Explore topic-wise InterviewSolutions in .

hey

i just have a problem installin my norton systemworks 2004...it SAYS its unable to continue and its an error.
i beleve there is a virus on my comp can sumone tell me how to fix this or remove it... i TRIED everything nuthin worked.

plz sumone help me out or send me info at

[emailprotected]

THANKS alot

romeoIf you think you have a virus, why are you not installing a virus scan? Read the 'Please Read This First - Viruses & Spyware' sticky for recommended programs.

PERHAPS cleaning your registry and removing redundant files will help you install the program. Is it a legal copy?

Regseeker

Advanced System OptimizerI don't think it was a virus. Even if it were a virus, when the first time you installed the program, it will run its virus scan first before continue installing, at least that what my NSW 2003 do, so that it should detect the virus.If the virus scanner is not equipped with the latest updates, it may not be able to remove the virus or detect it all.

A free online virus scan will do the most good in this situation.

After just getting rid of the GAOBOT virus last week & every other poosible virus i've just found out that these two "djrunner.exe and svchost.exe" didnt disappear..

Cant find a solution for them anywhere.. Im using Norton AntiVirus Software & ive tried Stinger on them (neither of them are detecting the viruses)

Have any of ye guys had encounters with either of these? If so, how did you go about getting rid of them?

I'm not very knowledgable when it comes to viruses etc.. so ALL help would be really appreciated.

ThanksSvchost.exe is a system function, I donot think you can remove or want to remove that.

However, what DJrunner.exe is, I donot KNOW.

According to the forums Google has shown me whilst searching for 'djrunner.exe ' this post seemed to have helped out a person who was 'infected' by djrunner.exe

Quote

I was able (it appears) to disinfect a home system (sitting behind a firewall) from djrunner2 by deleting the /bin directory that it was in and deleting a rtdx11??.dat FILE, an exe beginning with cdg... and all relevant registry entries.

im afraid in case i delete something important

Q: What's the worst that could happen?
A: Your system blows up and you're horribly burned and scarred, relying on others to care for your basic necessities.

Since this is unlikely (you might have to format your computer and start again) I'd say follow the advice in the other thread. You might be able to figure it out and post the fix here for others.

Svchost.exe is a system function, I donot think you can remove or want to remove that.

However, what DJrunner.exe is, I donot know.

According to the forums Google has shown me whilst searching for 'djrunner.exe ' this post seemed to have helped out a person who was 'infected' by djrunner.exe

If you are affraid of deleting something that may be important to keep your computer functioning, you can always make a system restore before proceeding

Hello. There are no problems with my computer but i jus want to stay on the safe side so can somebody please examine my HijackThis log and tell wut to delete? i will really appreciate it. thank u.

Logfile of HijackThis v1.97.7
Scan saved at 6:51:34 PM, on 8/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\3web\system\launcher.exe
C:\Program Files\3web\system\cydial95.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Pentium 4 Computer\Desktop\Jeffrey's Folder\Installers\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard DOWNLOAD Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RADIO - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx


O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - EXTRA context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX CONTROL) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (MINESWEEPER Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3734A957-FBD5-4F87-A404-4289C6F3DDFF} (DownloadScanEngine.ctlDSE296315) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07ac4d7b98c4acc0c222/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.6872337963
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - https://sympreg.bell.ca/HSEOrder/systemCheck/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B588D355-0547-44E1-9814-56D0EFB17923}: NameServer = 209.197.128.2 209.195.95.95If there are no problems, donot bother posting your log.

Use an adware scanner instead.

I need some help a toolbar INSTALLED itself on my pc and I found the thing in regedit and deleted all the files I saw that pretained to it. I thought I had it fixed.... a MINUTE later it REINSTALLED itself........... how do I get rid of it.Please Read This First - VIRUSES & Spyware

Install the programs recommended.

And use a program such as Regseeker or Advanced System Optimizer to clean the registry.

My brother sent me an email saying he has received 2 emails from me with ATTACHMENTS on them, but I didn't send either one of them. We both assume it's a virus, but we don't know what it is.

The attachment on the 2nd mail was this:

ATTACHMENT part 2 application/octet-stream name=the_message.scr

Anybody have any IDEAS?
Many viruses are able to spoof the address of someone else. By that I mean, I might be infected by virus X. X looks through my contacts list and pretends to be Raptor and sends itself to you. You get an email that looks LIKE it CAME from Raptor but it really came from me.

Other viruses can send themselves without showing in your sent list. You might be infected but not know it.Try scanning for viruses,

http://www.grisoft.com/us/us_dwnl_free.php - AVG Anti Virus - Freeware

or

http://housecall.trendmicro.com/ - Trend MICRO - Free

I know very little about E-mail, but if the problem occurs more often you may have to contact who ever provided you with that E-mail adress.
A very simple precaution can be to get into the habit of using a meaningful title field, something that you and your respondent would know but a malware bot wouldn't.
"Your pics" doesn't mean anything, but "pics of Jule's wedding in May" does.

It's not foolproof but does make for a good habit with your email correspondees. Excellent point Mark.

hi,
I have this AVG ANTIVIRUS software that i'm running, and for the last couple of days i keep getting a message that there's a trojan horse PSW.Bispy.D found in

System Volume Information\_restore{blah blah blah here}

So i go and run the Antivirus software and nothing comes up.
I then try accessing the System Volume Information folder and it keeps telling me access DENIED. Is there something screwy with my Antivirus software?

Perhaps it comes into conflict because Windows does not allow you to access that folder, and thus it warns you that a folder is passworded .

You can stop the folder from SHOWING by tagging it in Tools - Folder Options - Display - Hide Secured OPERATING System folders (Recommended)

This may cause your virus scanner to ignore the file.

These translation may not be 100% correct, I run a localized version.thanx man,
i tried that but it didn't work. i ended up installing the new version of adaware and that found it and removed it.

I have one more question, it regards something i found in my startup tab on the system configuration deal...

its LTMSG

whut in the heck is it?If is not something you recognize, I suggest you do a GOOGLE search or have Adaware run at startup, perhaps it can filter it out.

Adwatch is also a good idea to see if it attempts to make changes to the registry.if its this> .Ltsmmsg leave it ....this belongs to your lucent modem..it will not work without it...

Ok my comp has completely gone kaput.. it loads as normal my desktop image comes up and then nothing! No icons, no toolbar, when i click cntrl alt DLT the only program that shows up is something called Mdm, I have no idea what that is!
Have I got a virus or is my computer just insane?!? I have adaware and I usually run it before shutting the computer down but last night I was too tired and this morninng I'm met with this! Would that have affected it?

The only thing that was different on my computer last night was some porn pop ups that appeared and left icons on my desktop and in my start up menu! I deleted them. Any help as to figuring out why my comp wont load beyond the wallpaper and how to get my icons and shtuff back would be muchly appreciated!!

I live in hope!

HC.
I assume you have read through Please Read This First - Viruses & Spyware

You did not mention what OS is installed, if it is Windows XP, use the repair option (Boot from the XP disk)

You can also boot into safe-mode and remove WHATEVER may be causing the problem from there. (Install a recommended virus-scan, adware and trojan scanner in safe-mode)Yup i read the 'please read' part but felt my problem wasn't covered there so posted it here, hope that's ok?

I have Windows 98 btw.

I have tried running it in safe mode but it wont work, it jsut loads as normal, it doesn't seem to register when I click f8, so it still goes to my fdesktop and still no icons or toolbar or anything. I don't know what's caused it or how to fix it, etc. If it's a virus, at echnical fault something I did.... :-/

It's very frustrating!

HC.
.... try these methods .....hopefully one will work for you .

Method 1
Restart your computer.
While your computer restarts, press and hold the CTRL key until the Windows 98 Startup menu is DISPLAYED.

NOTE: If you are using the EZDrive tool, press F8 instead of CTRL.
Select the Safe Mode menu option from the Startup menu, and then press ENTER.

Method 2
Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Information.
On the Tools menu, click System Configuration Utility.
Click ADVANCED, and then click to select the Enable Startup Menu check box.
Click OK, click OK, and then restart your computer when you are prompted to do so.
Select the Safe Mode menu option from the Startup menu, and then press ENTER.

