I recently removed SPYBOT from my system. However, when I boot up my system, I receive the following error message: "Error while creating the log: Class not registered".
Everything on my system seems to be working on OK except I can no longer log on to AOL IM.
Any suggestions, please!
Jump to Post1. Do you mean that you removed the infection called "spybot", or the utility program called SpyBot?
2. You might want to run HijackThis and post the log file it generates. A download link for the program is in my sig below; instructions for using the program are listed …
Jump to PostYou wasted your time with the log. I run a group called ITAD, we help neigbors etc with there PC problems.
We install all the essential tools that come free.
I gave most of them spybot and ad-aware, and on XP after a few reboots spybot wont load and you …
Jump to PostYou are welcome. I hope all works's.
Jump to PostI would say its a registry error. Other then that i was unfamilair with the log error, Ive never seen that one. Or at least I dont remeber it. Email Spybot them selves.
Jump to PostYou wasted your time with the log...
Not true; have a closer look at that log:
1. "Logfile of HijackThis v1.97.7" - That is an outdated version of HJT. The current release version is 1.98.2; CCG should download (the link is in my sig below) and run the newer …
1. Do you mean that you removed the infection called "spybot", or the utility program called SpyBot?
2. You might want to run HijackThis and post the log file it generates. A download link for the program is in my sig below; instructions for using the program are listed in numerous previous threads in this forum.
1. Do you mean that you removed the infection called "spybot", or the utility program called SpyBot?
2. You might want to run HijackThis and post the log file it generates. A download link for the program is in my sig below; instructions for using the program are listed in numerous previous threads in this forum.
I meant that I removed the utility program called SpyBot. Should I continue and run the HiJack This?
Thank you very much.
I meant that I removed the utility program called SpyBot. Should I continue and run the HiJack This?
Thank you very much.
Here is the log file after I ran the HiJack This. It may as well be in Japanese--- I understand none of it. Hope you can shed some light on this information.
Thanks again.
Logfile of HijackThis v1.97.7
Scan saved at 11:30:29 AM, on 12/5/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Nortel Networks\AutoExt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\CARLGL~1\LOCALS~1\Temp\Temporary Directory 1 for hjt[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\Nortel Networks\AutoExt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.4011921296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax2228.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAEBB46F-8352-4308-BAF6-ECADD6191D5F}: NameServer = 198.190.226.3,198.190.226.30
You wasted your time with the log. I run a group called ITAD, we help neigbors etc with there PC problems.
We install all the essential tools that come free.
I gave most of them spybot and ad-aware, and on XP after a few reboots spybot wont load and you recieve a nice nasy error. First you have to uninstall the program. Run any updated needed on windows XP. Run all scan's (virus, scandisk etc) then reboot and reinstall. If this nice problem persist's please contact me.
You wasted your time with the log. I run a group called ITAD, we help neigbors etc with there PC problems.
We install all the essential tools that come free.
I gave most of them spybot and ad-aware, and on XP after a few reboots spybot wont load and you recieve a nice nasy error. First you have to uninstall the program. Run any updated needed on windows XP. Run all scan's (virus, scandisk etc) then reboot and reinstall. If this nice problem persist's please contact me.
Thank you very much for your information and advise.
You are welcome. I hope all works's.
You wasted your time with the log. I run a group called ITAD, we help neigbors etc with there PC problems.
We install all the essential tools that come free.
I gave most of them spybot and ad-aware, and on XP after a few reboots spybot wont load and you recieve a nice nasy error. First you have to uninstall the program. Run any updated needed on windows XP. Run all scan's (virus, scandisk etc) then reboot and reinstall. If this nice problem persist's please contact me.
I uninstalled SPYBOT, ran all the scans (virus, speed, Norton WinDoctor, etc), rebooted, reinstalled SPYBOT, ran SPYBOT, rebooted, and received the same original message under a PopUP entitled "SPYWARE DOCTOR": Error while creating the log, class not registered".
Thanks in advance for any help.
