Explore topic-wise InterviewSolutions in .

So here is whats going on. I scaned my computer with Spy sweeper, Ad-Aware, Spybot S&D and even Norton Anti-Virus. All of them detect it but cant seem to remove it. Even though it says that it got removed from my computer. All the pop-ups that are caused by it are overwhelming and my computer is practically unusable..............What should I do???

I use Windows XP professional.1. Download VirtumundoBegone (http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe) and save it to your desktop.

2. Now reboot into Safe Mode.

1. This can be done tapping the F8 key as soon as you start your computer

2. You will be BROUGHT to a menu where you can choose to boot into safe mode.

3. Select safe mode with networking using your arrow keys on the keyboard and then press enter.



3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.

4. Exit when it has finished, and reboot back to normal mode.

Next steps, when you're done.I downloaded and then restarted in safe mode, but it did not find anything.... and when i scanned with spy sweeper and it found it again.... I really dont know what to do....

I appreciate your time trying to help me It's OK. It was just first step. We'll have few more...

1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:19 AM, on 1/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\LOGITECH\QCDriver\LVCOMS.EXE"
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader SPEED Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown OWNER - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (EXPERIMENTAL) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6774 bytes
You need to run ALL three programs (HJT as the last one), and post ALL three logs.

Quaxo done f'ed up.

Alright, here's the story. Someone (a trusted person) forwarded me an e-mail through my Hotmail account. Attached were TWO pictures. I went to open one and in the opening, I noticed something strange... it was fast, but I could see more downloaded than just that picture.

My IE homepage was reset to www dot daemon-search dot COM (not advisable to visit that site). I set it to my normal about:blank homepage and it hasn't been changed again, but I want find and elminate whatever else came with it. (Firefox was untouched by it as far as I can tell).

I've attached a HijackThis log and AVG is in the process of scanning my entire system right now. Until that finishes, could someone have a look through of the log and see if there's anything that shouldn't be there? I'll post back with any virus findings as soon as that's finished. Thanks guys.

[file cleanup - saving space - attachment deleted by admin]Quote

Someone (a trusted person)...Attached were two pictures...I went to open one

with regards to the regseeker back up the box was not checked so therefore it did not make backups of the stuff i deleted (silly me)

i have removed the restore points and created a new 1

i have reinstalled msn and wm player put it still persits? NEVER mind it is not a major problem just will have to sort out soon..
once again many thanks for all you help
all th best
MattRestoring the registry probably wouldn't have worked anyway; I was simply curious. But nothing we've removed should be causing these problems. At the moment, the best suggestion I can think of is to CHECK for the latest drivers/codecs. You may also want to TRY taking this over to the Windows or Software section of the forum. You'll have a better chance of running into someone who has dealt with this sort of problem more and WOULD have a better idea of how to fix it. My primary focus is malware. Heh.i completly understand what you say, i have no problem with that just thought you may have an inkling as to what it was, like i said before it is not major, i am not too worried but am awere that it needs sorting soon,

i registered wwith the sites you gave me so will be on my way to learning how to decipher the logs i have ALREADY picked up a little from the practice logs so thank you for that
all the best
Matt

Hi...
I started having problems with my PC a week ago. I read your forum tips, and did everything including reformatting the drive. The problem I think I had was corrupted WINDOWS files I reloaded my genuine windows, and it worked great--for about two days. since I started reloading my old programs however, it has really slowed down a lot. I think i may have accidentally re-aquired the same thing I had before....can you tell me if you see anything wrong with this so i dont have to start over again?

Computer info:
Windows XP pro, version 2002, Service Pack 2
registered copy.

AMD Athlon 64 processor
3700+
2.2 GHz, 1gb ram

I use Norton (the free edition), and pc doctor (google pack version)

here is what Hijack This says:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:01 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
BOOT mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Robert Gilligan\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra BUTTON: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199764624390
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA DISPLAY Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\SPYWARE Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4059 bytes


Any advice would be greatly appreciated. thank you

Rob
Nothing showing as malware in the log.

There is no free edition of Norton. And there is no antivirus at all in the log.

Spyware Doctor will slow a computer down. You may want to use something different.
SUPERAntiSpyware or AVG Antispyware Free Edition.

I would suggest installing AVG Free Antivirus also.

Your Java is out of date. The new version is Java 6 update 4 and can be downloaded HERE Remember to go to add/remove programs and uninstall any old version found.

Try uninstalling Spyware Doctor and see if there is an improvement.

I have tried and tried to delete a program called SPYWARE TERMINATOR,unsuccessfully...I have tried evry method i can think of,including downloading a program,going into EXPLORE and trying to remove the folder,KEEPS saying is protected or is being used???..I am left to believe that this fing program is spyware itself!
Any help would be much apreciated....I want this crap off my pc!
ThanksI take it you have already tried to uninstall it? What went wrong during the uninstall?
One way to recover from a failed uninstall is to actually install the software again and then do another uninstall.
If you still have files or folders that wont go away after trying this then download MoveOnBoot.

If you decide to use moveonboot I recommend you do a registry scan with CCleaner afterwards to remove any leftover registry keys.
Spyware Terminator is listed as a rogue APP which means it may be diffult to get rid of completely...
Follow Deerpark's suggestions above and let us know how it goes...you may need surgery.I think that depends on what Spyware Terminator it is patio.
http://spywarewarrior.com/rogue_anti-spyware.htm

As far as I know this Spyware Terminator is completely legit.
http://www.spywareterminator.com/

But if you've heard something else I'd of course like to know so I can add it to my no-no list. Quote from: Deerpark on January 10, 2008, 12:54:59 PM

I think that depends on what Spyware Terminator it is

there is a free and paid version

Open Windows Explorer.
Navigate to:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
You'll see hosts file in right pane (no extension)
Open that file in Notepad.
Add following line to it:
127.0.0.1 www.bhf.org.uk
Go File>Save
Exit Notepad.
Restart computer.
Let me know, if that tab is back.

BTW...what is your Firefox home page set to?
Sorry Broni - we are 2 HOURS ahead of you here, I went to bed before receiving your LAST post. Will carry out your instructions and get back in an hour or so.
Its 9:55 a.m. here right now, so I doubt at 7:45 a.m. you'd be too active - yet. I carried out your last instructions, optimistically opening up my browser - uh, oh there was my "friend" back again.

My home page is set at
Aha! Having just copied the address to here - I see the cussed British are included in it. I wondered why it was so long! What would you suggest now?

Bill.
Should have tried this before I replied. I copied my home page for Mozilla to the previous reply and bingo! -
there was the address for the British thing attached to my home page address. I have deleted beyond the legitimate home address and then corrected it under Options. Started fresh and no Brits present. Does this sound like I am "out of the woods"?

By the WAY Broni, would it be coincidence that both this problem + the TROJAN dilemma would happen at virtually the same time? Or could the virus somehow have been attached to the Brit URL?

Thanks,

Bill.Quote

Does this sound like I am "out of the woods"?

By the way Broni, would it be coincidence that both this problem + the Trojan dilemma would happen at virtually the same time? Or could the virus somehow have been attached to the Brit URL?

The BBC has put out a warning about a stealth Virus (See link below) Will scanning with AVG ANTI Rootkill find this virus? (As well as using AVG Anti virus) I don't have a problem with it at the moment, but if infection can be avoided I would prefer that!

http://news.bbc.co.uk/1/hi/technology/7183008.stmQuote

Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus.

