your advice. I did not know that anyone gave away virus protection.  As I type this McAfee is popping up again to remind me to renew something I don't have ! Does AVG have updates, etc.? I never heard of it but am willing to try it based upon what you have told me about it. Thanks again.Avg can be set to update and runa scan automatically...mine grabs the update at 4 A.M. and scans my system at 5 A.M. and finishes just in time for my morning coffee.

patio.

and we don't even know the computer make/model, CPU, RAM, or even the operating system....

 

Well to begin with you can format your computer if you don't have anything you REALLY need on it...Do you have the cd that came with your OS..? You can also use the computer your on to download Mozilla Firefox which is better then IE. Google for firefox and youll find it..You can also make a McAfee Boot Disk to Delte all viruses on your computer...Have you tried a system restore?

I have thought about just wiping the slate clean....problem is, I have  about 1500 pictures of my son I want off...and have been trying to get off for months...
It just wont let me burn them to a CD....:/ Still working on that though. If it werent for them, I'd format.
How do you format by the way?

Its a compaq/presario?

and I'm not too bright and dont remember how to get CPU, RAM info?

Do you have a restore CD or a Windows CD? You just put that in the drive and restart the machine.



Model # is on the case somewhere
 

Probably tells you when it boots up on the screen

I would suggest if you have the CD, then take it to someone who can set this drive up as a slave in their machine, and burn CD's with all of the important stuff you want to keep and then reinstall everything for a fresh start.

Another Primary School question how do Anti Virus software work to destroy viruses and can i plz have an ANSWER that i can understand for an 11 yr old computer geekI DON'T KNOW TOO ABOUT BOOT-SECTOR AND ANOTHER MATERIAL BUT GENERELLY AS WE KNOW IN WINDOWS OS ONLY .EXE .BAT .COM AND .DLL CAN BE EXECUTED SO VIRUS DEVELOPER MOSTLY ATTACK ON THAT TYPE OF FILES AND WHEN THE ANTIVIRUS SOFTWARE RUNNING IT CHECK THE STARTING HEADING OF ANY EXECUTABLE OR ANOTHER FILE IS THE STARTING(HEADING) IS SAME WITH ITS OWN DATABASE OF VIRUS THEN IT WILL FOUND THAT THAT IS A VIRUS .....a bit 2 hard 2 understand

My IE stores websites that I wish to clear. I am UNABLE to do this even after going to Internet Options --> Clear HISTORY. I have tried DELETING all the temporary cookies and files, but some sites are still LISTED in the address bar. How do I clear these sites?

YOur help and suggestions are appreciated! Double post, place answers in Internet Explorer Section.

here's my description of the problem:

On Sunday November 6th I installed Warez on my laptop and ever since then I keep getting a lot of pop ups, which I never had a problem with before installing Warez.

I decided to uninstall Warez but that didnt help any, I did a scan with spybot and ad aware and deleted all of the bad files found but the pop ups keep on coming.

I don't know what else to do, the pop ups come up when i am using IE and Firefox, I downloaded all of the Windows updates and IE updates, but still nothing seems to WORK.  

I use a DSL connection...

If this helps here is my SYSTEM info and some snapshots of the scans i did:



system info:
HTTP://i3.photobucket.com/albums/y91/87hilda2005/systeminfosnapshot.jpg  

spybot search:
http://i3.photobucket.com/albums/y91/87hilda2005/spybotsearch.jpg

Ad aware search:
http://i3.photobucket.com/albums/y91/87hilda2005/ad-awaresearcg.jpg

I also have a firewall and the only exceptions on it are mozilla and Remote assistant. Symantec antivirus never picks up anything, that is about all i can think of right now any suggestions as to how to DEAL with my problem?So you downloaded illegal warez and now you have problems? Can you reinstall Windows? Do you have a legal CD for that?

I would DELETE all of those offensive items that have been shown by those products first and see what happens.Yeah I have those cds and i put them in and now my laptop is good, Warez is illegal?They sure are...

patio.

Some time ago I made a thread about a strange problem with my computer and how I got strange error messages that turned into ads on IE.

I recently downloaded a personal (FREE) firewall that actually identified and stopped the problem. It's something like ad.adyield something something. Now, I understand that it's being prevented by the firewall but is there a way to get rid of the source of the problem altogether?

Any help is appreciated.Let's here the whole problem, when it started, etc. plus what adware/spyware/virus scanners you have in place, updated and being used regularly. It would be easier to advise then.Alright, I'll tell you from the beggining.

For a very long time (6 months or so) I was regularly getting "server is busy" error messages every 10 or so minutes which told me something along the lines of "the program cannot open because the server is busy" then It let me choose between a Switch to button and a retry button. The message eventually turned into an ad from ad.adyield. This thing is really annoying as it poped up ALL the time and slowed/froze my computer most times. I got a firewall from Agnitum a month or so ago but my trial ran out (it stopped the problem). Now I have  OOps clicked enter w/o finishing the message, sorry.

Alright, I'll tell you from the beggining.

For a very long time (6 months or so) I was regularly getting "server is busy" error messages every 10 or so minutes which told me something along the lines of "the program cannot open because the server is busy" then It let me choose between a Switch to button and a retry button. The message eventually turned into an ad from ad.adyield. This thing is really annoying as it poped up ALL the time and slowed/froze my computer most times. I got a firewall from Agnitum a month or so ago but my trial ran out (it stopped the problem). Now I have a firewall from Kerio and it stopped the problem as well. What I want to know is if I can get RID of the problem instead of just stopping it with the firewall.Download, install & update...
CWShredder
Ad-Aware
Spybot S&D
AVG Free (Set options to 'scan all files')

Turn off System Restore if applicable. (ME & XP users)

Run Disk Clean-Up (Windows)
Run CWShredder
Run Ad-Aware
Run Spybot
Run AVG Free

Re-start in Safe Mode
Re-run AVG Free

For the full text of the above guidelines
http://forum.grisoft.cz/freeforum/read.php?4,27725,backpage=Ok I will attempt that tomorrow and let you know if it worked.

Thank youThanks, feedback is appreciated here.After you SOLVE this problem, regular use of these programs can prevent such snafus in the future.

(Editor's note - These are only required on Windows based machines.   )Well I installed, updated, and ran all the above programs.

I found lots of spyware and adware which was all deleted or fixed. The only problem is that when I ran the AVG, it found viruses and trojans. It deleted the viruses but it said the trojans (dialer 23) couldn't be removed or fixed because they were part of a file.

What should I do?Is this something you can google search for? What about a trojan scanner? A2 comes to MIND. Ewido?Quoted from the info. on the actual AVG:

Trojan horse Dialer is a group of Trojan horse viruses which is known by dialing different international telephone numbers VIA PC modem. These telephone numbers are usually connected to warez and *censored* sites, or sites with cracks for commercial software.
To prevent this, it is recommended to set High security level in your Internet browser, which means to deny automatic installing of ActiveX components and different plugins, or completely disable scripting function. Also it is possible to deny international calls from the internet connection line and calls with non-standard rate.

