If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Hi I have noticed another thing it keeps installing in the Favorites links which i have deleted like a 100 times now but wouldnt go away i restart explorer and it installs even installs if you open a new window. Dont know when i will get rid of this stupid thing. I have even removed the registry of winnook.exe. also removed files frm prefetch folder so there are no backups to the files. Without luck. Hope a good solution to this problem comes fast i am loosing my mind. Take care -- januPosted from http://www.pcreview.co.uk/ newsgroup access |
Ads |
#17
|
|||
|
|||
"janu" janu.1pvhom@ wrote in message
... Hi I have noticed another thing it keeps installing in the Favorites links which i have deleted like a 100 times now but wouldnt go away i restart explorer and it installs even installs if you open a new window. Dont know when i will get rid of this stupid thing. I have even removed the registry of winnook.exe. also removed files frm prefetch folder so there are no backups to the files. Without luck. Hope a good solution to this problem comes fast i am loosing my mind. Take care -- januPosted from http://www.pcreview.co.uk/ newsgroup access I know I'm harping on this but have either you or Terry Smythe tried HijackThis? When all other programs fail HijackThis will usually get to the root of the problem. It is a program for advanced users so do not use it blindly. Read the FAQ at the following link then follow the instructions you find there. http://forums.spywareinfo.com/ Kerry |
#18
|
|||
|
|||
I had the same EXACT problem...Sunday i went to a soccer game came home finding out that my sister used my computer and this software installed itself...HOWEVER there is a way to remove that backround...It is just an oversized window, so if you get it look at the top of ur screen and you see a grey bar or some kind or line and drag down and it just moves the window down and you simply close the X....My problem is that after i uninstall the little icon saying my computer is infected still stays in my toolbar. Now this was the other day Sunday, and i restored my computer to last Friday. This worked however, today the program reinstalled itself and i did not use internet explorer. I have firefox. Along with this program installing itself again some other junk instaled on my computer and i got 5 new icons on my desktop in total. I did a system restore and not more then 5 minutes after the restore the AVG software installed itself again. I contacted the company...of course no reply. I tried deleting the files under "regedit" from the Run command and one file for this program was ad efault and could not be deleted. But i guess im just gonna try to restore my computer to a few weeks ago and see if that helps. -- e[x]!tPosted from http://www.pcreview.co.uk/ newsgroup access |
#19
|
|||
|
|||
Run Hijackthis and place a check beside each of the following. Once you have checked them, click fix checked. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2 Download noact reg to desktop: http://home9.inet.tele.dk/le01/Sikkerhed.htm Doubleclick on it, say yes to merge. Reboot, post new log and tell how things are running -- CGKBAPosted from http://www.pcreview.co.uk/ newsgroup access |
#20
|
|||
|
|||
I finally got rid of the desktop danger thing, the redirects and everything those dirtbags at Antivirus Gold threw at me. I did it by using the free scans from SpywareNuker (aka pcOrion) and Xoftspy. I did the Nuker first and printed out the results from my scan, then found and deleted the cookies and files where it told me to find them on my C:/ Then I went into the regedit thing and did the same thing on my registry. All together Nuker found 22 nasties for me to delete. After that I still had the black screen up and the red X on my task bar so I used the Xoftspy scan and it dug up another list. I pretty much followed the locations it gave me and I got rid of everything else except the black desktop screen became white and I couldn't get rid of it. I Dogpiled AVGold and found yall on this string and I want to thank e[x]!t for his help. He's right, I just clicked and dragged the top of that window down, found the X in the upper right corner and its gone! I just registered on this site to thank you all for the advice I got reading the posts and wanted to share how I got over on AVGold. I'm pretty much a complete computer neophyte and I think my total ignorance allowed me to mess with my registry without a second thought and I just got lucky picking a couple of scans that happened to work out. But hey it worked for me, and if anybody knows how to trash AntiVirus Gold I'll be happy to hold the door open. Thanks for your help. -- gregp86Posted from http://www.pcreview.co.uk/ newsgroup access |
#21
|
|||
|
|||
You are using programs that are probabily bundled with spyware. I only know