Yes, I have McAfee firewall and yes my Windows XP firewall is off.I need new HJT log.Here's the new HJT log:

Question regarding your last list of instructions: after step 4. Click on "Fix checked" button, I got a pop-up which gave a choice of "yes" and "no". I clicked on "yes" which was fix or remove what was checked. I hope that was correct. Also, after making hidden files VISIBLE (I actually already had that checked, probably from another time - should I uncheck that later to make things invisible again?), I went into C drive. There were a bunch of folders: WINDOWS, iPOD, WINAMP, etc. and some other INDIVIDUAL files, but I did not see ANY individual .exe files. If the "winstall.exe" file was there for me to remove, would it have been at that initial level in the C drive or buried further down inside ONE of the folders? (just want to make sure I followed instructions properly)


[file cleanup - saving space - attachment deleted by admin]Quote

I got a pop-up which gave a choice of "yes" and "no". I clicked on "yes" which was fix or remove what was checked. I hope that was correct.

There were a bunch of folders: WINDOWS, iPOD, WINAMP, etc. and some other individual files, but I did not see ANY individual .exe files.

my firewall gave me another SQL Slammer attack message

I thought this pop-up meant my machine was infected.

Hello Forum. Every time I run Ad-Aware SE free edition I get a message TELLING me that my definitions are old. Today it said 16 days old. Do you want to update now? I say yes , it connects and it says there are no updates to download. I faithfully updated them every Monday. But now, everytime I go to update they say there are no updates. Should I remove the program and then reinstall or is it true that there are no updated definitions right now. I have WIN XP , IE 6.0, lots of disk space. Everything else is updated. AVG etc. I tried Spybot but it doesn't PERFORM as well as Ad-Aware. Is anyone else having this problem with Ad-Aware SE? Any help would be appreciated. ThanksThe SE version is being phased out this month and will no longer have updates...travel to their SITE and DLoad and install the new Free Edition.

P.S. You should STILL use Spybot as they track 2 different things......New free edition is called Ad-aware 2007Hello Forum> Thanks for info. I downloaded Ad-Aware 2007. It UNINSTALLED the older SE edition. Also , how is Spybot different from Ad-Aware ? I thought they did the same thing. And is it always better to have both? Spybot runs much slower. Thanks again.Quote

is it always better to have both?

here is the log file for dr.web and a new hjt log.

cheers.



[file cleanup - saving space - attachment deleted by admin]Have Hijackthis FIX this entry.

O4 - Global Startup: DIGITAL Line Detect.lnk = ?

Other than that everything looks fine.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /u
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

----------

PLEASE download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive PROGRAMS alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt2

I can be reached either way.

Closing steps.......

Please download OTMoveIt2 by OldTimer

• Go to Start > All Programs > Accessories > System Tools > System Restore
  
• Select Create a restore point, and click Next.
  
• Next, go to Start > Run and type in cleanmgr
  
• Select the More options tab
  
• Next to System Restore click Clean up...

Hey All,
I'm a newbie to the forum, so bear with me please. I have and older computer running Win98se, that I've been running the Ad-aware and Avira anti-virus for a couple of years and now both of these have stopped supporting Win98. I know that its the old O/S but I really don't want to try and update to Win2000 and take a chance on losing my systems functions DUE hardware problems.
What I need is a good recommendation for ad-aware and anti-virus for Win98 that is still supported. Or should I just try Win2000pro and hope for the best? I've looked at the web for free soft ware but nothing I've seen compares to the ones I was using.
Greg On this forum we usually recommend AVG for people looking for free anti-virus. And according to the product page it supports win 98. (I don't have a win 98 machine so I'll have to take their WORD for it.)

When it comes to anti-spyware you should have a look at SUPERAntiSpyware, it also claims to support win 98. The only major downside to the free version is the lack of real time protection, you can only do manual scans. For me it doesn't really matter though. I practice safe surfing and only use superantispyware to do an occasional check up or to scan a suspicious file.DeerPark,

Thanks for the reply, I looked at AVG and didn't see that they were supporting win98, and I'll
look into the other Superantispyware. Thanks again Glad I could help. gehammack:

Win98SE here.

AVG still works fine.




From the stamp on a recent incoming email:
Quote

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.7/1232 - Release Date: 1/18/08 7:32 PM

WillyW,
Thanks for the info even though I'm a bit LATE! The working of the Ad-aware and Avira anti-virus wasn't the problem, they both do still work, but the sites now provide NO support, updates.

I switched over to AVFree for anti-virus and Sypbot search and destroy. They are both support updating for Win98se and seem to work.Some of us are just not sure about the next step like to win2000 which I use at work and like, just cann't afford to take the home computer to the next step.
Thanks again!!!!!

hello, I was wondering if anyone COULD recomened a good anti spyware program with good real time protection. Its hard to trust sites with reviews, they all seem to be selling it as well. Save your hard-earned, see here.

My recommendations: AVG (free) Zone Alarm (free) SpywareBlaster (free) with CCleaner (free) AdAware (free) and Spybot S&D (free) for scheduled maintenance.

I also use ERUNT (free) for REGISTRY Backups.

Do not recommend that you should spend (waste) your hard-earned on any SYMANTEC (Norton) product unless you have a sure-fire cure for headaches.



The only free anti-spyware-malware program, I'm AWARE of, which runs in real time is ThreadFire: http://www.threatfire.com/

I tried to do my own reading and learning and there is enough SITES that have endorsements both negative and positive.

I know this is the place to go to get the right answer.

Thanks, TomWhat it is? It's a debugging tool.
http://support.microsoft.com/kb/308538The page spoke about 'PROGRAM errors'. How should I take that? Is a pc beginning to show signs of old age, is too much going on at one time and it is a doctor SIGNAL? When an application crashes drwtsn32.exe collects info about your computer such as OS, what programs you have running, technical details about the crash and so on. This info may be used to diagnose why the program crashed.
That's about it really.

But there's about a million different reasons for why a program might crash. So if something is crashing you will need to post more info on the computer in question.
It happened only once and that was yesterday. I will try to read and UNDERSTAND microsofts instructions on how to submit the error report and get it analyzed. If I can find it.

I presume YESTERDAYS ocurrence was one of those million reasons you spoke of and could be nothing at all. I used this thread catagory because I thought it may be possible it was some malware that caused the crash.

If it happens again I'll post a new thread. Thanks for now, Tom

Ok, when I go to search in Google, you know that "list" of previous searches that pop up? Sometimes I have spam in there! And its always horrible and perverted things. They look like random keywords.

I have NO idea how they get there. I dont know if I got a VIRUS, or spyware, or what? Nobody uses my computer but me, and these words keep appearing in my search history.

Does anyone have any clue what is causing this? Or what could possibly cause this corruption? Or heard of a virus that does this? Where are these words coming from in my search BOX??

Any help or ideas would be greatly appreciated!I don't have any "list" of previous searches that pop up...

You better...

1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After INITIALIZATION is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the LEFT, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to EXIT the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Just out of curiosity, are you talking about windows Auto complete?
Quote from: solotekk on January 12, 2008, 08:12:19 PM

Just out of curiosity, are you talking about windows Auto complete?