Following marks may show Dialer presence on the computer:
- new, unknown icon appears in systray
- differently looking internet connection window
- strange windows that ask if you want to connect to internet or dial a number

All Dialers in common dial different number that a default one for the Internet connection, the change is visible in the dialog for internet connection dialup, or the original number is dialed, then Dialer hangs up this connection and dials another (its own) number. This can e recognized on an external modem by the LED diods. Connection indicator in Systray is not reliable in this case."





I had a dialer a long time back, I didn't find out about it until I got my phone bill.
I rang the phone company & told them I didn't know anyone in the non descript country they said I'd been calling.
The first thing the woman said to me was, "Do you have kids"?  

I'm very SURPRISED the above programs didn't remove it, sometimes they need to be run in safe mode & more than once.

Try Ewido. Quote

Quoted from the info. on the actual AVG:

Trojan horse Dialer is a group of Trojan horse viruses which is known by dialing different international telephone numbers via PC modem. These telephone numbers are usually connected to warez and *censored* sites, or sites with cracks for commercial software.
To prevent this,.....

I don't know much about computers but I keep seeing an icon on my bar stating "WLAN Moniter".
What is this?  and YES I shut it off.PeggyW48...... QUOTE

"WLAN Moniter"

The COMPANY that I am doing some consulting work requires that my home PC have the latest Norton Corporate edition anti-virus software.to access the company website ( NAV 10. something).  They have provided me access the NAV software from their corporate website.  It downloads OK, but when go to install NAV 10 I get the following error " error 25002, the was an error loading NAVINST extension DLL".

Norton will nor help me because I did not buy the software from them .   The Company ( IT department)  I consult for will not help me since I am using my own PC and I am not an employee.

I did a google search on "25002 and looked at the Symantec website"

I did understand the solution.

One more thing i have NAV 7.6.1 on my PC from the last time I did work for this company.  I tried to delete the OLD verision since I though it might cause me a problem and I get the same error message.

I would APPRECIATE any help ?

Thanks

TB

I also disabled my normal anti-virus program (mcafee) when I tried to download NAV

    Quote

I did understand the solution.

Sidewinder ,its a question for you ,lol ,do you know any WAY to create a firewall in vb ? And make it boking ports ,and stuff like that ?You give me way too much credit as there are others in the forum far more knowledgable. It's doubtful I would choose VB for this. A better tool would probably be C. But why re-invent the wheel when there are perfectly GOOD firewalls available? (some are EVEN free) I think the better way is tocreate my own firewal because many PEOPLE have some vulnerabilities for well known firewalls ,maybe what you can make is no so super such as other but i think it would be more EASIER to use it

[glb]I need HELP now!! please i have a process RUNNING thats call kyahe8 and there is like 10 of them running and its killing my pc![/glb]OK, but we might need just a little information that "Help Me"

What operating system?

When did it start?

Do you use spyware/adware/trojan/virus SCANNERS? It appears not, but if so what are they, were they up to date and being used regularly?

What do you think it is?

How do you think this started?

Do you DOWNLOAD a lot of warez, P2P activity, etc.?

I recieved some help on this a couple of WEEKS ago when I was trying to get winfixer off my fathers computer...now I've got the stupid thing. I'm wondering....the program seems to have installed itself (With one of my kids help) and when I got to the computer today I see it has finished running a scan on my computer. I tried to use its uninstall program and of course I get taken to a website where they want mt to fill out a questionarre and to reboot before I can uninstall. Should I assume they want me to reboot so they can finish the installation of the program? To register dll's and such? Is there a way to get rid of this pest without 300 steps? Is this program actually a legitimate scanner? Please!!!! I've got work to do and I don't have weeks to get rid of this *censored* thing.
Thanks
pdough pdough.....The following link may help you .....

http://www.spyware-removal-guideline.com/winfixer-removal

Let us know how you make out .

DL65 Ok, I'm really confused here....now when I look on the start menu winfixer isn't there anymore.....when I look in add/remove programs it isn't listed there either....ant reasons it might just disappear?Virus scanners
AVG Free
-- Anti virus scanner
Trend Micro Housecall
-- ONLINE anti virus scanner.

Anti spy/malware
Microsoft Antispyware
-- Anti spyware scanner. Windows XP Home and Professional only.
Spybot Search & Destroy
-- Anti spyware scanner
Adaware SE Personal
-- Anti spyware scanner

Firewalls
Use both a hardware and software firewall.
Be advised as dual software firewalls may CAUSE problems

ZoneAlarm Free
-- Free firewall - more user friendly
Sygate Personal
-- Free firewall - more configuration options

Removal tools
The following files are not substitutes for the ones described above.
They are either diagnostic tools or removal tools for malware of a certain kind

HijackThis
-- Manual malware remover. Post the HijackThis log generated only if requested!
McAfee Stinger
-- Virus removal tool. No substitute for a fully functional virus scanner!
CWshredder
-- CoolWebSearch removal tool. Widely known and persistant Hijacker. pdough.......... You didnt mention which O/S your using ...... and have you tried using the search feature in the registry ............?  

Let us know

dl65  I'm using XP.....and I would use the registry search if I knew what I was searching for :-/You are searching for Winfixer.Didn't mean to sound completely stupid...just wondered if there was something more SPECIFIC to search forType the full name. You do not want to accidently remove entries that are called "Win" or "Fix" alone..

I cant for the life of me remove this thing
Keylog-Briss
Anybody have any ideas??I have SEEN elsewhere the following possible solutions:

1. Disable System Restore and then DELETE the file

2. Go to Start, Run, type "cleanmgr". Make sure you check "Temporary FILES", "Temporary Internet Files" and "Recycle Bin".You probably already know this, but just in CASE: this trojan tracks every keystroke you make. Be careful until you're sure you're rid of it!wrwss........If you are using XP ......... First turn off system restore ( the trojan hides in the restore files ..)
Boot up into the safe mode ....... Now run your anti virus scan ...and if you have it M/S antispyware Beta ......( if you don't have it ...I would suggest D/L it from ......
http://www.microsoft.com/athome/security/spyware/software/default.mspx   )
Remove whatever is found........... then reboot back up in normal mode and make sure its GONE ..........If it is , turn the system restore back on .

dl65  
try trend online scan........and disable remote access?

One of our pcs running Millinimun as been infected with a virus that AVG caught but is unable to get rid of.  Can someone please tell me how to remove this.  