about the good stuff. I never heard of AVGold, Nuker, Softspy etc. Don't buy anything without checking with www.spywareinfo.com for a start. I use free avast virus software, free ad-aware, free spybot s&d, free microsoft-beta antispyware (not all at the same time) and I never had a problem. Security is #1. My advice, download "eraser" from heidi software (free), create a floppy nuke disk, erase the disk clean, reformat, and install a clean os. Then install sp2 for a firewall, update at microsoft, get zone alarm firewall-free, avast, and what I mentioned before. Before you buy an app, a game, especially free screensavers, learn all you can about adware and spyware. If you have a good virus program (avast updates automatically) you'll be ok. -- oralcumfix "gregp86" wrote: I finally got rid of the desktop danger thing, the redirects and everything those dirtbags at Antivirus Gold threw at me. I did it by using the free scans from SpywareNuker (aka pcOrion) and Xoftspy. I did the Nuker first and printed out the results from my scan, then found and deleted the cookies and files where it told me to find them on my C:/ Then I went into the regedit thing and did the same thing on my registry. All together Nuker found 22 nasties for me to delete. After that I still had the black screen up and the red X on my task bar so I used the Xoftspy scan and it dug up another list. I pretty much followed the locations it gave me and I got rid of everything else except the black desktop screen became white and I couldn't get rid of it. I Dogpiled AVGold and found yall on this string and I want to thank e[x]!t for his help. He's right, I just clicked and dragged the top of that window down, found the X in the upper right corner and its gone! I just registered on this site to thank you all for the advice I got reading the posts and wanted to share how I got over on AVGold. I'm pretty much a complete computer neophyte and I think my total ignorance allowed me to mess with my registry without a second thought and I just got lucky picking a couple of scans that happened to work out. But hey it worked for me, and if anybody knows how to trash AntiVirus Gold I'll be happy to hold the door open. Thanks for your help. -- gregp86Posted from http://www.pcreview.co.uk/ newsgroup access |
#22
|
|||
|
|||
this thing is driving me mental!! this is what hijackthis says:
Your ideas would be greatly appreciated.. Logfile of HijackThis v1.99.1 Scan saved at 2:21:40 a.m., on 10/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\hookdump.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\360Share\Gui\360Share.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Pinch\Desktop\HijackThis.exe C:\WINDOWS\notepad.exe R3 - Default URLSearchHook is missing O1 - Hosts: 213.219.251.78 google.co.uk O1 - Hosts: 213.219.251.78 www.google.es O1 - Hosts: 213.219.251.78 google.es O1 - Hosts: 213.219.251.78 google.com.au O1 - Hosts: 66.218.75.184 mail.yahoo.com O1 - Hosts: 213.219.251.80 www.search.msn.com O1 - Hosts: 213.219.251.80 go.com O1 - Hosts: 213.219.251.80 www.go.com O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Windows Cleaner] "C:\Program Files\Windows Cleaner Full/WindowsCleanerFull" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Barv] C:\WINDOWS\mefkkykm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EC008768-3D34-4F3C-A557-AA4D38B10841}: NameServer = 192.168.1.254 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing) |
#23
|
|||
|
|||
Nobody knows what "darn problem" you have because you didn't describe one.
Post HiJack This logs in one of the forums created for that purpose, like Tom Coyote: http://forums.tomcoyote.org/index.php?showforum=27 -- Ted Zieglar "You can do it if you try." "finch21" wrote in message ... this thing is driving me mental!! this is what hijackthis says: Your ideas would be greatly appreciated.. Logfile of HijackThis v1.99.1 Scan saved at 2:21:40 a.m., on 10/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\hookdump.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\360Share\Gui\360Share.exe C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Pinch\Desktop\HijackThis.exe C:\WINDOWS\notepad.exe R3 - Default URLSearchHook is missing O1 - Hosts: 213.219.251.78 google.co.uk O1 - Hosts: 213.219.251.78 www.google.es O1 - Hosts: 213.219.251.78 google.es O1 - Hosts: 213.219.251.78 google.com.au O1 - Hosts: 66.218.75.184 mail.yahoo.com O1 - Hosts: 213.219.251.80 www.search.msn.com O1 - Hosts: 213.219.251.80 go.com O1 - Hosts: 213.219.251.80 www.go.com O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll (file missing) O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Windows Cleaner] "C:\Program Files\Windows Cleaner Full/WindowsCleanerFull" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [Barv] C:\WINDOWS\mefkkykm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EC008768-3D34-4F3C-A557-AA4D38B10841}: NameServer = 192.168.1.254 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing) |
#24
|
|||
|
|||
sorry Ted its the antivirus gold like everyone else thats the problem,