Method 3
Insert a non-bootable floppy disk in the floppy disk drive, and then restart your computer.
When you receive the "Non-system disk or disk error. Replace and strike any key when ready" error message, remove the floppy disk from the floppy disk drive.
Press F8, and then press F8. When you do this, the Windows 98 Startup menu is displayed.
Select the Safe Mode menu option from the Startup menu, and then press ENTER.

let us know how you make out.

dl65
MDM could be a ligitimate (but useless) file or it could be an exploit. Find your floopy boot disk and check to make SURE it write protected. Use it to boot the machine. Change to C: drive. Issue the command dir/s mdm.* and it should list the directory and file name of all files named mdm. MDM.exe is probably located in C:\windows or C:\windows\system or both. Rename each instance where it appears to mdm.ex_ --- this will prevent it from loading. Any other files named mdm should be deleted. Remove the floppy boot disk and reboot.Quote

.... try these methods .....hopefully one will work for you .

Method 1
Restart your computer.
While your computer restarts, press and hold the CTRL key until the Windows 98 Startup menu is displayed.

NOTE: If you are using the EZDrive tool, press F8 instead of CTRL.
Select the Safe Mode menu option from the Startup menu, and then press ENTER.

Method 2
Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Information.
On the Tools menu, click System Configuration Utility.
Click Advanced, and then click to select the Enable Startup Menu check box.
Click OK, click OK, and then restart your computer when you are prompted to do so.
Select the Safe Mode menu option from the Startup menu, and then press ENTER.

Method 3
Insert a non-bootable floppy disk in the floppy disk drive, and then restart your computer.
When you receive the "Non-system disk or disk error. Replace and strike any key when ready" error message, remove the floppy disk from the floppy disk drive.
Press F8, and then press F8. When you do this, the Windows 98 Startup menu is displayed.
Select the Safe Mode menu option from the Startup menu, and then press ENTER.

let us know how you make out.

dl65

what a piece of scumware this is its belongs to ENIGMASOFTWAREGROUP.COM 207.44.220.11 and a pain in the neck to get rid of...have spyweeper from webroot check your system for it?merlin_2......Yes Cool Web Search + whatever is a pain .
I had a go round with it several months ago.....FINALLY used Hijackthis to generate a log and then reviewed the entries one at a time and finally got rid of it. It's not a real malicous pest just very annoying. Does that particular version change your homepage? I think that version is one that changes the file extension so it's really tough to clear out.

Cheers
dl65 Are you still using IE, Dl65?

You should USE Firefox, I barely have spyware problems. The occasional tracking cookies when I have to use IE.Raptor....Yes ...I still use IE6......it rarely gives me any problem.....I did however find it necessary to remove MS virtual machine. I suspect that the browser hijacker took advantage of flaws in VM......but since then IE6 works just fine.....I should add that I run scans with Ad-Aware and Spybot on a regular basis.
It still amazes me how many PEOPLE are on -line without any anti-virus protection. When you suggest that their pc WOULD be a lot safer with AV .....the favourite answer seems to be....oh if I dont know who's the Email is from I delete it........how lame is that.........

dl65 It is not a matter of running fine, actually.

Internet Explorer works very good here as well, but I prefer Firefox because it is much more user friendly and has much better security settings.

I suggest you give it a try.

the MYDOOM VIRUS is BACK so be careful ok...>http://securityresponse.symantec.com/avcenter/venc/data/[emailprotected]

Hello, i just REINSTALLED my whole hard drive because i had a virus on my computer. I finally GOT everything set up, including my anti virus software, as well as downloading adaware and i think was hit with another virus. A message from Norton came up and identified it as a trojan. My homepage resets every time I try to get on the interent and there are pornography links added to my "favorites" However, when I search my computer for viruses with Norton, it says my system is clear. Adaware has also deleted about 140 objects from my computer. I need help on what to do, if I have a virus or not, and if so how to go about getting rid of it... because Norton says my system is clean. Thanks very much.Try Spybot S&D http://www.safer-networking.org/index.php?page=mirrors

And also set Ad-aware to boot when Windows starts. Settings -> GENERAL -> Run at Windows start up

I suggest you use a browser different from Microsoft Internet Explorer.

http://texturizer.net/firefox/ - Firefox - Freeware

you think i got a virus though? even though norton says i am clean... why would norton do that? thanks for the info!Not a virus, Ad/malware.

You should really be more CAREFUL what kind of sites you visit, clean your cookies and donot download any software from websites unless it is well-known.

thats odd, i didnt visit any out of the ordinary sites, or DL any software other than AIM and winamp. How do i clean my cookies? thanks a lot by the way, i really appreciate itClean your cookies and cache by heading to the Extra tab -> Internet Options -> General and then press the File and cookie removal buttons.

Wiping history can also be used. However, your browser will forget what websites you have visited.
unless they are stored in your favourites folder, ofcourse.

Some translation might be incorrect, I am using a localized version of Windows XP and Internet explorer.and if i do all of this, including spybot, will this problem disappear, and ill be good??If you set Spybot Search & Destroy and Ad-aware 6.0 properly, yes.

Be sure that they scan each and every file.

Also invest in a firewall if you have not yet done so, it will not help you get rid of pests, but it will prevent some connecting to the Internet and infest your PC even further.how do i do that? and what is a firewall?How do I do that, and what is a firewall?http://computer.howstuffworks.com/firewall.htm - How Firewalls Work

Setting Ad-aware and Spybot Searc & Destroy is only a matter of common sense. Go into their settings/options and tag as many options that make sense and seem to make the scanner take longer to complete.

Or look up their guides on the developer's home page and see if there is a guide that has a more in-depth explanation of the scanner options.THANK YOU!! i hope this will fix my problems...everything went as planned, thanks a lot raptor, my computer is fixed! and fire fox is great.http://texturizer.net/firefox/extensions/

Also look into these extenstions, they prove to be quite useful.

It's good that things have worked out, come back when you feel you need to.

The free online panda virus check is a hoax. When they emailed me they gave me a file defanged. I checked it with norton and what do ya know panda sent a virus before you run online program they'll ask for your email and tell you to dl the defanged and open it. Then once that it is done they'll tell you to run the online virus checker. Once youve installed the defanged it installs the virus. All Panda wants is to feel allmighty and powerful, meanwhile they plauged you and the online checker will say *hey you have a virus blah blah blah*. Panda is not to be trusted.Dorian Galli .......If you want a reliable online virus checker ......try ....... http://www.symantec.com/index.htm scroll down to the Symantec security check and then choose the virus scan........This will take a while depending on the number of files on your pc........It works.

dl65 You should not use free online virus scanners.

Retail virus scanners offer much better protection.I don't even use a virus scanner anymore. Just switch off the preview pane in you're email client and don't open any attachments you didn't request. If you know anything about computers, viruses are so easy to spot.

If you must have one (I'd recommend having one), AVG Antivirus is an excellent virus scanner, and it's free. I installed it on my parents PC to try and stop them screwing it up... again...

A totally pointless aside though: can anyone explain to me what "defanged" means? The dictionary says "defanging" something means removing it's fangs... Quote

I don't even use a virus scanner anymore. Just switch off the preview pane in you're email client and don't open any attachments you didn't request. If you know anything about computers, viruses are so easy to spot.

Do you have any idea how easy it is to be infected by even updating Windows?

I just downloaded this and whenever I click on it, I get an error but it stills work, I get the same error when I click scan.

Anyway, heres the log and I want to see if anything is wrong... (some of the stuff that came up is in chinese :\)

C:\Program Files\Norton AntiVirus\NavShExt.dll (FILE missing)
O4 - HKLM\..\Run: [X10Weax] C:\PROGRA~1\PERSON~1\wthrtray.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [helper.dll] C:\windows\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device v1.14e035] "C:\Program Files\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: Reboot.exe
O8 - Extra context menu item: 东方快车-保存翻译后的网页 - C:\Program Files\!Sunv\DFKC2003\ExtSave.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: PowerWord (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! TOWERS 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D} (WebDownLoad Control) - http://www.qiuer.com/hk/WebDownLoadProj1.ocx
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc30/java/bc3_bridge_i.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://client.commonword.cn/ad/itdoor/cdn.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37788.3690625
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6935EA68-4C36-47D4-88E9-B92998391D90}: Domain = earthlink
Giga....Well , I just had a look at your log and I didnt see any Chinese .......what did I miss? What was it you just downloaded?
Perhaps you could let us in on what the problem is your having and what error your GETTING ......the other thing is for some reason you didnt post all of the log......where is the rest?
Please let us know.

dl65 for some reason it doesn SHOW up, its those weird numbers &3423 etc, it shows up on my other pc wher ei type this tho. Ignore this post as I made another one, because I just signed up for this place and i cant delete this post. My new log is on the other one.