The virus name is Win32/Nsag
Its in the C:/WINDOWS/SYSTEM file

Thanks in advance to anyone that can help

Marlene2Get yourself a windows 98 boot DISC (www.bootdisk.com), and boot from it with cd rom support.

Get to a command prompt.

Go to the root of C:
cd\

then change directory:
cd windows

then
cd system (or the folder where it resides)

then change the attributes of the file so you can delete it manually:
attrib -s -h -r -a

delete the file:
del

If it wont delete try changing the name or extension type:
ren > file.all (without the use of < or > and the are because idon't know the file extension)

remove the floppy and reboot.

Make sure the file is not needed FIRST though!!  Turn off System Restore, re-start in safe MODE & re-run AVG.

Do you frequent some shady places Marlene, you sure seem to pick up some stuff.  Do some research on smitfraud which is another name for what you have.
Do you get a 1/4 size blue screen warning from time to time ? ?

Last time i had to remove this from a client's machine i REMEMBER it being a royal pain you know where.

patio.  Try trend online virus scan (free) at www.trendmicro.com

I forgot to mention... DO NOT purchase any program that shows as a popup that offers to clean up your problem...

This is known as scumware and you will be throwing your money away.

patio.   Quote

I forgot to mention... DO NOT purchase any program that shows as a popup that offers to clean up your problem...

This is known as scumware and you will be throwing your money away.

patio.  

I'm sure he does surf some shaky sites when I'm not around.  

I need spyware doctor to remove some tough VIRUSES and was wondering if anyone had the key and would lend it, so I could remove it. I have Ad-Aware, AVG, eTrust, Spybot and Microsoft Antivirus but none seem to take it out...................Sun.....What tough virus can't you get rid of ?
Are you running your scan from SAFE mode ?
Have you turned off your system restore feature ?

Please let us know

dl65  I keep getting these .TMP. files and this java virus. My internet explorer keeps crashing if I have more than 3 windows open and so does Aim. I'll find you the exact type of files which I can't get out because they keep getting installed back, you'll have to WAIT, until I find them   Quote

I need spyware doctor to remove some tough viruses and was wondering if anyone had the key and would lend it, so I could remove it. I have Ad-Aware, AVG, eTrust, Spybot and Microsoft Antivirus but none seem to take it out...................

I need spyware doctor to remove some tough viruses and was wondering if anyone had the key and would lend it, so I could remove it. I have Ad-Aware, AVG, eTrust, Spybot and Microsoft Antivirus but none seem to take it out...................

Message box
"Software name".EXE - Application Error
The instruction at "0x016e1000" referenced memory at "0x003e0650". the memory could not be "written"
Click on ok to terminate the program.

I have also had a problem where I would start Word or Excel and when I would click on a menu item the drop down menu would be transparent with just the outline visible


Most of the time restarting computer would cure the problem.

Any advice would be GRATEFULLY accepted.
Have you checked your RAM? Download memtest 86 and run that for a few hours.

http://www.memtest86.com/Check you video drivers too.Thanks guys.
What happened?I have downloaded the memory test but have been so busy I haven't had time to run it yet. As soon as I do I'll let you know my results. This was an excellent laptop until a few weeks AGO when all these funny things started to happen. Just for your info. its a fujitsu Siemens P4 2.5GHz, 512MB RAM, WINDOWS XP Home.Mobility Radeon 9000.
Thanks again for the advice.

jerry okertrunning 2kpro with msspyware   all new, just got computer back and and it lets me on to internet ok but it KICKS me out of 50 %of the addrass's. i try to get into.
gos to ie can not find server? i have no problem with banking or your addrass ? COULD this be a spyware problem? (also new is a avg antivirus PROGRAM)
thanks jerryTry PUTTING the server's IP# directly into the address bar.

I often see posters ranting about Norton AV not finding this or that......or issues with not being able to uninstall Norton .........
There are a few things to remember ........
......Norton is intended to protect against Viruses ........
......Norton like any other anti virus ........must be updated regularly to provide maximum protection........
****make sure your auto update is turned on *****
Check it regularly to be sure it is current .......particularly if you don't leave your computer on .
......Norton wasn't designed to catch Trojans ......It will IDENTIFY some ...but not all.
......Removing Norton.......If you wish to remove Norton....
or reinstall Norton ..........(particularly the newer versions which use activation ) ........all traces must be removed or you may have difficulty reinstalling........
After using ADD/REMOVE function to remove ........check your programs folder and be certain the Symantec or Norton folder has been removed........ Then you should remove any remaining bits and pieces by running Norton remover.....http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml
If you still are having issues reinstalling .........there are probably remaining entries in the registry , which are PREVENTING reinstalling.........Use the registry editor to remove them ...... click START / RUN .....in the run box type regedit  ......then press enter ...when the registry editor opens .......click on the edit tab ........then click FIND...... when the find what box opens .....type in Norton and click find NEXT ...........the registry will be searched ( may take a few seconds ) if there is anything left ....you will be taken directly to that entry( it will be hi-lited....... ( RIGHT click on it and select DELETE )...now go back to the registry editor and repeat the search again .....when you see the message "finished searching the registry" all entries have been removed.
A word of caution ......ALWAYS CREATE A BACKUP of the registry just in case you slip and delete the wrong thing .
Does Norton work as good as other anti viruses .........
I have used AVG , Panda , McAfee and Kaspersky......and I would have to say that it does .
It is definately more of a resource hog than some of the others but it does a excellant job. I use norton on one of my machines and AVG on the other two.....( AVG is free )
Also please remember that Norton or any other Av app doesnt do it all.

This post perhaps should have been in software or other ..but as it pretains directly with viruses ........I posted it here .

dl65  
Many people have reported problems with Win98. Fewer with XP, but it IS a resource hog? Is it worth it? If you have already paid for it, or it came with the machine you may want to keep it, but as you said, AVG is free. Quote

If you have already paid for it, or it came with the machine you may want to keep it...

Ok, I am in the process of trying to set up a network at home to help me learn as I go to DeVry and I am interested to know if anyone has any suggestions for a software package that will allow me to do multiple installations of VirusScanning, Spyware Detection/Removal and a Firewall?  I don't really want to invest in a professional level software package unless I absolutely have to I was wondering if anyone produced something like this for homes that have 4 or 5 computers?Ad Aware
SPYBOT Search and Destroy
AVG Free Anti Virus

These are all free, which should be in your BUDGET as a student. Just use Google for download sitesGet Zone Alarm or Sygate for a firewall - both also free. Use router - the NAT provides an additional layer of security.In my uneducated opinion, free stuff doesn't work.  Ive used both AVG and Ad-Aware and while both seem to be able to identify problems neither seems to be able to remove more that 1 out of every 10 things it detects.  Well, if you want to spend your money, go ahead. Norton has some products you can pay for as does McAfee.I'm not SURE they work any better than the free ones, but they certainly do cost more. (I didn't think that was the criteria you set out in your original post, THOUGH.)
The PROGRAMS we recommended are all excellent and do a great job IF you actually use them. If you are to lazy to install them and keep them updated, then no, they won't you any dàmned good.You really need to go about deleting viruses in a methodical way, trying to nail a moving target is too hit & miss otherwise.
http://forum.grisoft.cz/freeforum/read.php?4,27725,backpage=
You could throw MS Antispyware into that mix if you have W2k or better later.I have used AVG free for 3 1/2 years and never had a problem at all.

