Can anyone make any sense out of this? - Contractor Talk - Professional Construction and Remodeling Forum

**Teetorbilt** · 04-02-2007, 08:18 PM

I'm mostly concerned with the HKLM and BHO files.

Logfile of HijackThis v1.99.1
Scan saved at 8:48:25 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 3.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\SiteAdvisor\5248\SiteAdv.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Documents and Settings\Owner\Desktop\hijackthis(2)\HijackThis.ex e

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://theonlybookmark.com/in.cgi?2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus9.hpwis.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O2 - BHO: StrangeBho Class - {0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B} - C:\PROGRA~1\WIN32Z~1\notepad.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 3.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\5248\SiteAdv.exe"
O4 - HKLM\..\Run: [spywarefighterguard] "C:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://www.msnusers.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139543322203
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europ...vex/hcImpl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/B...1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/co...INIBrowser.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...87/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{163D2E15-186D-4B0C-84B5-BA04EACAC52A}: NameServer = 85.255.113.116,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\5248\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\5248\SAService.exe (file missing)
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

mdshunk · 04-02-2007, 08:19 PM

Wow... you're screwed.

daleshad · 04-02-2007, 08:22 PM

I had a similar situation

I bought spysweeper $30
and AVG Free Edition $FREE

Most of my pc issues went away. I like this combination.

RobertCDF · 04-02-2007, 08:22 PM

Uhhhmmmm.... You need to go and buy a new computer! BUT!!! VERY IMPORTANT! you need to take this infected computer out of your house before you bring the new one in! If you bring in the new one before removing the old one... You might as well kiss it goodbye.

**Teetorbilt** · 04-02-2007, 08:30 PM

md, it's a lot like electrics, one bad connection can burn down the building. I have one, just have to find it. BTW, you should see the breakdowns on those listings. Here's one of the suspects.

* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.

dougchips · 04-02-2007, 08:41 PM

Teetor, my computer has something bad and I WAS going to ask you what software you used to clean yours up, it looks like everything you tried failed.

The other night my right click would not work unless I closed my internet browser. After 5-10 minutes the same thing would happen again. Then I could not remove programs or access my computer to check things out. Today it takes 2-3 reboots to get internet access.

BTW I stay clear of porn sites.

BuildingHomes · 04-02-2007, 08:48 PM

It looks like you have a lot of fugly stuff in there.

Acquire items such as AVG, SpyBot S&D, and AdAware.

If possible download them onto another computer and burn them to a CD.

Then take them to the affected computer and install. Hopefully they'll take.

Otherwise, format, re-install the OS and be careful with what you click on.

**Teetorbilt** · 04-02-2007, 08:49 PM

I love a challenge! I'm also getting much better at this new 'puter stuff.

tinner sent me this site; subratam.org I'm registered and checking it out. If this keeps up, I'll be a geek.

**Leo G** · 04-02-2007, 08:58 PM

Go here http://www.daniweb.com/techtalkforums/forum64.html and post your log. You may have to subscribe to post, no bigee, I did when I had problems. These guys should be able to analyze and set you in the right direction.

mickeyco · 04-02-2007, 09:05 PM

I'm in the same boat I recently got some nasty virus/hijacker, I used Internet Explorer, hardly ever use it, and bam, my system is all messed up, pop up windows, error messages, etc. Worst virus/hijacker I've ever had. I cleaned up most of it but it keeps coming back. I'm burning the files I want to keep off my hard drive and using the recovery program to start fresh.

**Leo G** · 04-02-2007, 09:15 PM

Spybot search and destroy, Adware, CCleaner in that order. All free. Good chance it'll find something.

BuildingHomes · 04-02-2007, 09:28 PM

And keep your Windows systems up to date with all the patches through Windows Update.

Do NOT connect your computer directly to the internet with a DSL or cable modem, use a router. They're cheap. Everyone should have one.

Avoid using Internet Explorer and Outlook if you can. Try Mozilla and Thunderbird.