I would say its a registry error. Other then that i was unfamilair with the log error, Ive never seen that one. Or at least I dont remeber it. Email Spybot them selves.
You wasted your time with the log...
Not true; have a closer look at that log:
1. "Logfile of HijackThis v1.97.7" - That is an outdated version of HJT. The current release version is 1.98.2; CCG should download (the link is in my sig below) and run the newer version and post the log that version generates.
2. " C:\DOCUME~1\CARLGL~1\LOCALS~1\Temp\Temporary Directory 1 for hjt[1].zip\HijackThis.exe" - HJT is being run from a Temp/Temporary directory, which is not advised; here's the explanation:
"The contents of Temp folders aren't permanent, and often get deleted in the course of routine system clean-up and/or troubleshooting. Create a new folder such as C:\HijackThis, C:\Downloads\HijackThis, or C:\Spyware Tools\HijackThis and move the program to that folder."
3. " O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain" - indicative of an infection by a variant of the WildTanget spyware.
4. " O9 - Extra button: WeatherBug (HKCU)" - indicates the presence (or previous presence) of the "WeatherBug" spyware component.
5.
....I gave most of them spybot and ad-aware, and on XP after a few reboots spybot wont load and you recieve a nice nasy error. First you have to uninstall the program....
I install Ad Aware and SpyBot on all of my client's PCs (including those who run XP, and including SP2) in the normal course of "hardening" of their systems, and have yet to see the sort of error you describe. I've also not seen such a problem reported as being a "global" problem in all of the time I spend doing online "malware" support.
Oh. Sorry i totally missed that.
3. " O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain" - indicative of an infection by a variant of the WildTanget spyware.
and the Weather bug program's both should be removed. Also yes you are right.
I should have paid more attencion to the TEMP directories, but it slipped my mind.
Good thing you caught that, CCG, if this works please inform us.
...I should have paid more attencion to the TEMP directories, but it slipped my mind....
Sphyenx-
Things like that eventually happen to all of us here who eat HJT logs for breakfast, lunch, and dinner- don't sweat it. The more time you spend here crunching through those logs, the more likely it is that you'll miss something or (*cough!*) get something wrong. ;)
It's just a hazard of our occupation...
lol, ive been going at it for a week now, Ive never been so full. But its good im not hungry. Cause we sure get a hand full of log's daily.
First of all, thank you very much for your time and effort. This is all Greek to me. Just so I am sure I understand what you are saying:
1. I donwload the current 1.92.2 version of Hijack This into a folder called C:\hijackthis
2. I run Hijack This and post the log
3. Should I also uninstall WIld Tangent & Weather Bug.... whatever they are!
4. Download, install and run Adware (I already have Spybot installed).
What do you mean by a "hardening" and "global problem"?
Thank you once again in advance for your help.
****************************************************
Not true; have a closer look at that log:
1. "Logfile of HijackThis v1.97.7" - That is an outdated version of HJT. The current release version is 1.98.2; CCG should download (the link is in my sig below) and run the newer version and post the log that version generates.
2. " C:\DOCUME~1\CARLGL~1\LOCALS~1\Temp\Temporary Directory 1 for hjt[1].zip\HijackThis.exe" - HJT is being run from a Temp/Temporary directory, which is not advised; here's the explanation:
"The contents of Temp folders aren't permanent, and often get deleted in the course of routine system clean-up and/or troubleshooting. Create a new folder such as C:\HijackThis, C:\Downloads\HijackThis, or C:\Spyware Tools\HijackThis and move the program to that folder."
3. " O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain" - indicative of an infection by a variant of the WildTanget spyware.
4. " O9 - Extra button: WeatherBug (HKCU)" - indicates the presence (or previous presence) of the "WeatherBug" spyware component.
5.
I install Ad Aware and SpyBot on all of my client's PCs (including those who run XP, and including SP2) in the normal course of "hardening" of their systems, and have yet to see the sort of error you describe. I've also not seen such a problem reported as being a "global" problem in all of the time I spend doing online "malware" support.