I sure hear alot of people say it doesn't work though  

patio.   Quote

In my uneducated opinion, free programs don't work.  I have used both AVG and Ad-Aware and while both seem to be able to identify problems neither seems to be able to remove more that 1 out of every 10 things it detects.

Ok, I am in the process of trying to set up a network at home to help me learn as I go to DeVry and I am interested to know if anyone has any suggestions for a software package that will allow me to do multiple installations of VirusScanning, Spyware Detection/Removal and a Firewall?  I don't really want to invest in a professional level software package unless I absolutely have to I was wondering if anyone produced something like this for homes that have 4 or 5 computers?

In my uneducated opinion, free stuff doesn't work.  Ive used both AVG and Ad-Aware and while both seem to be able to identify problems neither seems to be able to remove more that 1 out of every 10 things it detects.

When any users at my work try to search at google's site, they get the following error,

We're sorry...
... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.

We'll RESTORE your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.

We apologize for the inconvenience, and HOPE we'll see you again on Google

....I've never seen this before, and I know for a fact my network is clean. We just ran virus scans on all of the servers and have realtime scans on all of the comptuers.  If anyone has seen this before, I'd appreciate some insight, thanks.Any activity showing up in your firewall logs?How about contacting your IT department?Google is spy-ware its self...

If your network is clean and your still getting that message then use another search engine.

R0SSIn what way is Google spyware?

They scan incoming E-mail to display relevant text ads. This is well known and google does not hide it. It is even in their FAQ.

No Google software I know of comes with spyware or is rated as spyware.

Ross, shut up. For crying out loud.I can kind of understand what Ross is saying in a small way... I personally find the Google Toolbar useless, so it is a waste of memory... What do some types of Spyware do? Take-up space... Is this what you mean Ross? I mean, I don't like the Google Toolbar, but I love the search engine  

[glb]Flame[/glb]Google toolbar is useful for pre-Windows XP OS.

It provides a popup blocker and an integrated search machine. The latter can not even be found in IE (I do not call MSN a search machine, I call it crap) and the first can only be found in XP SP2.

if you can't find a use for something, do not install it. Should you decide to install it, do not call it spyware because it is simply irrelevant in your eyes. There's enough lies as there is and we don't need more. Stay objective or don't stay at all. >:(it also has access to your whole computer.

Google is up to no good.

Take Gmail with there Crazy space!

Now i use Gmail because I'm SICK but think why do you get so much space?

Well they don't want you to delete mail!

Why?

Because after 3 years (i think) they can legally read your emails because after the 3 years the emails become Records in a database.

Why do they read your emails?

To see what your doing! SO YES they can hit you with more GOOGLE ADS!!!!

AHHHHHHHHHHHHHHHHHHHH

R0SS Google ads do not bother anyone but the obsessed.

They might even be useful, and if not, well just ignore them like you ignore any banner. At least they don't flash in your face.

Quote

it also has access to your whole computer.

Hi

I've been WONDERING, as we can identify with firewall, virus sender's IP addresses, how come there's apparently no other way to retaliate other than restricting those IP's from communicating with your PC?
ThanksThey are more clever and devious than we are.Thanks for that, I suspected as much. That being the case, is it actually worth my while restricting every single attacker's IP address individually, when I've got Norton antivirus/firewall/goback?I don't use Norton but some people like it, and some don't. With proper protection you should be OK.Cheers for that GX1-Man. all the best Quote

as we can identify with firewall, virus sender's IP addresses

Hi

Posted requests for help under internet about three dodgy websites that keep opening up on my computer when I'm on internet, two of which are sick *censored*

http://213.193.215.174/ssredir/gb.html (porn)
http://www.megashoppingportal.com/uk/
http://www.virgins.se/index.php?ccode=UK&cnum=44 (porn)

I've followed the advice given on how to clean an infected computer and spent hours doing full virus scans, anti spyware scans and virus scan in safe mode too.

I had a Trojan virus on my computer which has now been removed.  I rebooted and went on to internet and when I went into my faves to come on to this website it took me straight to the first porn site on the list.  Does this mean I still have a virus or some sort of problem with my computer?

Any help gratefully received.

debsdebbiekayekaroqe......I would be inclined to D/L ....hijackthis ....because it sounds like you have a hijacker ........ http://www.download.com/HijackThis/3000-8022_4-10227353.html
Save it to a folder on your desktop........ then run a scan , save the logfile it generates and post the log here ......... If the logfile is too large to post in one post ......post it in 2 posts .....

dl65  part 1....

Logfile of HijackThis v1.99.1
Scan saved at 20:07:08, on 15/10/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running PROCESSES:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\BROTHER\CONTROLCENTER2\BRCTRCEN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\DELRINA\WINFAX\WFXSND32.EXE
C:\PROGRAM FILES\MSOFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MSOFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\BLUEYONDER IST\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj CLASS - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
part 2....
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "c:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] c:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [msqsearc] c:\windows\system\msqsearc.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Startup: WinFax PRO Fast Start.lnk = C:\Program Files\Delrina\WinFax\wfxsnd32.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\MSOffice\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\MSOffice\Office\FINDFAST.EXE
O4 - Startup: blueyonder INSTANT Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Dell Home - {24CE81C0-B8D3-11D3-9B2D-B0314FC10000} - http://www.dell.com/ (file missing) (HKCU)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs5.chat.yahoo.com/v43/yacscom.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://www.egreetings.com/cnp/Install/AxCtp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.tynebridgewebcam.co.uk/camimages/AxisCamControl.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37320.cab

debbiekayekaroqe.....OK ...here's what Iwould mark for removal. .....

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.exe -startup

O4 - HKLM\..\Run: [msqsearc] c:\windows\system\msqsearc.exe /install

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\MSOffice\Office\FINDFAST.EXE

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmwordtrans.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate Page into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR2.DLL/cmtrans.html

O9 - Extra button: Dell Home - {24CE81C0-B8D3-11D3-9B2D-B0314FC10000} - http://www.dell.com/ (file missing) (HKCU)

Note ....I have suggested removing all google toolbars.....they attract a lot of spyware and other crap.......just use the google search page instead.

Press fix marked and see how it looks

dl65  



Hi dl65  

Well I have removed those you suggested... thanks for that.