For a couple of DAYS now, I've had a trojan of some sort always changing my homepage. I installed a number of programs to do sth about this, but with no success (Adaware, Spysweeper, HIJACK Blaster).

I also have Norton AV on my PC, and it came to my attention there seems to be a problem here. In Norton, the system status shows 'Urgent Attention', and the security scanning features as well as the virus definition service all show 'Error'. There seems to be no way I can fix this. I just renewed my Norton subscription, but I somehow cannot complete any of the suggested procedures to enter my subscription key. I tried everything the Norton website SUGGESTS, but nothing seems to work. The only THING I didn't try is uninstalling and re-installing Norton AV, because that seems a bit drastic. Any suggestions?Download CW Shredder from here:

http://www.rcmillar.netfirms.com/subpages/Links.htm#Spyware_http://www.lavasoftusa.com/ - Lavasoft - Free Trial


http://www.safer-networking.org/index.php?page=download - Spybot S&D - Freeware

I suggest you INSTALL and run both programs.

Well first let me explain a few things my computer has been doing: (1) Whenever I click on IE, my homepage is always changed to something like "Virgin Lovers" or some other porn service page, despite me changing it constantly to my normal homepage. (2) Whenever I click on ANY folder on my computer, my computer either freezes where I have no choice but to restart the computer, or "Explorer" is not responding when I hit control ALT delete. (3) My Internet keeps acting up and I have pages that do not load because I'm apparently not connected to the internet, eventhough I have ADSL. (4) I can't Defrag my computer because the Defragging is quite sensitive I guess, and even moving the mouse CANCELS the defragging.

Those are just some of the things i can think of at the moment. I'll post more if I think of any

Also I have dled Adaware and Spybot search and destroy and have found spyware on my computer. I click fix it or destroy and I still end up with all the problems stated above.

I have been told to just reformat my computer, but I'm trying to avoid that. Also my mother doesn't want to fork out money cuz shes pretty cheap so thats why IM here posting ....So any help is appreciatedOh ya, another problem: Whenever I go to put a cd in my Cd-Rom, the autoplay does not show up, and when i click on the shortcut to the cd-rom my computer then freezes and i have to restart. I have to restart my computer to be able to play my game. :-/Brent....refer to the sticky......and pay particular attention to the part refering to hijackers..........visit the merijn site for info on how to interupt the hijacker log.
You can clean out your machine......but it requires an hour or so to review each log entry .....before you can run the fix. If you cannot figure out which entries to remove ..........post the log here and we can probably help you.

dl65 ill try that thanx alot Ok i got the pics of the lobs....the 3rd one is about 3 quaters of the 2nd one....but with a few more logs





You should try the other programs such as Adaware 6.0 and Spybot Search & Destroy.Brent....I have just spent some time looking at your log entries.......I SEE a lot of items which should be removed.....BUT first.....what operating system are you using? .........What is the computers usual home page?
Why do you have all those tool bars installed ?
What diagnostic tools do you run on the pc .....ie Anti virus , Ad-Aware , SpyBot and the like.
you should have generated the log and then saved it to Note Pad as suggested then I could have checked each entry in detail ....( this would save me several hours of work)
Why don't you open Hijackthis......and regenerate the log........save a copy (NotePad) ......then Email it to me.
My Email address is listed .....then I can review it in detail and send it back to you with the entries which should be removed.

Cheers,
dl65 Well, Raptor if you read everything I typed you would notice I have used both the latest version of Adaware and Spybot Search and Destroy.

As for dl65, I know a bit about computers and I do know that I don't need all those toolbars so I took it upon myself to delete them. I also ran that online virus scanner "Panda" or something and it found 3 infected files which were immediately disinfected. Most of my problems on my computer have gone away for me, but my mom opened up IE this morning and that porn page still came up. I am using Window 98, and my normal homepage is www.canada.com

I also deleted one of the logs that had the word Paltalk in it because we've deleted this program a while back and it comes back to haunt us every once in a while.

I feel dumb asking this, how do I save the logs to a notpad? I cant highlight them to copy :-/try this>http://www.spywareinfo.com/~merijn/downloads.html shredder? and this>http://gmpservicesinc.com/Articles/hijack.asp

write to me as the website i am trying to post to help you will not display for some reason....i already downloaded that.....i just need to know how to save the log list to a notebad.....do i have to type them individually?try this site is broken up so i can post it < www.content watch join them to gether >with this.com/audit/index.php?cid=26;9;0 ok its a fragment website address..this should sort you pc ....or download spysweeper from webroot.com...you can play with logs till the cows come home?You want to save the contents of your log to notepad?

I believe HijackThis its logs are allready in Notepad format.

If not, I suggest you press a button labeled 'Save Log' after pressing the 'Scan' button.Brent......The merjin site is under electronic attach at the present as it appears to be the main site that offers
a solution to the hijacker problem ......thats why I suggested you send the log generated by hijackthis to me . If you generate the log then click .....save log.....it will be saved in Notepad and you will find it in your documents and settings ....listed as hijack log
send that to me .......but be sure to generate a log of how your machine is now....not the way it was before you deleted some items.

cheers
dl65 Brent,
I'm not a pro but I had similar problems with my windows ME. I found three files in my windows downloaded program files that had the shock wave icon. All info on them was listed unknown. I deleted them and had no other problems. Hope this helps.

hi

1. Recently my cd drive has been going in and out of its own accord, popups galore, homepage stuck, and things installed without my asking. Not to mention the machine feels a whole lot slower.

Ive been told i have bugs and/or a trojan? Is this correct?
If so, how can i kill them/prevent against them in future.

2. I have a 80GB harddrive in the NTFS windows XP file system, split into 2 partitions.

Do i NEED to reformat and install the windows again to make sure im all cleaned? If so, How can i go about reformatting the main boot section (partition 1) only. I dont want to reformat the whole drive. In DOS at bootup via startup disk, its not detecting i have a C drive to be able to format, but when i do it whilst the windows its there.

Also, surely there is a way to combat these evils without always reformatting & how to prevent in future.

I hope you can please help, regards

JJP

p.s. it might be helpful to know that there are 4 users to this pc who don't all behave and feel the same about system security

e.g. my smaller bro has been caught viewing unsuitable websites , are these a cause of probs? If you wish to learn more about Internet security I suggest you read the following articles:

http://computer.howstuffworks.com/firewall.htm - How Firewalls works

http://computer.howstuffworks.com/cookie.htm - How Cookies work

http://computer.howstuffworks.com/virus.htm - How Viruses Work

Then; install or use this software:

http://www.grisoft.com/us/us_dwnl_free.php - virus scan - AVG - Free Edition

http://housecall.trendmicro.com/ - Anti virus - freeware - web based

http://www.lavasoftusa.com/ - Adaware 6.0 - Ad/malware scanner - Free trial

http://www.safer-networking.org/index.php?page=download - Spybot S&D - ad/malware scanner - Freeware

http://texturizer.net/firefox - Mozilla Firefox - Internet browser.

I suggest you TAKE these programs into consideration.

http://www.grc.com - Internet Security test and information.

Remember: They are watching you.

thanks alot pal ill give them a try.

p.s. do u think i shud reformat/install again, or is it a waste of time With these programs there is no need for formatting. Unless your computer remains slow, uninstall all UNNECESSARY programs and use a program such as Advanced System Optimizer

http://www.systweak.com/asov2/

To clean the registry, cache, cookies, files and more.

If you do format, install these programs from the start. I suggest you install a Firewall such as Zone Alarm that can filter certain websites from being viewed. And, ofcourse, block PEOPLE from accessing your PC.

http://www.zonelabs.com/store/content/home.jsp - Zone Alarm - Free Trial/Edition

I strongly recommend you install a Firewall wheter you format or not.

well i have a virus that alters win.ini and other files so it loads itself when i boot, even in safe mode, there are two of them that came together at the same time they are:
a)win32.opaserv.worm (with different letters between opaserv and worm)
b)win32.protoride.worm (also with different letters between protoride and worm)

i have ATTEMPTED using over 5 different removal tools and yes i did DISABLE system restore while i used the removal tools. i have tried different methods of restoring string values in regedit but when i went to replace the suposedly INFECTED values they were exactly what they were supposed to be.
i need help badly i am open to any suggestions or methods or anything because its really messin my puter up, randomly freezes and cant go to any website with an unsecure connection, msn freezes, asks me to download my HOMEPAGE when i go onto internet, and when i shut down it says if you continue you will DISCONNECT "some weir name" do you wish to continue?
i am in desperate need of help plzzzzzzzz find a way to end it all.Hi,
When I hunt these things down, I do the following:
(1) Ctrl-Alt-Del (task manager)= see if anything there is or has some relationship to what I'm looking for. In your case it will be "opaserv" and "protoride".
(2) Then I go to msconfig (startup) and look for the same there and un-check it.
(3) Next I scope out the add/remove programs and look for anything similiar there.
(4) Finally, I go to both Hkey_Local_Machine and Hkey_Current_User and do the following steps: Software,Microsoft,Windows,CurrentVersion, Run, Run Once and look for the same there.