Maybe you ran a SCAN, but you didn't save it to a new log. After you click on "Scan" button, scan runs, and when it's done, "Scan " button changes to "Save log" button, which you have to click in order to save new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:58 PM, on 1/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\YAHOO!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://kingkongsearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wrestlingrealm.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\Users\David\AppData\Local\Temp\hggff.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and RECORD Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\David\AppData\Local\Temp\ddcya.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\David\AppData\Local\Temp\hggff.dll,c
O4 - HKCU\..\Run: [DDC] C:\Users\David\AppData\Local\Temp\dxohdjyh .exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [5e84c498] rundll32.exe "C:\Users\David\AppData\Local\Temp\futmxoyi.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0030891201294535) (0030891201294535mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\003089~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - SONIC Solutions - C:\Program Files\Common Files\ROXIO Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12521 bytes
OK. I didn't notice, that you have also Windows Defender running, which will interfere with cleaning process, as well, as TeaTimer.
We have to do this again.

*** Disable TeaTimer, as it'll interfere with HJT cleaning process:
* Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
o TeaTimer closes.

***Disable Windows Defender.
* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Uncheck Turn on Real Time Protection (recommended)
* After you uncheck this, click on the Save button
* Close Windows Defender

Then, run all steps from my post #8 again.
When you're done, post new HJT log.

Sorry for confusion.

I just bought a NEW Dell computer a few months back which came with 90 days of free Norton security, on our last computer we had McAfee. My 90 days are just about up and I'm not SURE if I should just renew with Norton or install the new McAfee. Would anyone know if there is a big diffrance in protection between these two, or if one is better than the other?
Thanks..........IMHO...forget about Norton, and McAffe. Both BEHEMOTHS, and resource hogs.
Uninstall Norton using Norton Removal Tool: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039, INSTEAD of Add\Remove.
Download, and install:
- AVG free antivirus: http://free.grisoft.com/
- Comodo free firewall: http://www.personalfirewall.comodo.com/
Disable Windows firewall before installing Comodo.I was also told that both Spybot - Search and destroy and Superantispyware are good anti spyware incase you need them.

You may try to access System Restore from command line.
Open Task Manager (CTRL+ALT+DEL), click on New task, type in:
%systemroot%\system32\restore\rstrui.exe
Click OK.

Open Task Manager (CTRL+ALT+DEL), click on New task, type in:
services.msc
Scroll down to System Restore
If its status is Stopped, right click on it, and click Start
Right click again, click Properties, and pick Automatically from drop-down menu.

i had scan and clean the virus with regrun ( reanimator) program..

Quote

i had scan and clean the virus with regrun ( reanimator) program..

See, this is the problem with some unknown programs. Often, they mess things up even more...
Do you have Windows CD, or Recovery CD?

i have windows cd...but this laptop need recovery cd

i have windows cd...but this laptop need recovery cd..i did'nt have it...laptop model is hp compaq nx6330. system winXp service pack 2.

EF. I am about to coach another newbie throught your process, I see its been updayed.

Q. Step 4 is intructing the download of an additional A/V program. What if they are already using a McAfree a/v subscription. Will they be running two a/v programs?If they already have an AV there's no need to install another one...this can lead to conflicts.Dr. Web Free is an On-Demand scanner. It has no active protection. It only runs when you want it to.

I am not sure how well one can coach if one isn't familiar with the tools needed.Sorry for the misnomer; you will be the coach doing the advising. I will just help them become COMFORTABLE with the C/H forum like I did. That's my coaching, teaching someone to help themselves.

Earlier I just had another question that you were able to answer; I hope you don't mind.

I'm sure if we FOLLOW your instructions, everything will work out well. We will start a new thread.

Thanks, TNO PROBLEM, I don't want to discourage you from helping. Just stressing the need to be careful with unknown tools.

It is good that you asked, blindly following someones instructions when they don't quite sound right is not advised either.



This is new and now I need some help. For some reason IE7 will not allow me to connect to any of the sites using the links in the 'read first instructions'. Did I make some kind of odd change in my settings?

I don't SEEM to be having a problem anyplpace else.

TYou are right, all of the links are not working.

Give me a minute to fix it.I don't know how that happened but it is fixed now. Thanks.

MRU lists contain information such as the names and/or locations of the last files you have accessed. They are located ALL OVER your registry, and for almost ANY FILE type. By looking at these MRU lists, someone could determine what files you opened/saved/looked at, what their file names were, and MUCH more! (And, in many cases, the lists are displayed in drop-down menus automatically.)

I'm online with an old friend. She doesn't speak English, so I'm posting for her.

Her computer is INFECTED with something. I'm trying to walk her through it. Here's HijackThis log. Could you take a look at it?

EDIT
She said AVG identified the virus as U.Z.A. O/S

[file cleanup - SAVING space - attachment deleted by admin]Excellent ! !
We've gone International ... Quote

I'm online with an old friend.

Actually, she IS single

Nice Bird...

Hi, I have Windows XP Pro SP2 with all updates applied.
I use McAfee Personal firewall and ESET NOD32 version 2.7.
I have a dual core Intel with 2gb of memory.

I was hoping someone with virus tracking skills could help me with this problem.

I think I have HALF a virus left on my computer. My Anti Virus software threw up an error some months back and DCOM crashed and restarted my computer. Although the ESET nod seems to have prevented the main body of the virus infecting my computer, I believe part of it still remains. I've been around PC's for some 20+ years so I'm quite proficient at sorting things out, usually, but haven't had much to do with DCOM/COM to which this appears to relate.

The problem stems from Generic Host Process for Win32 (reported by McAfee firewall output monitoring) which is constantly trying to download from various IP addresses around 250 kbp/s to two files in my C:\TEMP\ always beginning with IH???.TMP where ? is a constantly changing HEX number.

If I run Winternals filemonitor and process monitors I can see this is actually a process called "C:\WINDOWS\system32\svchost -k DcomLaunch".

Unfortunately that's about as FAR as my knowledge of DCOM goes, lol. I can use process monitor further still to go down to DLL stack/thread level on this, but wouldn't know where to begin.

I believe this is an essential process (at least I seem to need it for internet access!).

I've run a SFC /scannow and done a complete virus scan and defender scan and it reports back as being absolutely clean.
Apart from these 2 temp files being constantly created and then instantly deleted (continuously) and around 250 kbps of download speed being constantly hogged from my bandwidth (I assumed the data that's going into the temporary files), there seems to be no other ill effects. I presume this is because the main body of the virus is missing.

My way around it at the moment has been to deny access to the "SYSTEM" user for "C:\TEMP" and "C:\Documents and Settings\\Local\Temp", which seems to stop it in it's tracks completely.

The only problem with this solution is I have to change it back when running installs or setup PROGRAMS as they'll use the temp file folders and parts of them are run under the "SYSTEM" user profile account.

It would be nice to nail this sucker though so I can give SYSTEM temp file access again.

Any help would be greatly appreciated. Thanks for your time.There isn't half of a virus. The file/folder/process is either malicious or not.

We can't help to remove anything unless we actually see logs.

Let's start out by seeing a Hijackthis log and go from there.

Download HijackThis.exe

Double-click on the installer you just downloaded.
Click on the "Install" button to install.
It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Please do not change the default install location.
Upon install, HijackThis should open for you.