**Teetorbilt** · 04-02-2007, 09:45 PM

Building, I'm through a router and currently using Mozilla. I prefer the IE format and it's faster when everything is working. IMHO Mozilla is rather awkward.

RobertCDF · 04-02-2007, 10:32 PM

Wow... I find it amusing... I did not use a router for quite sometime (I do now) I also DO NOT use ANY virus software or spyware software... Have not on this computer for the 6 years I have had it... Guess what??? NO PROBLEMS AT ALL!!! and I use XP not a service pack ORIGANAL. And IE 6.

Just be smart about where you go on the net and what you click on and you will be just fine.

tinner666 · 04-03-2007, 06:22 PM

Here's one starting spot. http://www.answersthatwork.com/Taskl...s/tasklist.htm

tinner666 · 04-03-2007, 06:27 PM

And the current BHO list.

http://downloads.subratam.org/bholist.txt

And current toolbar list

http://www.downloads.subratam.org/toolbarlist.txt

I keep these in a seperate folder for easy access.

tinner666 · 04-03-2007, 06:28 PM

Is this yours? Or something else?

O11 - Options group: [INTERNATIONAL] International*

tinner666 · 04-03-2007, 06:40 PM

This looked funny. The 03 seacrhhook is also a clue!
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.116 85.255.112.16

I googled it and got this link to a similar problem and fix(s).

http://www.help2go.com/component/opt...opic/p,114292/

**Teetorbilt** · 04-03-2007, 06:43 PM

No idea who that is.

tinner, I registered on the sit that you gave me, no response yet. It's OK, looks like a small site and may take a few days.

tinner666 · 04-03-2007, 07:07 PM

Porn sites don't have all the trojans. Packet sniffing trojans just look for a webpage being downloaded for viewing. If it happens to be right here as you open this page, the trojan comes into your puter with the page. The router will not protect in this senerio. I watched it happen in real time. I've used AVG and McAfee side by side for 4 years without a hitch, in 'real-time protection' mode. Plus spysites, spywareblaster, and others.

Just not setting cookie controls can get you blasted. If you use aol browser, you have to open IE browser to set controls.

Adaware and Spybot usually come up clean if IE6 controls are set correctly. I usually find 1 or no items every week.
How can a "cookie manager" beat IE6's controls? If you use iespyad, spysites, and SpywareBlaster, they load almost 7K of restricted cookies into the block list.
I have 1st. and 3rd. party cookies blocked 24/7, always allow session cookies checked,( session cookie has to be checked to work with edit features), and under edit button,( "sites" with SP2) I only have 7 ( I think) sites on the allow list which will act like a firewall "pass list". If I don't delete cookies for a year, and look in cookie folder, I never find more than the 7, and that's only if I visit all 7 sites during the year.
Set Tools, Internet Options, Privacy, Advanced, Block 1st. and 3rd. Party cookies; Check "Always allow session cookies", hit OK. THEN Click EDIT,(or SITES) in SP2, Type in or paste paypal.com for instance, Click allow. Check OK as you close each menu. After a year of surfing, that's the only cookie to be found in that folder.
YOU WILL KNOW WHEN A SITE YOU NEED WON'T WORK AND CAN ADD THAT SITE AT THAT TIME IF IT'S NECESSARY.
One Caveat; Excite sets a tracking cookie, and after every update of SpyWareBlaster, I have to locate it at bottom of list, and right click, select Ignore list and addd it to the ignore list, or uncheck excite, pick Remove Protection.
PS: Now clear all cookies for a fresh start. Clear temp files regularly.
SpywareBlaster preloads your "White List" with thousands of Bad sites on the Block List in Internet Explorer.
A sidebar: Get Camtech2000's free version of Spysites. It not only loads restricted sites into Internet Explorers " Restricted Zone , but it tells you what each site puts on your computer. Read their " worst offender" list. Some "cookies" have java script viruses. Get updates through it's help menu.

Be sure to download CCLeaner from http://www.ccleaner.com/ and run it every day!

If you use AOL browser, you have to open IE window to set the controls.