When I really think about it a lot of problems have started SINCE I installed the Google toolbar... I also had a Yahoo and MyFunProducts toolbar and they all seem to get mixed up with one another and for instance I would remove Yahoo via View, Toolbars and it would remove Google instead or vice versa.  I think the old saying is best... less is more!

I'll see how things go but hopefully that will be it.

Thanks for all your advice

debsAny toolbar is a bad idea. These outfits don't just distribute these things for our benefit. It's for theirs!Toolbars are a bad idea.

If you get a lot of Spyware etc maby you should download Microsoft Anti-Spyware and run that every week.

R0SS
Quote

If you get a lot of Spyware etc maby you should download Microsoft Anti-Spyware and run that every week.

Linx boy, Linx still gets viruses and stuff.

hey, can someone PLEASE help me? my computer seems to love giving me lag time. its a 2.8 ghz pentium four, 512 mb, about 115 gb of harddrive space. i've already tried cleaning out my registry, did spysweeper, spybot, and ad-aware, AND i have two different virus checkers: norton and microsoft antispyware. but no matter what i do, it still LAGS like no other. I mean, if i even run LIMEWIRE on it, my computer almost freezes. I'm thinking it has something to do with my hyperthreading stuff...how do i turn hyperthreading on or off, and if my problem ISNT due to that....PLEASE HELP!Before we start...

Free online virus scan
http://www.pandasoftware.com/activescan/activescan/ascan_1.asp

Free online spyware scan
http://www.pandasoftware.com/spyxposer/pavspy1.aspeya...none of those links work LIMEWIREbut my computer didnt freeze when i did limewire BEFORE AND a lot of my friends have limewire, and it works perfectly for themCan cause lagging/ plus spyware etc......as your pc is open to all on the net?

http://www.limewire.com/english/content/home.shtml Quote

eya...none of those links work

hey, can someone PLEASE help me? my computer seems to love giving me lag time.

eya...none of those links work

If the problem still persists, download & run
Hijackthis & post the logfile in here.

Hello,
My name is Chris Ruona, I live in the Reno, Nevada area.  Recently I experienced a Corrupt File issue.
I have this Corrupt File and my system newer one with Windows XP says to run CHKDSK Utility.  How do you run this utility,  my bad file comes up under an address
ybrowser.exe  C:\ProgramFiles\Yahoo!\browser\toolbar\Data\feed4.data

Any answers or suggestions would be greatly appreciated.
Sincerely  Chris RuonaFrom a dos prompt.

C:\WINNT\system32>chkdsk /?
Checks a disk and displays a status report.


CHKDSK [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]]


 volume          Specifies the drive letter (followed by a colon),
                 mount point, or volume name.
 filename        FAT only: Specifies the files to check for fragmentation.
 /F              Fixes errors on the disk.
 /V              On FAT/FAT32: Displays the full path and name of every file
                 on the disk.
                 On NTFS: Displays cleanup messages if any.
 /R              Locates bad sectors and recovers readable information
                 (implies /F).
 /L:size         NTFS only:  Changes the log file size to the specified number
                 of kilobytes.  If size is not specified, displays current
                 size.
 /X              Forces the volume to dismount first if necessary.
                 All opened handles to the volume would then be invalid
                 (implies /F).
 /I              NTFS only: Performs a less vigorous check of index entries.
 /C              NTFS only: Skips checking of cycles within the folder
                 structure.

The /I or /C switch reduces the amount of time required to run Chkdsk by
skipping certain checks of the volume.

C:\WINNT\system32>
Hi I tried to run the paths=
C:\WINNT\system32>
and
C:\WINNT\system32>chkdsk/C

also no luck it says bad path specified.
On Dos Program.

Do you know of any other paths to run to
get rid of corrupt file on chkdsk.  Im suprised you cant
just run chkdsk right off windows program.
Thanks  Chris Ruona
Quote

also no luck it says bad path specified

1) When virus attack computer, I hope it would first attack the c: drive
( which is the booting drive, i.e. the active drive ). and the browser is generally in the c: drive.

Does it affect other drive also?

In that CASE is there any way to save other drives (drives that are not set as active) from being attacked by the virus ( i.e any protection or encryption?)??

2) Can viruse damage h disk surface?

1) Use antivirus, antispyware & firewall.
2) No.There are numerous variants of virii out there that can attach/infect any drive on your system except CD drives.
They can hide/migrate and be transferred WITHOUT you KNOWING to drives/folders removable media etc.

The more sophisticated the protection programs BECOME the more sophisticated the virii writers become...

Take fed's advice.

patio. Quote

2) Can viruse damage h disk surface?

In that case is there any way to save other drives (drives that are not set as active) from being attacked by the virus ( i.e any protection or encryption?)??

Yes. Don't be stupid.  

Gentalmen I am new to your forum however I am in need of some inlightenment.  I have recently had a problem with my computer, I am constantly hearing a voice yelling out "GO USA".......Yet even after I run all my viruse, and malware (PC-cillen, SPYbot, AD-ware SE, Microsoft anti-spyware) I can still here it.  As upsetting as it is I cannot seem to get rid of it.  I have check everything INCLUDING the regestry.  If anyone can help please give mt a hand.  Looking for a possible solution besides the complete reboot.  I just heard it again.  Only when I am ON-LINE. Are you USING AIM or another instant messaging program? E-mail?

[glb]Flame[/glb]What country are you in??




have you done ALL of the scans in safe mode? Do you have stuff downloaded from the net? AIM, QuickTime or cr*p like that?I live in the U.S. in California to be exact and Yes I've done everything to eliminate the pile of [email protected]#p.  Short of re-installing my OS and whipping out my hard DRIVE.  Everything I download off the net is scanned, or so I think.  I even use A-squared and NOD 32,  Its very irritating.Do this first then if your computer is clean then we can look for a running program that you didn't install.

Free online virus scan
http://www.pandasoftware.com/products/activescan.htm
Free online spyware scan
http://www.pandasoftware.com/products/spyxposer/com/spyxposer_principal.htmDid you visit these pages?

http://www.gousaimmigration.com/about/hamud_services.shtml

http://www.gousatravel.us/

http://www.flickr.com/photos/fsckfsck/sets/121463/

I do not use aol instant messanger even though I have it installed, and I did not go to the sites that  had anything to do with "Go USA" in them.  However I will try the panda on-line viruse and malware.  Wish me luck.We all wish you luck. May the force be with you.

GX1_MAN Thank you I just now finished with the download of panda security we'll see what happens...........This isn't the way I wanted to spend my night.Just another hidden benefit of using Windows. Download updates, repair, reinstall...the list goes on forever.  

I do not miss that at all!!!!


Let us know what happens.