cant seem to get rid of that stupid little red cross on toolbar, but ill check out Tomecoyote, cheers |
#25
|
|||
|
|||
Hi, I have had the problem with avgold to, now, here are several users on this pc, and I saw other users dont have problems with it, so what I have done: I made a backup of all my files then made a new user putted my files in the new user deleted the user where avgold is on andd... you are rid of the avgold problem! -- WildChildPosted from http://www.pcreview.co.uk/ newsgroup access |
#26
|
|||
|
|||
hi, i read all these posts and was having to same problem with that darn trojan two days ago. I have found a solution and i felt obligated to post it for all of u. I have ad-aware running on my computer and it just wasnt cutting. What i ended up doing was downloading the freeware version of Spybot Search and Destroy and the free 15-day trial of Webroot Spy Sweeper. I ran them all together and it fixed it. I think that the Webroot Spy Sweeper was the key because in the free scan that you can do on their website, it was the only program to recognize the antivirus gold as a trojan. I dont know if it worked because all three programs removed part of it but it worked. Webroot asked me to reboot the system and when i did, there was no warning in the backround and no (X) in the toolbar. Hope that helps, Dazed and Confused Badabang -- badabangPosted from http://www.pcreview.co.uk/ newsgroup access |
#27
|
|||
|
|||
Here is a copy of my HiJack THis Scan Logfile of HijackThis v1.99.0 Scan saved at 10:13:12 PM, on 6/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\carpserv.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\DOCUME~1\Pat\LOCALS~1\Temp\Rar$EX03.688\HijackT his.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 6 Pro Eval\fplaunch.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Insight\BBClient\Programs\RegCon.exe" /admincheck O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbme s.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbme s.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: WebControlDeploy - https://grouper.com/v1/GrouperSetup.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst4_x.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://tinyurl.com/b7dc9 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://tinyurl.com/8zso6 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://tinyurl.com/4xgfy O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://tinyurl.com/c3j8a O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} (WAFDownloader Class) - https://www.web-a-file.com/webafiledownloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://tinyurl.com/76o8j O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Can anyone tell me what to do about the AntiVirus Gold invasion on my computer? I can not do a system restore for I undid that months ago. Please help this black screen is driving me nuts. I finally got it to stop downloading unless I accidently click off of the icon I am trying to open. This has been gong on for a week and I am about to throw this thing out the window. HELP ME PLEASE Hoosiermom -- hoosiermomPosted from http://www.pcreview.co.uk/ newsgroup access |
#28
|
|||
|
|||
I was attacked by antivirus gold or last nite, ive been reading these posts and thru trial and error of using different advice given, i found that as said using spysweeper, (free 15 day trial) got rid of it , mb theyve updted it recently or something, thanx to everyone for their support and advice -- funky junktionPosted from http://www.pcreview.co.uk/ newsgroup access |
#29
|
|||
|
|||
I have ran and have been running the full blown version of Webroot SpySweeper and it has done nothing. I still have it and it is driving me up a wall. Please someone has to know how to get rid of thid thing. -- hoosiermomPosted from http://www.pcreview.co.uk/ newsgroup access |
#30
|
|||
|
|||
This link tells how to remove Antivirus Gold. I first ran McAfee and Adaware, which got rid of some of the nefarious program. The following nailed the rest of it: http://tinyurl.com/cfx3m To avoid reinfection, practice safe sex: don't go to porn sites, or be sure to use a computer condom. Happy deleting! -- mlv40Posted from http://www.pcreview.co.uk/ newsgroup access |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Startup problem because of a antivirus program | dadimar | General XP issues or comments | 6 | March 19th 05 11:27 AM |
Hijacked - help | Danielle | Windows XP Help and Support | 3 | November 12th 04 04:55 AM |
unable to re-install Norton AntiVirus - valid digital signature not found | AG Young | Windows XP Help and Support | 2 | July 30th 04 01:12 AM |
unable to re-install Norton AntiVirus - valid digital signature no | lvee | General XP issues or comments | 8 | July 28th 04 10:34 AM |
unable to re-install Norton AntiVirus - valid digital signature not found | AG Young | General XP issues or comments | 1 | July 27th 04 10:38 PM |