Next click on the "Do a system scan and save a log file" button.
HijackThis will scan and then a log will open in notepad.
Copy and then paste the log in your next reply.Look on the bright side...only 1/2 their data could be lost.

DCOMlaunch is a legitimate Windows service however unless you are networked to another machine i don't know what's causing it to launch so frequently...

Follow evilfantasy's suggestions as there may be something running/accessing it.

This chart is interesting.

http://www.eset.com/products/compare-NOD32-vs-competition.phpQuote from: evilfantasy on January 15, 2008, 11:29:43 AM

This chart is interesting.

http://www.eset.com/products/compare-NOD32-vs-competition.php

Not my intent by any means EF...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: ShopperReports - COMPARE product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167343560406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7968 bytes
OK....
Go Start>Run, type in:
regedit
Click OK.
Registry Editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
In Extensions folder, you'll see sub-folders (left pane) with alphanumeric characters (see attached image from my registry).
Find following sub-folders:
- C5428486-50A0-4a02-9D20-520B59A9F9B2
- C5428486-50A0-4a02-9D20-520B59A9F9B3 (same as the first one, except for last number)
Right click on each folder, click Delete
Close Registry Editor.
Restart computer.
Post NEW HJT log.

[file cleanup - saving space - attachment deleted by admin]Logfile of TREND Micro HijackThis v2.0.2
Scan saved at 7:16:38 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167343560406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7671 bytes
Very nice. Everything gone, and clean
How is your computer doing?

CCleaner time...
1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
2. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

Post back, when you're done.Did that. Thank you Broni. That was fun! Everything seems to be running great now. How often should I run the cleaner?

I have another problem that has nothing to do with what we've been working on but it's driving me crazy. It started about two months ago with emails. If I have an email from someone and we reply back and forth several times I get this message and they do to.

This message has been processed by Symantec's AntiVirus Technology.

Unknown00000000.data was not scanned for viruses because too many nested levels of files were found.


For more information on antivirus tips and technology, visit
http://ses.symantec.com/

There is an attachment and I have to open that up and reply to the person and when I reply it doesn't use my default email program. I had Norton anti-virus years ago so I went into search and found 39 Symantec files and deleted them. I thought that would stop it but it didn't. So I did another search and found 47 Norton files and deleted them. I thought that would SOLVE the problem but it didn't. I emailed Symantec and this is what they said.

Thank you for contacting Symantec Global Enterprise Customer Care.

You should not receive the message that you are getting unless a Symantec product is installed. Have you recently purchased a new computer that could have a trial version of our product?

If you are still using the same computer that you removed the Norton AntiVirus program from, there may be some files left on the computer. If it was the Consumer product (Norton AntiVirus 2006, Norton Internet Security 2007 etc) the link below has a removal tool:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2005011310334907&nsf=nsw.nsf&view=0&dtype=&prod=&ver=&osv=&osv_lvl=&seg=hm

I ran the removal tool and it's still happening. I don't know what to do next.

I'm glad, things are back to normal
Quote

How often should I run the cleaner?

There are these two icons on the desktop (namely, Windows Update and, Help and Support Center). I can't delete them.

It leads me to a site (storageprotector[dot]com) and I know that it is malware...

What do I do? Please help.

[SUPERAntiSpyware, ESET Online Scan and, HijackThis logs attached]

Thank you in advance.
P.S. [Advanced] Happy New Year!

[saving space - attachment deleted by admin]I can't see any firewall running, unless you're using Windows firewall???

Print out these instructions as we will need to close every window that is open later in the fix.

Download VundoFix:
http://www.atribune.org/content/view/24/2/

* Double-CLICK VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix APPEARS at reboot.

Post new HJT log.Hey. Yeah. I'm using Windows Firewall...

And I'm really sorry...

I did a few more things... And when I deleted the two icons, they never appeared again.
Thank you for the help anyway! Quote

And when I deleted the two icons, they never appeared again.

i have malware on my computer i keep poping up advertisment is the anyway to stop
it?1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is COMPLETE uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An ICON will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 KEY, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* BACK on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

Hello everyone! Im new to the forum but read the faq and have the attached logs as needed. Im getting an error message everytime i open a program that the image file for the program is missing. I also am noticing a very slow system. I know its a terrible description of what is happening but its really All I know as of this point. Thanks for the Help in Advance - JT

[file cleanup - saving space - attachment deleted by admin]Please update your JAVA: http://www.java.com/en/download/index.jsp
Uninstall any older Java version through Add\Remove

Quote

everytime i open a program that the image file for the program is missing

guys, my friend said that, i can use 2 antivirus in my desktop to be sure that i am secure from viruses. at first, i guess he got a point there but i am not sure if his advice is recommended or not?

more advice pls

tnxThat's a bad idea.
Many AV programs are not COMPATIBLE with each other and this can lead to system instability or at worst leave Windows unbootable.
It is a much better idea to just have one good AV program installed. You can then use the online scanners many AV companies PROVIDE to get a second opinion once in a while.
Another great tool is VirusTotal. You can use this WEBSITE to scan any suspicious file you might receive. The file will then be scanned by 20+ AV engines.dude, thanks for your advice. now i know the risk of using 2 AV. is there a site that can rate all antivirus software with stability and performance in HEALING the virus?

anyways, thanks a lotHere's a couple of sites.
http://www.av-comparatives.org/
http://winnow.oitc.com/malewarestats.phpAnti-Virus:
( choose one )
AVG
Avast

AdAware

Spybot Search and Destroy

AVG Anti-Spyware ( different than AVG AV )

WinPatrol

CCleaner.

This will give you a well rounded protection arsenal provided you update and scan regularly.

All the above are FREE.

I'm running Windows Vista and neither my CA antivirus software nor my SpySweeper software will turn on or allow me to do a sweep. I was using an internet based scanner to scan my system but then my computer froze and after about 5 MINUTES and a couple of CTRL ALT DEL's later I got back to the login screen with a message that said security error and again my comp was frozen. Any help would be GREATLY appreciated. Oh and one more thing... I'm not sure if this could be related, but after browsing my file I found a suspiscious folder labled Acceleration Software that seems to contain a bunch of random files and some mock anti-virus software. I tried to delete it but was told I needed permission... So I tried to change the permissions and told I wasn't able to... So I tried to change the owner and was once again, you guessed it, wasn't able to... HELP ME!!!Go here and read post 1 and do the steps in post 2.

Once we see the logs we will know more.Whew... Ok here's what I found...

Questionable Programs:
MSXML Parser
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
and something called XFire

Another thing when SpySweeper tries to start up upon login I get and error message that says "Could not locate valid definitions file. Please go to the Program Options page and click "Update Definitions" to download a definitions file." I did this and nothing happened...

The Super Anit-Spyware software you guys told me to download run ran until about 15,000 files then it just kept going through the same files over and over until I stopped the scan around 17,000 files...

And lastly when I try to run the Online Scanner you RECOMMENDED I got another error message that said something like "Cannot initialize... Administrative rights required."