I do all the above before I try any removal tools. At times I have peeked in Windows Explorer. If you find yourself in doubt for example what the things listed in Ctrl-Alt-Del are, go to www.answersthatwork.com and click on tasks list. If you need more info on programs go to: www.windowsstartup.com....Keep us postedHi,
Disregard my previous email for now...Go to the following site; www.trendmicro.com/vinfo and you will see where it says virus search, type in "opaserv" and after that type in "protoride" and you will get all the info you need on them. When you type those in, as a reminder do so without the quotes...Good luckInteresting, I'm gonna try this next time I get a problem.
Thanks for the info.

Once every day or two I get short, ANONYMOUS, cryptic email messages, like...
"Is this you?"
"Confirm your password."
"I'm waiting."
...and such. Each has a .ZIP attachment, but I don't open them, for fear of introducing a virus to my computer. Back in the beginning I did open one, but it contained gibberish. Each is from a different email provider, too, like ntsonline, etc. I use a Mac, OS 9.2.2, Internet Explorer 5, Outlook Express 5.02. These don't seem to damage anything. They're just pesky and insidious. Are they viruses? Can I do anything to track them to their source, or eliminate or block them?

Thanks,

Tom in TexasCan't be 100% SURE they're viruses but it's QUITE likely. My rule of thumb is, if you don't know the person and didn't request the file then you don't want or need it.There are programs that can filter E-mail. Mailwasher for example:

http://www.mailwasher.net/

Hello All,

This is my first time here and I REALLY hope someone can help me out.

My question: Is there a WAY someone can FIND out where another person is online, for example, an online public chatroom? I sometimes chat at a public television network chatroom and this one person seems to know exactly which room I'm in at all times, despite the fact that I change chatrooms and chatnames each time I go in and I don't have a regular routine as for as the time I chat. How can this be? Has this person somehow hacked into my computer? I've run SPYBOT and I'm all clear and have found no viruses with Norton.

I know this is a strange request but I really would appreciate any input and help as this has been going on for quite awhile now and I'm thinking that if this person can find me there then I may have some sort of Trojan or virus and other things may be at risk (or, is there such a thing as IP "tracking" and, if so, how would that person do it in a public chatroom where IP addys are not logged?).

Thank you for your time and help. An online stalker. Aren't you the lucky one.

There is probably a unique ID binded to your account (IE: Cookie) and avaible to the people using the chatbox MIGHT be a command that allows them to search for that unique ID.

Unless you have accepted files from this person or you have given him your IP I seriously doubt he has hacked you.

Try changing your IP.

Logfile of HijackThis v1.98.0
Scan saved at 22:50:59, on 7/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\LEXPPS.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\windows\System32\carpserv.exe
C:\windows\Mixer.exe
C:\Program Files\USB Storage Device\shwicon.exe
C:\windows\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Mozilla FIREFOX\firefox.exe
C:\windows\System32\conime.exe
C:\Documents and Settings\user\Desktop\RC\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: ?eé??ìò?(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: ??·??ì3μ - {3EA85E14-887D-4E2F-91E2-3158CE58ED62} - C:\Program Files\!Sunv\DFKC2003\IEBand.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AOpen\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device v1.14e035] "C:\Program Files\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: Reboot.exe
O8 - Extra context menu item: 东方快车-保存翻译后的网页 - C:\Program Files\!Sunv\DFKC2003\ExtSave.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: ??·??ì3μ - {0B66EBA4-5F53-40e4-B17B-A0E9BC1E8D50} - C:\Program Files\!Sunv\DFKC2003\IEBand.dll
O9 - Extra button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5.yahoo.com/c174/chat.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {36CB6B28-FC08-4373-8F54-1A02E3C15B7D} (WebDownLoad Control) - http://www.qiuer.com/hk/WebDownLoadProj1.ocx
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc30/java/bc3_bridge_i.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://client.commonword.cn/ad/itdoor/cdn.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6935EA68-4C36-47D4-88E9-B92998391D90}: Domain = earthlink
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dlldownload spysweeper form www.webrooot.com and clean out the junk..what browser are you using ie or firefox...also there are LOTS of reference to svhost?download stinger >http://vil.nai.com/vil/stinger/Please Read This FIRST - Viruses & Spyware

I suggest you download the programs that are recommended.I showed this log to someone and they said it seem fine to him.

I alreayd have spybot search and destroy and ad-aware which found nothing, ill try the rest.

I use IE and FirefoxGiga......Has you browser been hijacked ? I DONT believe you have mentioned that in your post. Perhaps you could clarify exactly what problem it is you have .


dl65
hehe, other than the problems i posted on the microsoft board, nope, i just posted here to get the log checked =) (also to show it to someone on another board because on that board, i had a problem posting this.)Giga1......Ah ha .....I wish you had said that you didnt have a hijack problem .......I have spent several hours checking and rechecking your log ( the one you posted here ) that was what prompted my last reponse , because I couldnt see anything wrong with it . In the future please dont post if you dont have any problems...
however you are more than welcome to contribute in an effort to assist people who have real issues with their computers.

Cheers ,

dl65 my two pennys worth i hate that hi-jack log why not monitor it yourself? just watch what you download? simple..Exactly, Merlin, why LET us do your work?

That's why I only replied with the link to the Administrators sticky.

Hi,
Can anyone help me I seem to have picked up a virus/worm or something that causes my MODEM to try to reconnect after I have disconnected from the internet and when i disable my modem a message appears that says kthx.owns-u.com.
I have tried to rid my computer of this problem by downloading ad aware and spybot and i have alsotried to reseach the problem on GOOGLE with not much luck.
Please help
cheers emackj Viruses and Worms are not ad/malware.

http://www.grisoft.com/us/us_dwnl_free.php - AVG - Free edition

http://housecall.trendmicro.com/ - Trend Micro - Free scannerSee Emackj? Told you you'd get more help posting in the forum. I went to the symantec site and search BROUGHT up nothing on any string combination of kthnx owns. It sounds LIKE a autodialer (this is a 56k modem I'm assuming).

Sorry if this has been posted before but I searched and couldn't find it.
Whenever I start internet explorer, homepage.com comes up as my homepage. When I tryed to change it nothing happened. In addition, I'm getting pop-ups constantly saying there is spyware on my computer. Ad Aware didn't bring ANYTHING up.
Here is my HJT LOGFILE:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PICASA\PICASAMEDIADETECTOR.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACK THIS.EXE
C:\WINDOWS\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\SYSTEM\CDSM32.DLL
O2 - BHO: (no name) - {8F260262-D97A-11D8-A225-444588BAC79A} - C:\WINDOWS\SYSTEM\LIPH.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [LifeScape MEDIA Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\RunOnce: [InstallGuide] C:\Program Files\FinePixViewer\INSTALLGUIDE\InstallGuide.exe
O4 - Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\FinePixViewer\INSTALLGUIDE\DXInstaller.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\WINDOWS\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.originalicons.com/members/arrtv.cab
O18 - Filter: text/html - {8F260261-D97A-11D8-A225-4445786859ED} - C:\WINDOWS\SYSTEM\LIPH.DLL
O18 - Filter: text/plain - {8F260261-D97A-11D8-A225-4445786859ED} - C:\WINDOWS\SYSTEM\LIPH.DLL

I donot THINK any of those HTTP adresses are required to OPERATE the computer. One of them may be causing your problem.