I would just like to thank all of you for your support, however the problem still exhist.  10:00am pst It came up again.  After running all my spyware support including panda security what is my next OPTION?  I realized it's alot to ask but as I said I'm a Rookie when it comes to computer support. You may have been so victimized that a total reinstall would be easier (and quicker) than hunting this rogue event down.

I feel so used!!!!!!!!!!!  But alas you are correct.  I will have to re-install this weekend and reformat everything. :-/ WOW what a freaken a%$#&^e.  Thank you all for the advise and I'll keep you posted.  Luckly I still have my files back-up.  There he is again. 1332pm pst.  Download and run Hijackthis and post the log file.2k_dummy here is what you requested

Logfile of HijackThis v1.99.1
Scan saved at 7:15:54 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\AOL\1127698185\ee\AOLHostManager.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\AOL\1127698185\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1127698185\ee\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\The Battman\My Documents\My eBooks\hijackthis\HijackThis.exe

Hi Guys, looking for help. I have a problem removing something called Virtumondo that REDIRECTS my browser. I tried removing cookies and temp files then running MS antispy, Norton AV, and AdawareSE  in Safe Mode. I can run the MS Antispy, remove it, run it again immediately and it's still there. I'm at a loss as to what to do next. Thanks for any suggestions.Boot into safe mode and run the scans fromn  there. If that doesn't get it, restore from earlier point when everything functioned correctly.

Always keep those scanners up to DATE and practice safe surfing, if using Windows!



(Gee, I'm glad I'm beyond all that now!  )1st try Cwshredder, if that fails move on to Hijackthis.
System restore can potentially remove your drivers, (SPs?) & hotfixes.  Jeff Stornelli....
Quote

Hi Guys, looking for help. I have a problem removing something called Virtumondo that redirects my browser.

i have a dell d5100
i have norton internet security installed.
the thing is,IM having trouble with nortons firewall
i have the rule for microsoft printer spooler service set on automatic...(norton did that itself).
thing is....when i open up games,photoshops etc..i get this pop up in the bottom right corner SAYING*rules automatically created for the program:mircosoft printer spooler service...and it just keeps popping up for like 5 minutes,even it i click ok.
ive looked in my trusted programs LIST and its there set on auto and it still pops up...ive even set the rule to permit all...but the pop up still keeps popping up
its driving me nuts...im thinking of just turning nortons firewall off and setting up windows xp firewall,but i know this isnt as good,BEACUSE it dosnt STOP outbound connections.
any help please.....

Hey EVERYONE.  I've got a virus warning that just won't go away!  Norton alerts me to the virus over and over even though the removal tool I used says it didn't find it on my computer.  What gives  
Here's how it appears on the warning window:
Virus Name     Trojan.Vundo.B
Action Taken   Unable to Repair this fle
Action Taken    Access to the file denied

How can I get rid of the warning window?
Thanks for your help.
Did you run the removal tool in safe mode?
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vundo.b.removal.tool.htmlMarleneD.......Did you shutdown your system restore and then run the removal tool in the safe mode ?

dl65  I actually tried to run it in safe mode but, when I was in safe mode I just had a black screen and didn't know how to get to the repair tool which I had orignially downloaded onto my DESKTOP.  Then, I didn't know how to get out of safemode.  I ended up finding the system restore window and ran that going back a few days which brought me back to the regular window.
So, I guess what I need to know is how to get back out of safe mode
Do you all think I still have this virus on my computer?
By the way, I did shut off system restore to run the tool but I was not in safe mode.MarleneD....If you had saved the removal tool to your desktop...it should have been there when you were in safe mode....you were able to see your desktop in safe mode weren't you ? To get out of safe mode.......simply reboot and you should go back to normal mode ....


dl65  Safe mode can sometimes take a long time to fully load, I don't know why this is because it should load faster than normal mode.
Anyway, did you give it long enough to load the icons & taskbar?Maybe I didn't give it enough time to load the desktop.  I will try again but I'm just a little afraid  :-/  When you say reboot, is that the same as restart?  When I restarted the computer it came back into safe mode  
MarleneD...... reboot is the same as restart......
What O/S are you using ?
What happens if you repeatedly tap F8 as its restarting ...arent you given the option of selecting how you wish it to start ?
When in safe mode you should have the word safe displayed in each of the 4 corners ......and there will be no background shown .....the RESOLUTION will be differant . All of your normal desktop items will be shown.

dl65  I have Windows XP.  Will try again now and report back what happens.  Wish me luck.Good luck....we're all counting on you.O.k. gang,
So, I got into safemode by pressing F8.  Black screen came up with no desktop.  Brought up Task Manager (Ctl, Alt, Del) then navigated to my desk top (File, New Task, Browse button) and started the removal tool.  After removal tool ran it reported that no trojan.Vundo.B had been detected.  Then, I ran a full scan (Norton) in safemode, since I was already in that mode; again, through Task Manager.  The scan revealed one virus - YES, that's right folks that Vundo.B bug!  I deleted it, restarted and went back to normal mode but,  I still got the same  red flag virus alert message.  
The Symantec website suggests that when persistent messages appear it could be that Windows may be using the file.  Symantec also reccomended that if after using the scan in safemode and messages still appeared then the next step is to delete the value from the registry.  Well, I still get the virus alert message so I guess that's my next step :-/  
It gave some specific subkeys to delete:
HKEY_LOCAL_MACHINE\SOFTWATE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\[Trojan file name]

HKEY_LOCAL-MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}

HKEY-LOCAL-MACHINE\SOFTWARE\Microsoft\Windows\urrentVersion\Explorer\Browser Je;[er Pbkects\{_44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}

"Is it safe?" to delete?Nothing to lose. Just backup your data in case of catastrophe.

I guess that is SOMETHING to lose, though, isn't it?Once it's fixed Marlene I'd be interested to know what real time protection you're using & if it's uptodate?
I thought you got your protection sorted out last time.MarleneD.....I would be inclined to check the following before making the registry alterations......