And here are the logs you requested....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/23/2008 at 09:09 PM

Application Version : 3.9.1008

Core Rules Database Version : 3386
Trace Rules Database Version: 1380

Scan type : Complete Scan
Total Scan Time : 00:25:37

Memory items scanned : 584
Memory threats detected : 0
Registry items scanned : 6028
Registry threats detected : 0
File items scanned : 17306
File threats detected : 0

This is the Dr. Webb log...

popcaploader.dll;c:\windows\downloaded program files;Program.PopcapLoader;Incurable.Deleted.;
TRAINER.EXE;C:\Documents and Settings\William\Downloads\clses3mt;Trojan.PWS.Banker.3099;Deleted.;
Uninstall Fun Web Products.dll;C:\Program Files;Adware.MWS.origin;Incurable.Deleted.;


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:45 PM, on 1/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [MSCONFIG] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CCProvSP - TODO: - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ccprovsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7478 bytes

And thats that... thanks for all the help guys you guys rockQuote

MSXML Parser
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181) - Microsoft XML Core Services (MSXML)
MSXML 4.0 SP2 (KB941833)
and something called XFire - http://www.xfire.com/

• Click Accept.
  
• Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
  
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
  • 
    
    • Extended
    • Scan Options:
    • 
      
      • Scan Archives
        
        • Scan Mail Bases
      • Click OK & have it scan My Computer
      When the scan is done, in the Scan is complete window (below), any infection is displayed.
      There is no option to clean/disinfect, however, we need to analyze the information on the report.
      
      
      To obtain the report:
      Click on: Save Report As... (above - red blinking arrow)
      Next, in the Save as prompt, Save in area, select: Desktop.
      In the File name area, use KScan, or something similar.
      In Save as type: click the drop arrow and select: Text file [*.txt]
      Then, click: Save
      Please add the Kaspersky Online Scanner Report in your next post.
      
      ---------------
      
      Next post add
      Kaspersky log

Dzien dobry Broni,
Was just wondering what you consider the best firewall PROTECTION out there...free or inexpensive?

Dzieuje I use Comodo firewall, which I believe is popular. Though some of the settings seem to be a bit complicated. Though with the default settings, it RUNS fine. Maybe check http://www.snapfiles.com/Freeware/security/fwfirewall.html, and read some of the reviews...I too, am using COMODO Firewall Pro. (Pro is the free VERSION)
However, if you do not like it, you can TRY one of these:

Online Armor Personal Firewall
Outpost Firewall Pro
Jetico Personal FirewallI use Comodo, as well (two computers).
I tried also Online Armor Personal Firewall, which has very high rankings, but it had too many options disabled in free version, so I uninstalled it.Thanks everyone...Comodo sounds the way to go. Is there any settings I should be wary of so that my computer acts the same as it does with Windows firewall protection...OH, do I disable the Windows firewall before installing Comodo or just leave it as is?It won't act like the Windows Firewall because Comodo is not the Windows Firewall. That being said the standard settings for Comodo should be fine for you. It will ask you quite a few questions to start with in order to learn what programs is allowed to have internet access. When it knows your programs it will hardly ever bother you.
You will have to disable the Windows Firewall before installing Comodo. You should never have 2 software firewalls running at the same time.

I have a question about Norton Antivirus. I am currently USING the 2005 version of the software. Would it be wise to UPGRADE to the 2008 one now, or is it unneccessary? Can 2005 be used for a couple more years yet, or will there SOON be a time when it is unusable?

Thanks in advance!If it still updates it is safe. If not then it is time to buy a NEW subscription, or what would be more advisable is to download a free antivirus and firewall. We aren't big fans of Norton. Good choices to choose from are.

Antivirus:
AVG
Avast
Avira

Firewall:
COMODO (with full protection)
PC Tools
Outpost

Hello again,
Incidentals; Gateway
Microsoft Windows XP Professional 5.01.2600 Service Pack 2
Panda I. S. 2007
(K8) Athlon 64/Opteron HyperTransport Technology Configuration
AMD Athlon 64 X2 4600+ @ 2400 MHz
2048 MB (4 x 512 DDR-SDRAM )
Nvidia Corp GeForce 8600 GTS
DirectX : Version 9.0c

I tried to use the ESET scan; since I've seen the link on several posts here. I clicked yes to the terms. I was then prompted to install an Active X control. I've tried to install the Active X several times over the last several hours.

After I click install; I get one Eset scan start screen; after PRESSING Start; I get another start screen. After pressing start; the scan page opens and freezes with the Update error (108).

I turned off the pop up blocker, and the phishing filter, and even turned off my Antivirus and firewall for a few minutes; with the same results from Eset. I think the Active X control isn't down loading for some reason.

I'm not worried about spyware perse. My Panda I.S. 07 is about to expire and I'm thinking of switching to another A.V. program just wanted to sample Eset's scan tools.

I've had Panda for 2 years. It has worked reasonably well. That is I haven't had any trouble with viruses. Still I'm not too happy with their online support.



Thanks;
Tmc240Try to install ESET plug-in in Safe Mode.
You may also post HijackThis log to see what, eventually may be blocking that install.Thanks for the response Broni,

The scan went through the next day; and it didn't find anything.

I'll post a HIGH jackthis log in another post, one of these days. It's been a LONG while since I posted one. I depend on Ad aware and Spybot S D to keep most spy ware off this PC. I run those programs every day.

Thanks again.
Tmc.

It sounds like the updates did their job.

It is suggested to submit a fresh Hijackthis log so someone can go over it and make sure all of the entries are actually gone.

yes, evilfantasy, I agree and I'm real sorry but up till now I couldn't get the HJT report because I have no electricity these days (it's Baghdad, another story) and I'll post these reports as soon as I can, but do I still need the Autorun.inf folder in my flash drive, and will it do me good everytime I plug it in an affected pc?
thanksNo the autorun can be deleted. You will either need to DISINFECT the flash drive or reinfect every computer you plug it in to.

Or reformat it.At last, electricity is back and my machines are alive again, and here are the HJT reports for both of them, and sorry again for being so late. I hope they're as good as they look. Thanks Broni, evilfantasy, CBMatt, patio, and everyone who've helped me recover my machines as well as those who just viewed my post.
But, again, are you recommending me to reformat my thumb drive just to get rid of the dummy Autorun.inf folder? And would you advise me to any place where I can learn more of Flash_Disinfector?

[file cleanup - saving space - attachment deleted by admin]Quote

you recommending me to reformat my thumb drive just to get rid of the dummy Autorun.inf folder?

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u

• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Go to Start > All Programs > Accessories > System Tools > System Restore
  
• Select Create a restore point, and click Next.
  
• Next, go to Start > Run and type in cleanmgr
  
• Select the More options tab
  
• Next to System Restore click Clean up...

• Go to Start > All Programs > Accessories > System Tools > System Restore
  
• Select Create a restore point, and click Next.
  
• Next, go to Start > Run and type in cleanmgr
  
• Select the More options tab
  
• Next to System Restore click Clean up...

Interesting reading...In all farness...His ReplyOK you GUY's, I hope you have this all settled. I try my best to learn about you alls advise and put it to use.

This thread about Comodo has just completely lost and confused me. I am using CFP v3 (free / I guess that constitutes 'Basic'). Now, am I or am I not completely PROTECTED by a firewall? Should I RUN those leak TESTS? I'm not sure I will know what I am looking at when the tests are done unless at the END it just show a green highlighted OK.

Is the issue settled? Am I protected with good firewall?