First time using this site & I'm, also not comp. savvy. Pls. be patient. I recently had a problem going on the Best Buy site. I used to be able to access but now I get a mess. that reads Wcs2000 has caused an error Wcs2000 will now close. Then it bumps me offline. Every single time and only that site. Also I occ. get a message that reads The connection was refused when attempting to contact compuserve.com or any other site I'm logging into. It doesn't happen too often but it's something that cocerns me since it never happened before. What does it mean Is Wcs2000 software you are using to connect to the Internet? If it is, I suggest you uninstall it and then install an updated version.

If it is not, you should scan for both viruses and Trojans. Refer to the PLEASE Read This First - Viruses & Spyware sticky for USEFUL links.Well, I SCANNED for viruses none but I was unsure about ad aware/spyware. I heard about it but didn't know if it was worth using. I did a free scan which said i had a worm and 2 other SEVERE errors. i noticed everyone on this site keeps recommending to use so I purchased one called noadware hope it's good. Tried to log ONTO Best buy and I didn't get bumped off. Thanks for leading me in the right direction. It seems to have worked. By the way what is Wcs2000? U said to unistall and then re install? Remeber not to keen on comp. terms.Quote

that reads Wcs2000 has caused an error<unknown> Wcs2000 will now close.

I have the virus referenced above. Everytime I start my computer I receive the error message "E47150: INCORRECT MPEG data format." I have Windows ME. When I try to boot into safe mode or normal mode nothing comes on the desk TOP, and there are no items in the task manager. I have no functionality. Is there any way to BYPASS the boot routine so that I can get to the command prompt?You can PUT in a boot disk and get to the command prompt that way but the safe mode options screen should provide an option to boot to prompt.Quote

Backdoor.sheldor - Trojan horse on: Today at 9:18am

--------------------------------------------------------------------------------
Thanks. But, there are only 4 options in the when I press F8 at startup and NONE are to start in "Safe Mode with command prompt only" and (silly me) I lost the boot disk. Any ideas where I can download from?

I RUN a Mac Power PC, OS 9.2.2, and I'm looking for a download of MacScan or the equivalent. EVERYWHERE I go, it says it's not currently AVAILABLE, or the like. Can anybody direct me?

Tom in Texashttp://www.securemac.com./typerecorder.phpOk, Merlin...I got to that page, and found Keystroke Logger/Type Recorder. Is that what I want? Clicked on "Monotorer" on that page and found a BUTTON for MacScan...clicked...got to MacScan News...clicked MacScan Download...and got the message "Download Disabled." Feel like I'm lost in a forest.

tom in texashttp://macscan.securemac.com/files/MacScanPBFAT.sit

My brand new computer is messed up, PLEASE help. The other problem isn't virus related though. Sorry.

FIRST PROBLEM


This always pops up when I open my Internet Explorer. I already have had my computer scanned by AVG ANTI-Virus System, but it said it can't DELETE or heal it. What should I do? I have a brand new computer & it's making everything so slow. Pop-ups also appear on my computer all the time now.

- - - - - - - - - - - - - - - - - - -
SECOND PROBLEM:


I tried to uninstall this program. So I went to Remove/Add Programs & removed it. But it still appears on my computer & pops up saying the above since I DELETED it. It's really annoying because the program still runs when I start up my computer.Install and/or run these programs:

http://www.lavasoftusa.com/ - Adaware 6.0 - Free edition

http://www.safer-networking.org/index.php?page=download - Spybot S&D - Freeware

http://housecall.trendmicro.com/ - Trend Micro Anti Virus - Free scanner

http://www.misec.net/trojanhunter/ - Trojan Hunter - Free trialIn IE, Tools, IE Options, Advanced, & under "Navigation" Uncheck:

"Activate install on demand" (Other) , and, "Activate install on demand" (Internet Explorer)

And make sure that you are using a firewall.

If you only use IE6 to update your system with then you can use Opera 7.52 for your internet working.

Opera has a built-in pop-up stopper. See: Opera, Options.

We have Windows 98 on our computer at work. We also have Norton ANTI Virus, with all UPDATES, etc. We recently ran a virus scan and found the following files(?) in Quarantine.

1. datF084.TMP
2. do.exe (2)
3. datC164.TMP
4. datF085.TMP

Can someone tell me what these are and how do we remove them from our system?

This is a great site and I have found many answers to a lot of questions. Keep up the great work, and many,many,many thanks for your assistance, in advance.If they're quarrantined then you're fine. You should have the ABILITY to view the items in quarrantine and delete them.Jakethecat........do.exe.....sounds like it could be a trojan....... http://www.pestpatrol.com/PestInfo/w/winpup32.asp

Here's some info on it

hope this helps

dl65 Thanks for the info Joleen and dl65! I'll pass this on to my BOSS and we'll do our best to remove them. We can't delete them with anti virus, so we'll have to go the HARD route. I think they will be listed with our anti virus program provider, now that we have an identity name. Thanks again.where would i find the quarrantine files to delete found viruses?There should be an option on the left of Norton that says "Quarantine"

I can't install ng Norton AV it keeps saying that it's having trouble installing Test_SymRedir. I really need help please! Anyone knows what to do?Which operating system are you using?Kitkat....what version is it your trying to install?

does it go thru the pre install SCAN ok ....or is that were its hanging up .Do you already have other norton PRODUCTS installed ?

let us know
dl65 robertmillar: I'm using windows XP


dl65: I'm trying to install the 2004 version and it does goes through the pre-scan alright. I used to have Norton AV before but I UNINSTALLED it before trying to the latest version.

Anyone knows what to do??robertmillar: I'm using XP


dl65: I'm trying to install the 2004 version. It goes through the scan alright it hangs-up during the installation itself. Well, i used to have another Norton product before but i removed it before trying to install this new one.You should use a program such as Advanced System Optimizer and Regseeker to clean your registry and redundant files that may be causing these issues. (ESPECIALLY if you uninstall and then reinstall the same program)

http://www.snapfiles.com/get/regseeker.html - Regseeker - Freeware

http://www.systweak.com/asov2/ - Advanced System Optimizer - FREE Trial

I suggest you follow the instructions.

Next to the time there is a yellow bell that blinks on and off. When I put the cursor over it it SAYS: "Take Advantage of the Hot Summer Sale" I TRIED right clicking on it to see if I could delete it but it only has: Open message and leave it.

I have Ad-Aware which scans each time I start up my computer and I have Norton Anti-Virus with all the latest updates.

Can anyone tell me how this thing got on my computer and what is it?Go to this SITE and download CW Shredder

http://zerosrealm.com/Please Read This First - Viruses & SpywareThank you Robert Millar. I downloaded CW Shredder and ran it and rebooted but the icon is STILL there.
Should I do ANYTHING else?have you downloaded anything recently? type msconfig in the run box and you will see what is starting up?Merlin I haven't downloaded anything recently. I put msconfig in the run box but I can't see anything that I can identify that is related to this icon.download spysweeper from www.webroot.com and scan for spys...etc..or have you installed any software recently..Merlin I have Ad-aware. Isn't that spyware? It runs each time I start my computer. I haven't downloaded any software recently.I can't believe it. I finally decided to right click on it and it was an ad from my email program....incredimail that I've had for years and I was able to delete it. I am so pissed and I'm going to let them know it. Thanks everyone for trying to help me. This is a great website.IncrediMail IS spyware. If you can look at your firewall or router logs, take a long look.If you had clicked the link I supplied you with and read the Administrators message you would have found more programs that could have helped you.

well apparently someway somehow some1 got on my screen name for aol on my other pc and sent pictures idk of wat and we got kicked off and then it happend again ne suggestionsFrom what I have heard, AOL is a horrible provider. You may wish to stay tuned for the opinions of the members who have experience with this provider..Many suns ago, when AOL first started, it was small and good. These were the days when DOS was KING and MICROSOFT was a small company. AOL was essentially a BBS, with a hugh download area filled with free software, and technical help abounded. Then Microsoft released things on the masses that were called IE and Windows. AOL was virtually consumed by them. As time progressed, AOL became powerful. It thought it knew what was best for its users. The download area disappeared, and the technical help became nonexistant. With all its power, AOL began to abuse its users, and the charter members left in droves. It charged exorbitant rates, censored its members, and its software PRACTICALLY took over the users machines and refused to play nice with other software. And this, my son, is how AOL came to suck.
_________________