1 make sure system restore is turned off .
2 go to control panel ....folder options and click view ......then make sure .......Show hidden files and folders is marked. Now click apply and ok.
3 Run a scan with your anti virus (make sure its up to date)
If its still there .......click start /Run .......in the run box type regedit and enter. when the registry editor opens ...click Edit , then Find .......in the "find what" box type Vundo   then click Find next............let it search and it will take you directly that entry ......hilite it and right click and select delete .......now go back to the find what box .....and Vundo will still be entered ........so click find next again it will search until it either finds another entry or you will see the message ......finished searching through the registry. At this point go out reboot and see if things are ok.

dl65  Well, I finally got the alert window to disappear from everyone's log on except for mine (we each have our own log on windows in Windows XP).  I'm very perplexed as to why it keeps popping up after I've run the removal tool , making sure I follow all instructions i.e. turn off system restore, run removal tool in safemode then scan in safemode etc.  Then the result of the removal tool is always "trojan.vundo.b not found on computer".  The result of the scan reveals 1 virus found (vundo) , I remove it and it always says that it was succesfully removed yet I still get that alert window!
BTW, it's curious to me that I still get a black screen in safemode with no desktop at all; only the word safemode on each corner and a sentence in the middle top screen (can't remember what it says).  I click all around the screen and nothing happens.  The only way to navigate to folders and files is through Task Manager which I just happen to try by Ctl-Alt-Del.
Running through the registry I found one key that said trojan.vundo.b and deleted it.  The rest were anti-virus removal tool keys and still others did not say vundo at all even though the search was specific to vundo.
I have Norton Anti virus which came with my new computer (bought in May of 2005).  I have a Dell 4700 Dimension.  
Any other suggestions to remove this pesty alert window?
Thanks

Will RUNNING my restore CD get rid of my adware ( I guess it's a worm?) problem? Is it possible for a virus or worm to somehow SURVIVE the restore CD? Thanks. By the way I've done the safe mode removal METHOD with restore turned off, cookies/files deleted and it hasn't worked.That , and it will REMOVE all of your personal data as well. Be sure and back up what you need.



This will remove all Windows problems, for a while anyway.

What is left on the system? Have you tried KILLBOX?

TAKE a look at the link below to see if it is any help to you.

my computer is infected with TROJAN HORSE BACKDOOR.GENERIC.QDN which was detected by AVG antivirus. but it could not remove it. so please suggest removal toolTrend online virus scanner. www.trendmicro.comAVG in safe mode.thanx both of u.Let us know how it turns out.Antivirus programs aren't made to get rid of trojans. They may detect them, but few if any, can get rid of them successfully.

There are trojan remover programs made specifically for trojan horses:

TrojanHunter by Mischel Internet Security:
http://www.trojanhunter.com/ 30 day trial

Tauscan by Agnitum:
http://www.agnitum.com/products/tauscan/index.php
30 day trial

Ewido by (who else?) Ewido:
http://www.ewido.net/en/ 14 day trial after which  real time MONITOR and auto updates are disabled, BUT the program still functions well and you have unlimited use of it, though updates would need to be done manually.

Welcome MadameX, you're like a breath of fresh air.
Marry me?  LOL! Sure, we can find an online minister, have an online ceremony and live HAPPILY ever after online!

uh.....your website, ...or mine?  

I guess we could live in online sin.  LOL.....I guess so!  

Sorry, didn't mean to hijack the thread.It's a dead thread anyway, ½ the time you're lucky if they even come back to let you know the end results.
Good advice about Ewido there, it has to be the most under RATED scanner out there. Quote

it has to be the most under rated scanner out there.

Hi GUYS,

When I run my VIRUS SCAN (ez antivirus) it tells me there are 8 viruses on my machine. My net connection seems to be running slowly so that is what prompted me to check.

The status just says "infected" - so how would I go about getting rid of them please?

Many thanks for any replies posted.

Kop442000.I don't know about that program but you can get free online virus scanning at www.trendmicro.com

I'll bet that can remove some of the problem. Shouldn't your virus scanner have a way to protect you better, though?kop442000......By any chance are you using the 30day free trial version ov ez antivirus? ....... If you are its quite possible that it is no longer fully functional........
Let us know

dl65  If you want to get real serious...
http://forum.grisoft.cz/freeforum/read.php?4,27725,backpage=
Or you could give Ewido a run, it's very aggressive so be careful not to delete any of your own 'toys'.  Thanks guys.

I ran a programme on that "TREND micro" link that was posted, and that seemed to sort my problem out. ez anti virus no longer picks up any problems.

The version is actually a 12 month free trial, and it not expired yet, so is fully functional as far as I know.

Thanks for the help.Glad you go it fixed!I seem to have something called  freeprod from opening AIM any way to get rid of it
This should be ANOTHER warning to all AIM users, and messenger, and P2P, etc.

Do a google search on the offending item.I did a scan & found a hijacker called Jagee.

The vast majority of it comes from the usa.......its about time they stopped..........it.........FED .....
Quote

I've noticed a SPAM INCREASE over the last week or so.  

Is that anything like Prem ?

What's Prem?

I was told today by a friend that my computer has been sending them viruses through msn messenger
(they were told this by a computer tech guy)
I'm not sure what to do to stop my computer from sending viruses out.  Can anyone help me?Uninstall Messenger, AIM, any P2P stuff and you should be good with proper preventive maintenance.

AdAware
Spybot
AVG AntiVirus

All free, just google for them.so once the cleaning is done its SAFE to install my messengers again?Yes. As long as you have up-to-date virus and Spyware protection, as well as a FIREWALL, you are safe. I have 3 messengers running at once. No issues. Virus protection will catch anything FUNNY. Good luck, and come back and see us if you have any more questions!  

[glb]Flame[/glb] Quote

I was told today by a friend that my computer has been sending them viruses through msn messenger
(they were told this by a computer tech guy)
I'm not sure what to do to stop my computer from sending viruses out.  Can anyone help me?

okay, a week ago i installed my McAffe on this computer and tried to uninstall norton because norton is just annoying the *censored* out of me, but I need a PW and I never got a PW to uninstall it.

is there anyway around this?A PW?  

[glb]Flame[/glb]yea it has been asking for a PW to uninstall

&LT;- exactly how i looked when i saw it tooIf it's a legal Norton just call them perhaps? I have never heard of a PW for this program's uninstall.yeah, i think i'll call tomorrow, thanks for the helpdid a Google for "Norton PASSWORD to uninstall" and this was the first hit:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=


Google is your friend and you can do it, too!arielle..... Which VERSION of Norton are you using ........  I came across this ..........it may assist you ...

For unmanaged Norton AntiVirus CE installs, there is a GRC.DAT file available on Worf which will password protect the un-install of Norton AntiVirus CE version 9.x on a workstation. After installing Norton AntiVirus CE from the CD-ROM, FTP to worf.cc.mcgill.ca\sharedvol\pub\mcgill\navce\datfile, copy the GRC.DAT file from there to the \7.5 directory on NT/2000 WORKSTATIONS, or the \program files\Norton Antivirus directory on WIN9x workstations. The un-install of Norton AntiVirus CE version 9.x is now password PROTECTED.
Just had another thought ....... you are the computer administrator aren't you .

dl65  

I have a Dell computer running XP Home causing problems requiring rebooting for applications and sending advertising messages. Probably AIM related. spybot reports "system service75" but it cannot be deleted. I can't post the hijack log on here as it is apparently too long I can email it to anyone asking. This seems to be the ASSOCIATED file pokapoka75.exe.

rumple21

rumple21.... So where is Spybot telling you the pest is residing ?
Do you have your system restore turned off ? .....and BTW you can post your hijackthis log here in sections ........
Quote

This seems to be the associated file pokapoka75.exe.