I will wait till all of you have the chance to reply. Thanks, T. Quote from: tpolcha on January 24, 2008, 10:09:56 AM

I am using CFP v3 (free / I guess that constitutes 'Basic').

ComboFix 08-01-17.3 - Louie 2008-01-17 0:02:42.2 - NTFSx86
Running from: C:\Documents and Settings\Louie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Louie\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 19:15 . 2000-08-31 08:0051,200--a------C:\WINDOWS\NirCmd.exe
2008-01-16 15:21 . 2008-01-16 15:21d--------C:\WINDOWS\ERUNT
2008-01-16 15:19 . 2004-07-13 18:36d--------C:\Documents and Settings\help\Application Data\Symantec
2008-01-16 15:19 . 2004-07-13 18:40d--------C:\Documents and Settings\help\Application Data\Sonic
2008-01-14 22:18 . 2008-01-14 22:18d--------C:\Program Files\Trend Micro
2008-01-14 21:55 . 2007-09-24 23:3169,632--a------C:\WINDOWS\system32\javacpl.cpl
2008-01-14 21:53 . 2008-01-14 21:53d--------C:\Program Files\Common Files\Java
2008-01-14 19:26 . 2008-01-14 21:30d--------C:\Program Files\EsetOnlineScanner
2008-01-14 15:58 . 2008-01-14 15:58d--------C:\Documents and Settings\Louie\DoctorWeb
2008-01-14 06:30 . 2008-01-17 00:02d--------C:\Program Files\SUPERAntiSpyware
2008-01-14 06:30 . 2008-01-14 06:30d--------C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 06:30 . 2008-01-14 06:30d--------C:\Documents and Settings\Louie\Application Data\SUPERAntiSpyware.com
2008-01-14 06:30 . 2008-01-14 06:30d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 06:20 . 2008-01-14 06:20d--------C:\Program Files\CCleaner
2008-01-14 03:21 . 2008-01-14 04:51d--------C:\WINDOWS\BDOSCAN8
2008-01-13 12:44 . 2008-01-13 12:445,360--a------C:\WINDOWS\system32\tmp.reg
2008-01-13 12:43 . 2007-09-05 23:22289,144--a------C:\WINDOWS\system32\VCCLSID.exe
2008-01-13 12:43 . 2006-04-27 16:49288,417--a------C:\WINDOWS\system32\SrchSTS.exe
2008-01-13 12:43 . 2007-12-20 23:1181,920--a------C:\WINDOWS\system32\IEDFix.exe
2008-01-13 12:43 . 2003-06-05 20:1353,248--a------C:\WINDOWS\system32\Process.exe
2008-01-13 12:43 . 2004-07-31 17:5051,200--a------C:\WINDOWS\system32\dumphive.exe
2008-01-13 12:43 . 2007-10-03 23:3625,600--a------C:\WINDOWS\system32\WS2Fix.exe
2008-01-13 06:52 . 2008-01-13 06:52d--------C:\VundoFix Backups
2008-01-13 03:12 . 2008-01-13 03:12d--------C:\Program Files\Common Files\Cisco Systems
2008-01-13 03:12 . 2006-11-17 03:061,495,552--a------C:\WINDOWS\system32\epoPGPsdk.dll
2008-01-13 03:11 . 2006-11-30 08:50168,776--a------C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-13 03:11 . 2006-11-30 08:5072,264--a------C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-13 03:11 . 2006-11-30 08:5064,360--a------C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-01-13 03:11 . 2006-11-30 08:5052,136--a------C:\WINDOWS\system32\drivers\mfetdik.sys
2008-01-13 03:11 . 2006-11-30 08:5034,152--a------C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-13 02:26 . 2008-01-13 07:43d--------C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 16:02 . 2003-07-21 08:12102,400--a------C:\WINDOWS\system32\drivers\ianswxp.sys
2008-01-12 16:00 . 2008-01-12 16:00d--------C:\Program Files\Analog Devices
2008-01-12 16:00 . 2001-09-11 18:201,285,632--a------C:\WINDOWS\system32\SMMedia.dll
2008-01-12 16:00 . 2003-01-08 12:2349,152--a------C:\WINDOWS\system32\DSndUp.exe
2008-01-12 16:00 . 2002-04-17 16:0545,056--a------C:\WINDOWS\system32\CleanUp.exe
2008-01-12 16:00 . 2001-09-11 16:2030,208--a------C:\WINDOWS\system32\wdmioctl.dll
2008-01-12 15:57 . 2008-01-12 15:57d--------C:\Program Files\CONEXANT
2008-01-12 15:57 . 2004-01-21 13:571,041,152--a------C:\WINDOWS\system32\drivers\HSF_DP.sys
2008-01-12 15:57 . 2004-01-21 13:59675,840--a------C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-01-12 15:57 . 2004-01-21 14:02197,888--a------C:\WINDOWS\system32\drivers\HSFHWICH.sys
2008-01-12 15:57 . 2004-01-21 13:20125,638--a------C:\WINDOWS\system32\drivers\IBM0559.cty
2008-01-12 15:57 . 2003-04-09 16:0190,112--a------C:\WINDOWS\system32\mdmxsdk.dll
2008-01-12 15:57 . 2003-04-09 15:4811,043--a------C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-01-12 15:43 . 2008-01-12 15:43d--------C:\WINDOWS\SxsCaPendDel
2008-01-12 07:33 . 2008-01-13 12:55118,784--a------C:\WINDOWS\MXOALDR.EXE
2008-01-12 07:11 . 2008-01-14 16:32d--------C:\Program Files\Dot1XCfg
2007-12-29 02:38 . 2007-12-29 02:38d--------C:\Documents and Settings\Louie\.onion
2007-12-27 20:36 . 2007-12-27 23:29d--------C:\Program Files\NinjaSurfing
2007-12-27 20:36 . 2007-12-27 23:29125--a------C:\ioSpecial.ini
2007-12-27 15:22 . 2007-12-27 15:22d--------C:\Program Files\avijoin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 05:02---------d-----wC:\Program Files\Winamp
2008-01-17 05:02---------d-----wC:\Program Files\AIM95
2008-01-17 00:26---------d-----wC:\Program Files\Swarmcast
2008-01-17 00:25---------d-----wC:\Program Files\QuickTime
2008-01-17 00:25---------d-----wC:\Program Files\iTunes
2008-01-15 02:55---------d-----wC:\Program Files\Java
2008-01-14 08:07---------d-----wC:\Program Files\mIRC
2008-01-14 08:07---------d-----wC:\Documents and Settings\Louie\Application Data\mIRC
2008-01-13 17:37---------d-----wC:\Documents and Settings\Louie\Application Data\U3
2008-01-13 08:12---------d-----wC:\Program Files\McAfee
2008-01-13 05:37---------d-----wC:\Documents and Settings\Louie\Application Data\uTorrent
2008-01-12 21:01---------d-----wC:\Program Files\Intel
2008-01-12 21:00---------d--h--wC:\Program Files\InstallShield Installation Information
2008-01-12 20:58---------d-----wC:\Program Files\NetWaiting
2008-01-12 20:58---------d-----wC:\Program Files\Digital Line Detect
2007-12-29 11:22---------d-----wC:\Documents and Settings\Louie\Application Data\Vso
2007-12-09 18:5514,336----a-wC:\WINDOWS\system32\svchost.exe
2007-12-07 18:20---------d-----wC:\Documents and Settings\Louie\Application Data\Skype
2007-11-27 01:59---------d-----wC:\Documents and Settings\Louie\Application Data\Winamp
2007-11-19 05:33---------d-----wC:\Documents and Settings\DELETE\Application Data\AdobeUM
2007-11-14 07:26450,560------wC:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26721,920----a-wC:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26721,920------wC:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20360,064------wC:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:163,058,688------wC:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:431,287,680----a-wC:\WINDOWS\system32\quartz.dll
2007-10-29 22:431,287,680------wC:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40227,328----a-wC:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40227,328----a-wC:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:368,454,656------wC:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 15:2653,248----a-wC:\WINDOWS\bdoscandel.exe
2007-05-23 04:2947,360----a-wC:\Documents and Settings\Louie\Application Data\pcouffin.sys
2004-07-13 23:4159,751----a-wC:\Program Files\setuplog.txt
2004-07-13 23:4154,342----a-wC:\Program Files\uninstal.log
.