If AOL Built Cars

1. The AOL car would have a TOP speed of 40 MPH yet have a 200 MPH speedometer.

2. The AOL car would come equipped with a NEW and fantastic 8-Track tape player.

3. The car would often refuse to start and owners would just expect this and try again later.

4. The windshield would have an extra dark tint to protect the driver from seeing better cars.

5. AOL would sell the same model car year after year and claim it's the NEW model.

6. Every now and then the brakes on the AOL car would just "lock-up" for no APPARENT reason.

7. The AOL car would have a very plain body style but would have lots' of pretty colors and lights.

8. The AOL car would have only one door but it would have 5 extra seats for family members.

9. Anyone dissatisfied could return the car but must continue to make payments for 6 months.

10. If an AOL car owner received 3 parking tickets AOL would take the car from them.

11. The AOL car would have an AOL Cell phone that can only place calls to other AOL car cell phones.

12. AOL would pass a new car law forbidding AOL car owners from driving near other car dealerships.

13. AOL car mechanics would have no experience in car repair.

14. Younger AOL car DRIVERS would be able to make other peoples AOL cars stall just for fun.

15. It would not be possible to upgrade your AOL car stereo.

16. AOL cars would be forced to use AOL gas that cost 20% more and gave worse mileage.

17. Anytime an AOL car owner saw another AOL car owner he would wonder, M/F/age?

18. It would be common for AOL car owners to divorce just to marry another AOL car owner.

19. AOL car owners would always claim to be older or younger than they really are.

20. AOL cars would come with a steering wheel and AOL would claim no other cars have them.

21. Every time you close the door on the AOL car it would say, "Good-Bye ."Id say switch ISP's but if you must....make a new account and change your password to something that is completely different than the others before.

yes i have a really stupid question a friend of mine is 32 and gay and is very dumb when it comes to computers and she was on her camera on her computer and was taking some PICTURES and LETTING it snap pics of him while he was in front of it and stuff and he is worried the pictures went other places without his knowledge
because the thing is this he just saved the pics to his computer but he did turn on these things that it had thre OPTION to turn or off and i dont klnow what these means
it says choose apps that can use camera
cortana
feedback hub
maps
microsoft edge
mixed reality view
onenote
photos
skype and store and he is worried that his pics went places he didnt want them too i MEAN could his pics go anywehrre without his knowledge since he turned on these things
PLEASE USE PUNCTUATION

It's asking your permission for which apps can access and use the camera when the apps are active. You might ALSO want to decide if your friend is a "him" or a "her". I suspect we'll be moderating your posts very soon.

Sharing this here in case anyone else gets hit with this one. I was surfing the web today and this one struck. Normally these hijackers get detected and cleaned out by malwarebytes but this one is able to hide somehow.

The website was a https:// secured http site named Lomotilnew with .xyz vs .com or .net etc and it targeted Firefox with /WindowsFirefox/ at the end of its URL path. ( There may be variant browser targets to target other browsers, but I'm not going to look for them ) NOTE: Do not assemble that URL path and go there because it will likely take your browser hostage! However the majority of the ones I have seen in the past have random alphanumeric URL paths that are 1 shots, where the path is temporary to try to get people to contact them and infect further or pay ransom money, but hides itself from being reported and pointed out to shut the website down because going back to the website would then show a blank white page vs the alert. This one is a different level of these in that the URL path appears to be functional to repeat VISITS or so the browser displays which could be a locally cached session that it reloads on session restore.

In the tab name of the window it displayed as Call+1(877)334-1444 *Note: Highly advised "NOT" to call that number or you could then start getting scam spammed. Too bad pay phones dont exist in my area as for I'd like to see who answers.

A Pop up box asking for a Username and Password is shown and you cant close or minimize and the entire system is locked with exception to CTRL + ALT + DELETE function and ability to type into this pop up box which might be trying to farm peoples username and PASSWORDS if anything is entered there. * Note: I didn't type anything into the 2 fields and went immediately to killing it off and removing it.

Looped was audio ( in a male text to voice ) that stated:

Quote

Critical Alert ... Your Computer has alerted us that it is infected with a virus and spyware.

Please call us immediately at the toll free number listed so that our support engineers can walk you through the removal process over .... ( Note the audio stops and loop repeats back from the beginning without saying "The Phone".)

So here is the fix:

1.) End Firefox in Task Manager which you will need to get there through CTRL + ALT + DELETE because the browser is locked and it wont let you minimize it to get back to desktop.

2.) From Task Manager end the Firefox Process Tree. ( Firefox will close )

3.) Now open up command shell by running CMD in the Start RUN or by typing CMD into the "Type here to search" box of Windows 10 lower left.

4.) With command shell now open enter START FIREFOX WWW.GOOGLE.COM (Note: This will FORCE Firefox to open Google and not the last session website(s) which the hijacker is at )

5.) You might see a tab to the left of the new www.google.com tab that says Session Restore. Ignore this! Go to History of Firefox and select Clear Recent History. A pop up box will now ask for the TIME Range to clear. It might be default of "Today" leave it as "Today" and then click on CLEAR NOW. Your browser history for today is now clear so that hijack website is gone from any prior sessions.

6.) Close Firefox browser and it might warn you if you want to Confirm Close. Click on CLOSE TABS.

7.) Firefox closes. Now open Firefox and it will open clean to Google or whatever Homepage you have Firefox SET to.

Hopefully Malwarebytes will eventually update their definitions to catch this one. But right now its undetected and it takes almost complete control of the computer with only option to getting out of it to CTRL + ALT + DELETE and go through this process to wipe out the last session through clearing the history and starting fresh.

NOTE: Do not assemble that URL path and go there because it will likely take your browser hostage!

My mother-in-law gave us this computer I believe it was purchased back in 2002, it's compaq, the operating system is xp-sp3.. if this make sense.
Anyway, lately i've been getting into videos and presentations and my efforts and time-spent all futile, as my operating system is outdated or doesn't support certain types of files, plus all the viruses, junks that's accumulated over the years. The last time we brought this to the repair shop was about 5 years ago. and it cost too much money. will it be possible if i do the job, system restore the WHOLE thing, (back to manufacturer setting), buy an operating system AND an anti-'junk' scanner/remover? I was thinking also of looking up as much programs installed here, up on the internet to verify if they're only mere games so i could uninstall them.

many thanks guys.Sixteen years is a long time in computer hardware. Often you can upgrade to a computer that's 4-7 years old for a very reasonable price, and going from a 16 year old computer to a 5 year old computer is a really big upgrade.

Have you looked at the second-hand MARKET? Even if you're on a budget, there's a lot of value to be found. Look for a laptop with many listings from multiple sellers -- this usually indicates that the machine was used in large quantities by large organizations who later upgraded all their inventory, flooding the used market with decent machines. These laptops also have the benefit of aging well, because many of them never left an OFFICE desk.

If you're working on media projects, I might recommend getting a 256 GB SSD, and 8 GB of RAM, with an i5 processor. This appears to be a"sweet spot" in performance/price, and would handle apps like Adobe Creative Suite just fine.

Example Ebay search:

https://www.ebay.com/sch/i.html?_from=R40&_trksid=m570.l1313&_nkw=i5+laptop+8+GB+RAM+256+GB+ssd&_sacat=0&LH_TitleDesc=0&_udhi=350&_odkw=i5+8gb+ssd&ssPageName=GSTL

If nothing else, this will give you an idea of what a comparable model would cost. It's good to know what the market is getting for decent second-hand computers when making a purchasing decision.Quote from: tonyshaw on November 12, 2018, 07:02:46 AM

My mother-in-law gave us this computer I believe it was purchased back in 2002, it's compaq, the operating system is xp-sp3.. if this make sense.
Anyway, lately i've been getting into videos and presentations and my efforts and time-spent all futile, as my operating system is outdated or doesn't support certain types of files, plus all the viruses, junks that's accumulated over the years. The last time we brought this to the repair shop was about 5 years ago. and it cost too much money. will it be possible if i do the job, system restore the whole thing, (back to manufacturer setting), buy an operating system AND an anti-'junk' scanner/remover? I was thinking also of looking up as much programs installed here, up on the internet to verify if they're only mere games so i could uninstall them.

many thanks guys.

This Certified Refurbished product is tested and certified to look and work like new. The REFURBISHING process includes FUNCTIONALITY testing, basic cleaning, inspection, and repackaging. The product ships with all relevant accessories, a minimum 90-day warranty, and may arrive in a generic box. Only select sellers who maintain a high performance bar may offer Certified Refurbished products on Amazon.com
HP 8300 Intel I5 Quad-Core 3.2 GHz Processor
What's Inside: 8GB RAM, 500GB Hard Drive, DVD Optical Drive,
Operating System: Windows 10 Professional
Includes: USB Keyboard and Mouse,

› See more product details
Compare with similar items
Renewed (19) from $179.50 & FREE shipping.