1. I donwload the current 1.92.2 version of Hijack This into a folder called C:\hijackthis
2. I run Hijack This and post the log
Yes, exactly.
3. Should I also uninstall WIld Tangent & Weather Bug.... whatever they are!
Yes, they are "spyware" infections, and they do need to be uninstalled. The problem is (these being malicious programs,) that trying to remove them using your Add/Remove Program control panel probably won't get them off your system entirely. Many of these types of infections leave small pieces of themselves behind and will "grow back" in a short period of time.
4. Download, install and run Adware (I already have Spybot installed).
No single utility program exists which is capable of removing all infections, but Ad Aware and SpyBot compliment each other quite well in the fact that one of those programs will often detect and fix something that the other program missed. You should use both programs regularly- run them consecutively (the order doesn't matter), have each program fix everything it finds, reboot your computer when the fixes are complete, run the other program, and reboot again after it has completed its fixes.
What do you mean by a "hardening" and "global problem"?
Sorry for the computer jargon. "Hardening" is the technical term for the process of making a computer less vulnerable to hacker attacks, virus/spyware infections, and other malicious intrusions.
By "global problem", in this context I meant that the error Sphyenx mentioned concerning SpyBot/Ad Aware is not a problem that is reported widely by those in the Internet community who use those programs. In other words, the problem does not appear to be a well-known, documented "bug" or something similar. (Keep in mind that I am in no way discounting the fact that some people may very well expeience what Sphyenx describes).
Here is the log I saved after running HIJACK THIS:
Logfile of HijackThis v1.98.2
Scan saved at 6:49:10 PM, on 12/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Nortel Networks\AutoExt.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\spyware programs downloaded\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Extranet AutoDial] C:\Program Files\Nortel Networks\AutoExt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax2228.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAEBB46F-8352-4308-BAF6-ECADD6191D5F}: NameServer = 198.190.226.3,198.190.226.30
**************************************************
Yes, exactly.
Yes, they are "spyware" infections, and they do need to be uninstalled. The problem is (these being malicious programs,) that trying to remove them using your Add/Remove Program control panel probably won't get them off your system entirely. Many of these types of infections leave small pieces of themselves behind and will "grow back" in a short period of time.
No single utility program exists which is capable of removing all infections, but Ad Aware and SpyBot compliment each other quite well in the fact that one of those programs will often detect and fix something that the other program missed. You should use both programs regularly- run them consecutively (the order doesn't matter), have each program fix everything it finds, reboot your computer when the fixes are complete, run the other program, and reboot again after it has completed its fixes.
Sorry for the computer jargon. "Hardening" is the technical term for the process of making a computer less vulnerable to hacker attacks, virus/spyware infections, and other malicious intrusions.By "global problem", in this context I meant that the error Sphyenx mentioned concerning SpyBot/Ad Aware is not a problem that is reported widely by those in the Internet community who use those programs. In other words, the problem does not appear to be a well-known, documented "bug" or something similar. (Keep in mind that I am in no way discounting the fact that some people may very well expeience what Sphyenx describes).
yes that is true, there is no way to prove 100% safe, or even come close to partially coming close. If you want to be safe from spyware etc. Disconnect all cat5Es and smash the modem, lol. Not recommened. The thing is, spywares every were. Ive been pretty good at staying clean. Just stay away from p2p, porns not even bad any more. I think most spyware comes from jsut everyday site's. Pissed of malicious people.. haha, but if they didnt exist most of us wouldnt have job's. Well i dont work for any corp etc, im only 16. But still its my future if i could only pass my math classes.
I insalled SpyBot on my wife's computer, ran it, then rebooted. Now after she signs on to Windows I get
C:\Windows\System32\Command.Com
The Parameter is Incorrect.
What caused this and how do I fix it please?
Knot_Rich, this thread is 5 years old. You need to begin your own thread with all needed info, operating system, anti-virus program, firewall, what you have done to correct the problem. Somebody will work with you in your OWN thread not in an old thread belonging to somebody else.
Judy
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.