((((((((((((((((((((((((((((( [emailprotected]_19.29.03.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 00:16:15233,472----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 05:02:36233,472----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 00:16:168,192----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 05:02:378,192----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 00:16:16233,472----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-17 05:02:37233,472----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-17 00:16:168,192----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 05:02:378,192----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 00:16:1614,958,592----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-17 05:02:3814,958,592----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-17 00:16:17167,936----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 05:02:39167,936----a-wC:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 20:21:40122,940----a-wC:\WINDOWS\system32\dla\DLACTRLW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-14 03:16 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 01:32 69632 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-14 03:15 512000]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 02:56 380416 C:\WINDOWS\system32\irprops.cpl]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2008-01-14 03:15 897024]
"TpShocks"="TpShocks.exe" [2003-12-17 13:12 102400 C:\WINDOWS\system32\TpShocks.exe]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2008-01-14 03:15 20480]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2003-12-25 03:36 394752]
"TP4EX"="tp4ex.exe" [2002-09-04 03:05 53248 C:\WINDOWS\system32\TP4EX.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-14 03:15 335872]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2008-01-14 03:15 36864]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-14 03:15 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 00:50 180272]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2008-01-13 12:55 118784]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-12-25 03:36 106496]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.exe" [2008-01-14 01:05 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-16 19:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-16 19:11 256576]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-03-24 19:12:40]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-07-13 18:31:38]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-07-13 18:41:37]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-06-02 13:04:58]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlij]
pmnnlij.dll

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2003-12-17 15:50]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-03-12 02:10]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-03-12 02:10]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-12-25 03:36]
R2 ibmfilter;ibmfilter;C:\WINDOWS\System32\drivers\ibmfilter.sys [2004-03-19 14:05]
R2 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2003-12-15 19:29]
S3 gAGP440p;gAGP440p;C:\DOCUME~1\Louie\LOCALS~1\Temp\gAGP440p.sys []
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-03-12 02:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e27fcc9-7f1b-11db-891a-000e353678ce}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16bf73a0-1ec2-11dc-89af-000e353678ce}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9530d7f4-0ff8-11dc-89a4-000e353678ce}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2ccfd30-c1f0-11dc-9dc3-000d607598a8}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 14:00:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-12-03 00:32:26 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 00:04:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 0:05:32
ComboFix-quarantined-files.txt 2008-01-17 05:05:16
ComboFix2.txt 2008-01-17 00:29:20
.
2008-01-14 11:16:37--- E O F --- Go here >> http://www.malwarebytes.org/regassassin.php <<

Download RegASSASSIN to the desktop and open the program.

Copy this line:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnlij

Paste it in the Text box and click Delete.

----------

Please download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
  
• An EXPRESS Scan of your PC notice will appear.
  
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
  
• Back at the main window, select the Complete scan button.
  
• Then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  
• Copy and paste that log in the next reply

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

I receive an error message when trying to Update the Anti VIRUS "Unable to connect to server. There may be a problem with the server or Network."

Im using the Trend Micro OFFICE Scan V 7.3
Engine version 8.500.1002
Windows XP SP2

What COULD this be?
Try to download updates manually: http://www.trendmicro.com/download/product.asp?productid=5Going to Try!
Thanx

Windows System Folders like ProgramFiles and MyDocuments are duplicated in the same location.. Please help to fix this!

I have a fresh installed xp in my pc connected to a network.. and i forgott to disconnect it from the network while under installation process.. a trojan horse virus has infected me first before i've installed the norton 2007 systemworks w/ anti-virus.. that's why i intend to full scan the system for me get rid of it that virus.. and it was resolve and the virus was remove completely..

but the problem is??

the virus has change my xp system registry making it possible to create a Windows System Folders from my dirve C: like ProgramFiles and MyDocuments and DocumentSettings to be duplicated in the same location... and everytime i've created a new folder inside my drive C:? it always duplicated and once i've delete the new folder i've created? only one of the duplicate is erase and i cant erase the other because windows prompt me like this:

"Can not delete file: Can not read from the source file or disk" "click OK"

and when i intend to create a folder with the same foldername "PROGRAM FILES"?? then WINDOWS is restricting me to create a folder which already exitsing with the same name, and also the same with other folder besides from system folder inside drive C:\??

i know that creating folder with the same foldername in the same directory or location is restricted... but the troublesome is how's that happen that even i restarted xp i always see the duplicated folder of PROGRAM FILES and others system folder and also the new folder i've lately created.. even if run xp in safe mode or either command prompt safemode.. still i see those bunch of duplicated folders and i observe that those duplicated folder name for the first time its just something shortcut to the original folder but now? it contains also all the same files and sub-folders... but even shortcut has different foldername or filename and they just the same on the target isn't it?? CORRECT me if im wrong...

im not good in XP OS trouble shooting specially when it comes registry editing but as of my openion theres something registry related here needs to be fix... correct me im wrong...

Please anybody have an idea to deal with this problem and fix this annoyance..??
please???

thank you so much in advance to anybody's concerned... 1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before SCANNING by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and UNZIP them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the CURRENT dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

The latest build of CCLEANER has been released...available Here...

I SUGGEST the Slim version which does not install the Yahoo Toolbar.You beat me to it.

Just saw it about 10 minutes ago.

I USUALLY just let CCleaner notify me that an update is available.I spotted it on another Forum...CCleaner has yet to inform me of an update.Quote from: PATIO on January 17, 2008, 01:42:12 PM

I spotted it on another Forum...CCleaner has yet to inform me of an update.

I'm starting to think the last girlfriend wasn't so bad after all...

I have a windows XP OS.
There are viruses in my SYSTEM. I have Scaned my system and it's indicate that it those are worm viruses. I tried to remove viruses Using Quick Heal, Nortan, Avg, Trend Micro antiviruses but it did not remove so guide me how can i remove worm viruses.
and also main problem is there, when i trying to open C: its display one window named Open with, we have to choose proper program to open C:This post belongs in the Computer Viruses and SPYWARE section of the forum.
Please FOLLOW the steps LISTED here and post back with the requested logs.