Can someone recommend a decent "free" firewall download for my
work Micron 64 meg (chinese ABACUS!!!!) i'm tired of running my Ad-AWARE twice a day!
I HEARD ZONE Alarm is a good free firewall.

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jspQuote

I heard Zone Alarm is a good free firewall.

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

http://www.comcen.com.au/~fed/sygate.zip

Quote

I heard Zone Alarm is a good free firewall.

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

THANKS ANDREW!
lol "dumbass me" << I waited 15 minutes to download the free 13 MB file, then at the end it told me it was not compatable with my ol widows 98 , ;-0
should have done my homework before installing, thanks for your info though*

I followed all the instructions as directed by EvilFantasy's posts suggested by BatchRocks.

Since I got a Dell Dimension 4100 used on Ebay over a year ago, the "problems" have been getting more frequent. It's running Windows XP Pro w/SP2 and automatic updates, but Microsoft says there's a problem and it may be an "illegal" copy, and I didn't pursue that because I can't afford to buy another one. The COMPUTER goes "nutsy", I lose mouse control, cursor goes all over, start menu and various windows open on their own, IE windows close, FreeCell "freezes", Taskbar &AMP; Property windows open, new icons appear on desktop - like new Excel doc, and I never use Excel. And other strange things that I can't begin to remember.

Before starting on the instructions, I uninstalled IE, having downloaded Firefox earlier. I also uninstalled Spybot and my Malwarebytes AntiMalware (downloaded & reinstalled later when instructed.) And I removed previous owner's "Window Washer" (I never used it) and a Cyberdefender Identity Toolbar that I thought I'd removed a long time ago.

The computer was obviously a trade-in and I was surprised that the place I bought it from hadn't removed previous owner's "stuff". I eventually removed his documents, photos, and some other things but there's STILL some old stuff left. For EXAMPLE, something for "Party Poker" in one of the logs is *not* mine. Also in one of the logs are references to Weatherbug and a few other things which I'm sure I removed long ago.

One of many confusing things I noticed are tracking cookies in the AntiSpyware Log mentioning "Cody" (my grandson). I regularly cleaned out all cookies and the only way I can imagine there were still "Cody" cookies is because for a short time a long time ago he had his own "account" on this machine, but we didn't use it for long.

I greatly appreciate any help!! Thank you!!!!!

*******************************
Malwarebytes' Anti-Malware 1.34
Database version: 1783
Windows 5.1.2600 Service Pack 2

2/21/2009 4:55:00 AM
mbam-log-2009-02-21 (04-54-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116409
Time elapsed: 51 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No MALICIOUS items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


[attachment deleted by admin]

That looks good. Please tell me how your computer is working before we cleanup.As FAR as I can tell, everything works as before. I didn't notice any irregularity.Ok. We can do some cleanup.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
********************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you BEGIN.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*********************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security ADDON for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!Done! Thanks for your help, Dave.

I only have one more minor thing:
- Secunia Software Inspector keeps telling me that my Java and Adobe Flash Player are not up-to-date, although I downloaded the newest versions and restarted the computer. Furthermore, the update programs Secunia offers (right below "Update instructions") seem not to work. When I open them nothing happens. I got the newest versions now from the official Java- and Flash Player-websites. STILL Secunia says, they are not up-todate

- can I be sure that what we removed from my computer was really ZeuS? Can I use my computer for banking and the like without concern?

Thank you again for your help. You already saved my digital sit-upons twice!

TilmanQuote

Secunia Software Inspector keeps telling me that my Java and Adobe Flash Player are not up-to-date, although I downloaded the newest versions and restarted the computer. Furthermore, the update programs Secunia offers (right below "Update instructions") seem not to work. When I open them nothing happens. I got the newest versions now from the official Java- and Flash Player-websites. Still Secunia says, they are not up-todate.

can I be sure that what we removed from my computer was really ZeuS? Can I use my computer for banking and the like without concern?

Users looking for the latest and greatest video software may not just be in danger from media lawyers. Security firm Panda Software last week warned that zCodec, which claims to offer "up to 40 percent better (video) quality," is in fact an adware program that can install Trojans, rootkits and other malicious software.
zCodec is freely available online and, as of Monday afternoon, was easy enough to find, offering downloads from its own website - zcodec.com. The SITE uses images from the films Sin City and Pulp Fiction, and claims zCodec will boost audio as well as video quality.
"zCodec is a multimedia compressor/decompressor which registers into the Windows collection of multimedia drivers and integrates with any application using DirectShow and Microsoft Video for Windows," the site states.
Media players use codecs (compressor/decompressors) to compress and play back digital media FILES, but in the real world, for a codec to make any quality difference, a file must be encoded using that codec.
The site, while reassuringly professional-looking, does have one glaring typographical error on the front page, linking to its "therms of use".
Panda's advisory last week revealed that the 100KB file is in fact adware, which "downloads and runs files, changes the DNS configuration and monitors accesses to several adult websites".
zCodec, formally known as Adware/ZCodec or Adware/EMediacodec, affects most versions of Windows and was first detected last week, Panda said.
When run, the program alters the system's DNS configuration in order to divert traffic to DNS servers of its choice, a technique SOMETIMES used as part of a phishing scam or to rack up CLICKS for advertising schemes.
zCodec also accesses a particular IP address to randomly select and download one of a collection of files. The files that could be downloaded include Ruins.MB, a Trojan horse that uses rootkit techniques to conceal itself, Panda said. zCodec could also download an online casino program.
A second file launches every time the user STARTS Internet Explorer and monitors Web usage. Panda said its software can remove zCodec. <
i read about this a while backThere must be nasties there because I tried to download the codecs & my protection stopped me.

Hello everyone,,
I booted the PC this morning and it was telling me I needed to update my Adobe Flash Player, which I did. I saw no mention of this MCAFEE Security Scan Plus until the DOWNLOAD was complete. I immediately uninstalled the McAfee but now I'm not happy about having the Adobe Flash Player on my system. Is there an alternative piece of software I could USE that does not sneak in UNWANTED programs onto my computer by the BACK door?Hi
It is ticked in the middle box on the download page you have to un tick it if you don't want to install McAfee . This is the price of free software.

I use Zonealarm Ver 7.0 along with adaware and spybot w/tea timer. My ZA is a combo firewall a virus scan and just today started picking up this "Worm.Win32.Huhk.c", I am not able to access some sites that require Java or do any downloads includes MS updates for XP. It quarantines it but it keeps coming back, any ideas whats up. I select the more info link in ZA but it can't tell me anything about this. See screen capture fm by pc.


[saving space - ATTACHMENT deleted by admin]1. Run free online scan at: http://housecall.trendmicro.com/
The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\
Post HouseCall log.

2. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

SUPERAntiSpyware should be run in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current DATED log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Thanks for the post back, ref #1. At the Trend Micro site when I select scan I get " HouseCall requires that you activate at least Java Script. If you would like to continue, please activate Java Script in the browser settings and reload the page!" I tried STEP 2 but since I have had this infection I cannot download anthing from anywhere, really weird.Quote

" HouseCall requires that you activate at least Java Script. If you would like to continue, please activate Java Script in the browser settings and reload the page!"

I ask, because I don't know - but it seemed odd.

As regular readers of my posts - and I'm sure I have legions of fans - know, I have recently removed all NORTON products from my machines and installed Kerio's firewall.

On one of my PC's, I just added Kerio yesterday - so she's not fully "trained", as it were.

So I was logging into that PC remotely today - using LogMeIn (almost as good as GoToMyPC, but free). And, of course, Kerio wanted to protect the PC from the REMOTE attack.

But it had already ALLOWED the login - so all I had to do remotely was CLICK on the PC's "Permit" button, and it allowed me to continue unfettered.

Now, I had already been through three levels of PASSWORD protection as part of LogMeIn, so I'm not horribly concerned, but shouldn't Kerio have absolutely denied me all access?