I have installed Panda active scan pro. How do I add a shortcut on my Desktop?  Articles in Google refer to the shortcut but I can't find the installation instructions mentioned. The shortcut installalation for this program appears to be different from the standard method.
Thank you for any suggestions.Add a shortcut to desktop or quick launch? Start-&GT; Programs _> accesories where ever the application name to run it. You can right click on that and select add short cut or you can go to My computer search for the application right click it and add shortcut. It will move it onto desktop. To move it to quick lauch click and drag it to the quick launceh areaUnfortunately it isn't quite that simple. Panda Active Scan Pro is not listed in start/accessories. I cannot find the exe files listed in Program files also.
I have found in the (find/files/folders)Active Scan Pro in C:\Windows\Recent  a 1KB shortcut listing among other files , however there is no shortcut file listed under the Recent folder,  can you suggest anything further I can try. Thank you for your input.WalterLes...What o/s are you using ?

dl65  Sorry , should have included this at first post.The OS is Win98SE.
AVG,skybot,Adaware,HIjackthis,Panda Active Scan Pro,ZONE Alarm.Why would you want a shortcut for a program that runs on startup?
Are you sure you are asking the right question?
I think I am asking the right question.  My Active Scan Pro  does not run on start up.
To start Active Scan Pro you need to connect to the internet and access the Active Scan Pro web page. A link  on the web page is called  "already a client" shows a security lock labled 'shortcut to Active Scan Pro'.
Clicking on the icon brings up the Active Scan Pro - User IDENTIFICATION  page (user name/password). Typing in your information brings up the Active Scan Pro download page.  When the download is completed  Thea Active Scan Pro  scan options appear and you start your scanning.
I'd prefer a shortcut icon on my desktop.
Since Panda shows a shortcut available (although I can't find it)  I had hoped SOMEONE who has the SECRET  might pass it on.
Someone---Shortcut to Active Scan pro , please.

Ok, my computer will randomly restart, and afterwards my wireless internet connection won't even show up. After it restarts, it says the system has just recovered from a serious error. The error reads:

C:\DOCUME~1\MATTHE~1.MCE\LOCALS~1\Temp\WER3d2e.dir 00\Mini101305-03.dmp

C:\DOCUME~1\MATTHE~1.MCE\LOCALS~1\Temp\WER3d2e.dir 00\sysdata.xml

System restore isn't even working, it will just say Restoration INCOMPLETE after trying. I ran all anti-virus, spyware software, and it comes up with nothing. Here is my "Hijack This" log, if that helps:
RUNNING processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital IMAGING\bin\hpqtra08.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\system32\HPZipm12.exe
E:\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra CONTEXT menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Any ideas?I can't say definitely that this is your problem, but I would strongly advise you to get rid of webshots. After uninstalling, rerun spybot and adaware.As above, plus are you using AOL, or any othat AOL cr*p? I see reference to AOL stuff.....Matt McEwan......Well for openers , what operating system are you using ?
How long has this issue been going on ?
Do you have all the latest updates for your O/S ?

I note entry# 018 in your hijackthis log should be removed .......

dl65  I am using AIM on my computer. I am using XP Home OS, and this problem has been going on since 2 days ago. I have service pack 2 installed.Also, this error report comes up when I try to reinstall the wirless modem/card software:

C:\DOCUME~1\MATTHE~1.MCE\LOCALS~1\Temp\ead1_appcompat.txt

can someone please check my hijackthis log FILE to see if i may have spyware or viruses?
I will have to make it in 2 separate posts.



Logfile of HijackThis v1.99.1
Scan saved at 7:04:11 PM, on 9/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CLAMWIN\BIN\CLAMTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\m18kavyu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\m18kavyu.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\RUN: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Google Search - RES://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Shdocvw.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.Logfile of HijackThis v1.99.1
Scan saved at 7:04:11 PM, on 9/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,17/mcgdmgr.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {C3665F08-0C10-488D-BE42-F3FB2848039B} (PagooOneClickInstallActiveXControl Control) - http://www.pagoo.com/PagooOneClickInstallActiveXControl.cab
O16 - DPF: ConferenceRoom Java Client - http://webmaster.webmaster.com:8000/java/cr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neopets4.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.17/ttinst.cab
O16 - DPF: {70522FA0-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {AFDD01B0-7ABB-11D9-9669-0800200C9A66} (MFInstall Class) - http://c.ancestry.com/MFInstall/MFInstall.cab
O16 - DPF: {96D338F5-8757-4A1C-AFEA-770A4036752F} - https://setup.bellsouth.net/wizlet/BellSouthDial/static/controls/WebflowActiveXCab.CAB
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

 trish35........
I would mark for removal the following :

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\SEARCHENH1.DLL

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - Shdocvw.dll (file missing)

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll

ok ....remove those and have a look ......

Please do yourself a favour and install a proper full time anti virus program .......
Try AVG ...... http://www.majorgeeks.com/download886.html      its free and works very well .....

Also D/L    ad-aware SE      http://www.majorgeeks.com/download506.html   also free

Let us KNOW

dl65  


Quote

can someone please check my hijackthis log file to see if i may have spyware or viruses?
I will have to make it in 2 separate posts.

I'm sorry Raptor, i didnt know that i wasnt supposed to post hijackthis logfiles here.

It found things that AVG identified but could not remove for me. (I don't remember, some kind of trojan.)

Hi,

I've been trying to fix one of my mate's laptop that is full of viruses. When i used the PC-Cillin antivirus to scan the hard disk, about 100 viruses were found and then i went to scan again using the microsoft antispyware, about 200 were found. I was really shocked when looking at the number. Never in my life have i seen something like this. Also, from the microsoft antispyware, i noticed that it says there are about 50 or 60 registry infected. I believe they have got into the registry. Then, i tried to remove the antivirus by following the procedure found from other website. That is to turn off the system restore and scan it again. That didn't work because it kept on coming back and appeared in the startup in the msconfig window.

I was wondering if there is really any other way apart from reformating the whole hard drive.

Thank you very much and LOOK forward to hearing from you.I would reformat that bad boy right away! You might back up the data files and scan them separately before putting them back afterward.

Of course I would put Linux on there to avoid this kind of scenario. You know, an ounce of prevention.....

Quote

I was wondering if there is really any other way apart from reformating the whole hard drive.

I've been trying to fix one of my mate's laptop that is full of viruses. When i used the PC-Cillin antivirus to scan the hard disk, about 100 viruses were found and then i went to scan again using the microsoft antispyware, about 200 were found. I was really shocked when looking at the number. Never in my life have i seen something like this. Also, from the microsoft antispyware, i noticed that it says there are about 50 or 60 registry infected.