Hi i just got rid of a load of virus's

mysteriously, like 5 bazillion .tmp files appeared in my C Drive (like directly in it) - and also in my Documents folder.

a lot of them i was able to delete, but ones starting with the letters B, C, D and F or something, it wouldn't let me delete. Before, it was telling me the file was in use by something else, but now it's saying something about referenced memory and that the file could not be deleted.

the pc also tells me on start up that there are files in my registry that are mis-associated. how do i fix that?

this pc is pretty old and outdated (it's my sister's), but it has Windows XP Home edition. the only thing i can think of is to do a repair install, but NOTHING's backed up at the moment.

sooo what should i do?

1. Run free ESET ONLINE Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will NOTICE that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, MANUALLY download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe MODE.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

We gave our SON a laptop for Christmas and it came with a 30 day subscription to Norton Antivirus. The copy I have of Norton does not run on his laptop. Does anyone know where I can get a free/cheap copy of Norton?

Thanks.Norton AV is not freeware so anyone giving it away for free (or very cheaply) is most likely distributing a pirated version.
But I've got a better idea. Forget about Norton and try AVG instead.
It uses FEWER system resources than Norton, catches more viruses, and did I mention it's free.

You can get the free version of AVG here. (REMEMBER to uninstall any other AV software before installing AVG.)
If you want to renew you son's license for Norton AV I suggest you buy it directly from Symantec.
And for a complete protection you may also want to add the following :

AdAware

SpyBot Search and Destroy

AVG Anti-Spyware ( different than AVG AV )

Win Patrol

Comodo Firewall

All of the above are FREE and will give you a well rounded arsenal of protection.
Office Depot had Special on Norton Anti Virus. Got it for FREE. Price $39. with $10 immediate OD disc, plus $30.00 Rebate from Symantec (NAV.)

Been using NAV for 5 years, and find it does an OUTSTANDING job for me.
Quote

Forget about Norton and try AVG instead.

im USING zonealarm internet SECURITY SUITE 7. i WANT to download latest antivirus/spyware updates...where could i get it??Zonealarm should do this automatically. I don't BELIEVE Check Point provides updates you can download manually.
Is Zonealarm not updating? Do you have a valid and current license?

Quote

A URL link to a Trojan posing as a copy of the Trend MICRO RootkitBuster is CURRENTLY being spammed in the wild.

It was found that the EMAIL containing the said malicious URL is being spammed to members registered to certain freeware download domains, such as www.bestfreewaredownload.com and betterwindowssoftware.com. This HACKED version of RootkitBuster is apparently used to gather email addresses from its users.

Quote

Now if only you'll do my Visual Basic homework for me...

I did a system RESTORE to DECEMBER 17th and can now install CCLEANER. I'm gonna run it nowCool. Since you rolled back, don't forget about Windows updates.Yep, ALREADY installed them. Thanks.

i just started RECEIVING multiple pop up windows from windows installer. I am using internet explorer 7. Windows installer 3.1 re-dist. is installed as well. I CHECKED in Services and confirmed that windows installer service is started.

attached you will find my HTJ log

To Evilfantasy: Please Help!!




[file cleanup - saving space - attachment deleted by admin]Have HJT fix this:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


What are the windows installer pop ups saying?

there are a few (3-4) that pop up blank when navigate to a new web page or click a link inside of a web page. I uninstalled AVG earlier because my trial period expired. Then the pop-ups started. I just tried to install windows defender and this is what it said:
"This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package."

hmmmm...... i'm able to install XP service pack 3.

XP service pack 3 is still in Beta stages so installing it may not be advisable, unless you are familiar with Beta testing Service Packs. Usually people who Beta test a new OS or Service Pack do so on a "throw away" drive.

Lets get some AV on the computer.

Download and install AVG Free http://free.grisoft.com/doc/2/

It offers the same amount of protection as the paid version as far as virus protection goes. Do a full scan and see if it finds anything.

If worse comes to worse, try going to a restore point before this started happening. Then immediately install a new AV before doing anything else.You may also get a fresh COPY of Windows Installerthanks for the ADVISE on sp3. i will cancel that install.

i installed the free version of avg. thanks.

Yes, please.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:01:51, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\IDU\awtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\JoyTechEurope\JOYTECHUSBNeoSController\JoytechNeoSTrayIcon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\JAVA\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Intel\IDU\IDUServ.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Security\HijackThis\HijackThis.exe

R1 - HKCU\Software\MICROSOFT\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SEARCH Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [JOYTECH USB Neo S Controller] C:\Program Files\JoyTechEurope\JOYTECHUSBNeoSController\JoytechNeoSTrayIcon.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [WallpaperChanger] C:\Program Files\My Tools\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: JoytechNeoSTrayIcon.lnk = C:\Program Files\JoyTechEurope\JOYTECHUSBNeoSController\JoytechNeoSTrayIcon.exeO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\my tools\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\my tools\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\my tools\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\my tools\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\my tools\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\my tools\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\my tools\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//html/activexplayer/SMALStreaming.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198407806578
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Security\Super Anti Spyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop UTILITIES Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11932 bytesFinally....
CCleaner time:
1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
2. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

When you're done, let me know how your computer is doing.
Hi Broni

My computer is running nice & quick now - thanks a million mate!

I would have offered to buy you a beer but I see you live in the states... if you ever plan to visit London sometime let me know.

All the best for now!I'm glad, we fixed it.
As for a beer....see you in London, sir.

About 3 months ago I was GETTING noises from my speakers like knocking at a door or a creaking or slamming door. The noises were very random and did not occur all the time. More anoying than anything. More recently I get a voice that sounds like SPANISH. Can't really identify what it is saying, but it is a brief phrase. I also can't link it to any particular OPERATION. I opened the control panels to turn off the sounds and the arrow on the screen started flashing on and off and another noise that sounded like somekind of vibration or alien death ray occured for about 10 seconds or so and then stopped. I was able to turn off all the sounds, but the voice was still present. However, when I rebooted this morning neither the voice nor any other sound has reoccured. I'm hoping that solved the problem, but it seems more likely that something is lurking on the hard drive that I just can't identify. Has anyone had a similar experience that can be of assistance?I'm thinking you have some malware that's causing it, because I've had that same kind of thing happen and once I ran several different TOOLS to clean up my computer, the weird sounds went away. Try running CCleaner. You can FIND out about it here: http://www.ccleaner.com/features

Some websites also automatically belch out sounds, but that's not what your problem sounds like. If you haven't already done it, download Ad-aware, Spybot, and AVG Anti-Spyware and run those as well. For best results, run them in Safe Mode.

Since updating Real Player yesterday, Online Armor FIREWALL keeps warning me each time I open up Firefox that a dangerous program, Realplayer.exe is trying to run. I have scanned with AVG anti virus, AVG anti spyware, AVG anti rootkill, A-Squared, RemoveIt. Nothing found and I think the problem is with OA. I have marked Realplayer as "Trusted" in the program list. But still I get the warning box come up. Is there an ALTERNATIVE to Real Player that would not cause this problem, or is there something else I can do?
Thanks for any suggestion.
I have:
WIN XP Pro
Firefox
Thunderbird
AVG free Anti Virus
AVG Anti Spyware
Online Armour free Firewall
Win Patrol
Spyware Blaster
RemoveIt anti virus
A Squared anti maleware
Advanced Windows Care
Quote from: pantherman on January 22, 2008, 12:18:24 PM

Is there an alternative to Real Player