Or am I misunderstanding all of the nitty-gritty of a firewall?

my computer was shuting down too ofthen so i formatted it, but when installing a window pops up that says my HARD disk is messed up. so now i went and BOUGHT a new hard drive. i have 2 hard DRIVES one with alot of important info on it. at the same TIME a virus could be on that hard drive. should i STILL have the d drive connected to my new c drive?
and can viruses damage hardware?you may have a boot virus? and can they damage hardware>.http://www.virus-scan-software.com/virus-scan-help/answers/what-can-viruses-do.shtml what o/s is this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:36 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ActivCard\ActivClient\acautsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ActivCard\ActivClient\acachsrv.exe
C:\Program Files\ActivCard\ActivClient\acevents.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Documents and Settings\jsu\Desktop\AVG Anti-Spyware\guard.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\mcconsol.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Folder Lockbox\flockbox.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Tencent\TM2008\Bin\TM.exe
C:\Program Files\Tencent\TM2008\Bin\TXPlatform.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\jsu\Desktop\killer_msnphoto.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\jsu\rah.exe \o
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\ADOBE\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [flockbox] D:\Folder Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [hipg] C:\WINDOWS\system32\hipg.exe \j
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy ?? - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 新增到QQ自定義面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - d:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\TM2008\Bin\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - d:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: SSO Wizard - {48428AD9-F53A-4c40-AC16-41DB6A2B67C6} - C:\Program Files\ActivIdentity\SecureLogin\localhero.dll
O9 - Extra 'Tools' menuitem: SSO Wizard - {48428AD9-F53A-4c40-AC16-41DB6A2B67C6} - C:\Program Files\ActivIdentity\SecureLogin\localhero.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - D:\PPLive\PPLive.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: AE°TQQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQiA2E1??sIoEeOA - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://cc.cadence.com
O15 - Trusted Zone: crm.cadence.com
O15 - Trusted Zone: crm-chs.cadence.com
O15 - Trusted Zone: crm-cht.cadence.com
O15 - Trusted Zone: crm-eng.cadence.com
O15 - Trusted Zone: crm-jpn.cadence.com
O15 - Trusted Zone: crm-kor.cadence.com
O15 - Trusted Zone: srvcrmws.cadence.com
O15 - Trusted Zone: srvcrmws01p.cadence.com
O15 - Trusted Zone: srvcrmws02p.cadence.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan OBJECT) - http://www.kaspersky.com.cn/webscanner/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://labs.jaduka.com/VaxSIPUserAgentCAB.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214863331625
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.cadence.com
O17 - HKLM\Software\..\Telephony: DomainName = global.cadence.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.cadence.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = global.cadence.com
O20 - Winlogon Notify: acautsrv - C:\Program Files\ActivCard\ActivClient\ackpbsc.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivCard\ActivClient\acunlock.dll
O20 - Winlogon Notify: opnnkiHY - opnnkiHY.dll (file missing)
O20 - Winlogon Notify: SLLgnEvt - SLLgnEvt.dll (file missing)
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard Corp. - C:\Program Files\ActivCard\ActivClient\acachsrv.exe
O23 - Service: ActivCard Authentication Client Service (acautsrv) - ActivCard Corp. - C:\Program Files\ActivCard\ActivClient\acautsrv.exe
O23 - Service: ActivCard Middleware Service (Accoca) - ActivCard Corp. - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: ActivCard Event Service (acevents) - ActivIdentity - C:\Program Files\ActivCard\ActivClient\acevents.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\jsu\Desktop\AVG Anti-Spyware\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Cadence VPN\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 17999 bytes
Welcome to CH.

Download MsnVirRem.exe to your desktop from one of the following mirrors.

• Mirror 1
  
• Mirror 2
  
• Mirror 3

• First close any other programs you have running as this will require a reboot
• Double click MsnVirRem.exe to run it
  
• Once open, click the button labeled Search and Destroy
  • Your computer will now be scanned for Infected Files
• When scanning is finished you will be prompted to reboot only if infected, Click OK
  
• Now click the REBOOT Button.
  
• After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
• A Message should popup from MsnVirRem if not, double click the program again and it will finish

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

The program files can be backed up onto a CD or flash drive.

Try to download and run this.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• On the main window, CHECK the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
• Check all boxes in Section 5, labeled Registration Center.
• Click Go
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done

if you're using xp or vista and have system restore points, I'd have just restored to an earlier date. However .... first complete the fixes that are already in place

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

Quote from: mcxeb52! on August 22, 2008, 03:05:17 PM

if you're using xp or vista and have system restore points, I'd have just restored to an earlier date. However .... first complete the fixes that are already in place

It's best to follow the instuctions evilfantasy gave.

Yes very well, I will do as you stated BTW I cant download HJT it wont let me with the links being stupid.

It may seem fine, but the virus might be still on your computer.

I recommend you continue with posting the logs/following our instructions etc.

Hello,

First time user; My computer will not LET me log into safe mode or normal mode. My computer shows that I have spyware. However when i was able to GET into safe mode i ran all my stuff to remove it and it seemed fine. However, now when I turn my computer on it asks me to long into my account. However, my name is the only one that appears at the beggining with no opportunity to put in a password. I click on my account and it says loading settings, however when it starts to load, it then automatically starts to log out. WHen i try to start in safe mode the two accounts that come up are administrator and then my name. Once again i click on my name and it does the same thing. However the administrator option allows me to put in a password but i do not know what that is.Does that make sense to anyone?? Please email me at <Removed> if you can HELP in anyway??

thanks!

email removed to avoid SPAM botsDon't enter any password on the administrator account. Just hit enter. See if it logs you on.I tried that and it doesnt work??

okay I think I did everything right thank you again Evilfantasy I really appreciate it.Uninstall Java(TM) 6 Update 5

I thought I might be able to find where they are installed by that log but I don't see it. Have you tried deleting the desktop shortcut and reinstalling SPYBOT?
I uninstalled the Java(TM) update.
Deleting the shortcut worked.
Now I am confused as to how to use this http://www.majorgeeks.com/Karens_Replicator_d3917.html

Thanks again.Download the software and use it to backup your IMPORTANT files. Put them on a disk or flash drive.

http://www.karenware.com/powertools/ptreplicator.aspIts downloadedI think you misunderstood. I do not know how to use this software. I tried to find a tutorial but couldn't. I don't know what anything means. you said you weren't to familiar with this program so maybe if you could direct someone to me that does...

I don't wanna be a bother I see all the threads you all are dealing with its just I learned so much since the start of this POST,and I just want to have a clean system backed-up instead of the dirty ONE....

Maybe one day I can help ya all out

Also I am in no rush,deal with the people who have infections first.Try this first. I forget that XP has a backup utility built in.

http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx

Do this to remove all unstable older versions of Flash.

Download the Flash PLAYER UNINSTALLER and save it to your desktop.

Run the uninstaller program and then reboot your computer to complete the uninstall.

Download and install the latest VERSION of Flash Player.

You may need to restart for the CHANGES to take effect.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45, on 2008-08-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper CLASS - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: smss.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Dell WIRELESS WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6500 bytes
I don't know what's wrong.

Try making a POST in the Windows forum. Maybe someone there will have some knowledge on the error.

It can often TAKE up to a week to get accepted, sometimes longer during the summer. Just be PATIENT and I'm sure you'll hear SOMETHING from them soon enough. If not, you can ALWAYS try applying somewhere else.Quote from: CBMatt on August 22, 2008, 04:36:56 PM

It can often take up to a week to get accepted, sometimes longer during the summer. Just be patient and I'm sure you'll hear something from them soon enough. If not, you can always try applying somewhere else.

if you are looking for a lifetime anti-virus, malware and spyware protection' and USING a genuine copy of Windows OS' you can get their free security software for this...

...INTRODUCING Microsoft Security ESSENTIALS'
...you can download it from http://www.microsoft.com/Security_Essentials/'
Well I guess that is one of our recommendations for antivirus software.

Just not sure why you have worded it in such a way that it is new. It is ACTUALLY fairly SET in, now.

I will keep the topic here, instead of sending it to the trash.

Has anybody had problems with CA, which I think stands for Computer Associates, the internet security service provided free by Road Runner?

When I first signed up with Road Runner I had Norton security, but when my subscription ran out I decided to try the free CA, SINCE Road Runner promised it was just as good, and free. I had nothing but trouble with it. Among other problems, my personal files would take ages to load, even if I'd just shut them, and every website I visited I would GET a message from Google telling me the site had become unresponsive.

Someone told me to uninstall it and and use Microsoft Essentials instead, and my computer's been ZIPPING along at proper speed since.

This is a true account of my experience, and I do not WORK for Microsoft.

Good move. MSE is not a resource hog unlike some other AV's