Posts by dlh6213

I'm not sure what you mean by 'going in circles,' does it keep rebooting itself? You can't get into msconfig to uncheck SAFEMODE?

Can you boot to your XP CD? (Still assuming you have XP)

Where does AVG say Downloader.Small.9.BV is located?

Try msconfig and see if it will work that way.

Did you delete the entire folders or just the contents? If just the contents, it shouldn't have created any problems. I'm not sure what happens if you delete the folders themselves.

Try using System Restore to go back to a date before you deleted anything.

Noadware may not be helping you much, see this review:
http://www.adwarereport.com/mt/archives/000023.html

Go to this thread and follow the suggestions:
http://www.daniweb.com/techtalkforums/thread5690.html

Then post a hijackthis log in this same thread.

If you're trying F8 and it's not working, it's most likely a matter of timing. I prefer the msconfig route myself, I've never even tried the F8 (but that is the most common way).

Here are complete instructions for installing XP; go through it and see if you made any mistakes. Even if you don't think you did, start over and try again. If you can't get the CD to work, get the floppies as suggested in post #6.

Was your CD-ROM working before you tried to install XP?

What OS do you have? Since you said it's new, I'll assume it's XP.

There are two ways to do this:

The most common is to reboot your computer and then repeatedly hit F8 while it's booting up.

The other way to to go to Start, Run, type in msconfig, and click OK. When the System Configuration Utility window comes up, click the BOOT.INI tab, select SAFEBOOT, and then OK. You will get asked to reboot and when you do, it will come up in Safe Mode.

When you're done in Safe Mode, go back to msconfig and remove the checkmark from SAFEMODE.

Here's a patch for IE with SP2:
http://support.microsoft.com/default.aspx?kbid=884020

Here is information about XP's firewall:
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

Try disabling the firewall (do you have any other firewall?) and see if either browser is then able to access the web.

Moved to the Virus forum, all hijackthis logs are to be posted in this forum

Also, please post all replies in this same thread, don't start a new one :)

Go to Add/Remove Programs in your Control Panel and remove (if found):
WeatherBug

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - …

It could be the firewall settings in SP2; I think there is also a patch for IE problems with SP2. Look through this thread and see if there is anything that helps (a link to the patch should be there, and I think instructions for the firewall are too):
http://www.daniweb.com/techtalkforums/thread10031.html

If you still have clickoptimizer after doing as crunchie suggested, do a search for it and let us know where it is when you post your next HJT log.

Did they ever work on this computer? If they did, can you think of anything that might have been done to the system around the time they stopped working (hardware or software changes)?

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [jfqkog] c:\windows\system32\jfqkog.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess

Close all windows other than HJT before you hit the Fix button

Reboot into Safe Mode

Open Windows Explorer, Folder Options, Tools, View, and select "Show hidden files and folders," and uncheck "Hide protected operating system files"

Go to
C:\Documents and Settings\All Users\Start Menu\Programs\Startup and delete hpfhtp.exe (don't delete this one if you know what it's for; I couldn't find any info on it at all -- good or bad -- but it looks like it could possibly be for something by Hewlett Packard)
C:\WINDOWS and delete ZServ.dll
C:\WINDOWS and delete systb.dll
C:\WINDOWS and delete farmmext.exe
C:\WINDOWS and delete wupdt.exe
C:\windows\system32 and delete jfqkog.exe

I don't see anything in your log that should be causing a problem, but you can have HJT fix this one:
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

Check here to see if this helps at all:
http://www.microsoft.com/windows/windowsmedia/knowledgecenter/mediaadvice/0035.aspx#Question4

If not, can you post the entire message along with any codes?

I wonder if Aqua Dock can be causing any conflicts... :confused:

I am beginning to think the above website is a scam to try and get you to buy their product. I have went to it on antoher computer and it said the same thing. Plus I have never not ran antivirus software. let me know what you think.

I suspected the same thing, that's why I went directly to the McAfee site (not using the link in the suspect site) to see what they had to say about it and how to remove it, without purchasing something from the other site.

Can this thread be marked as solved now?

According to McAfee, the only way to get this is by using P2P. Here are a few excerpts from the link provided below:

If you are using P2P software (Kazaa, Gnotella, Bearshare, Morpheus, eDonkey, eMule, etc.) be very careful with downloaded executable files.

The worm copies itself around and into the folder defined by "Kazaa\localcontent" registry key and into "kazaabackupfiles" subdirectory. Some copies may have enticing names (like "porn.exe", "Matrix Screensaver 1.5.scr", "Smart Ripper v2.7.exe", etc.) so other people may download the worm through P2P file sharing program. Once the downloaded copy of the worm is executed the cycle repeats itself.
Some variants can scan subnets for systems already infected by sub7 or kuang2 to spread furhter.

The worm can also accept remote commands and participate in, for example, a denial-of-service flood attack on a Web site.

Some variants include backdoor capabilities (remote cmd.exe, list files, retrieve files, keylog etc.), port redirection, the ablity to circumvent antivirus and firewalls and can spread using kazaa, kuang2 (port 17300) and sub7 (port 27347).

http://vil.mcafeesecurity.com/vil/content/v_100282.htm

Removal instructions are included in that link as well, but you should still do as crunchie recommended.

Noadware may not be helping you much, see this review:
http://www.adwarereport.com/mt/archives/000023.html

I hope you made a backup of your registry before you made any changes... just in case.

You need to go to Windows Update to get the Critical Updates for your system, this can help prevent some of the problems you now have.

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
O2 - BHO: (no name) - {FC0A3B14-AE44-4580-AA23-66DA9827250C} - C:\WINDOWS\SYSTEM\OBGA.DLL
O18 - Filter: text/html - {431B44F8-7BA1-41D5-81B7-8492E272BF71} - C:\WINDOWS\SYSTEM\OBGA.DLL
O18 - Filter: text/plain - {431B44F8-7BA1-41D5-81B7-8492E272BF71} - C:\WINDOWS\SYSTEM\OBGA.DLL
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = 192.168.0.1
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 4.2.2.2

Reboot into Safe Mode

Go to:
C:\WINDOWS\SYSTEM and delete OBGA.DLL

Reboot normally

Download the Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Run Hoster and press Restore Original Hosts, OK, and Exit Program. Reboot.

Close all browser windows, scan with HJT, and post a new log please.

Hey Dark Omen, you didn't mention what version of Ad-Aware you're running, but you should have Ad-Aware SE and get the VX2 cleaner plugin:
http://russelltexas.com/malware/adawarese/vx2plugin.htm

In addition to the above, if you don't recognize any of the O16 entries, you should have HJT fix those as well; don't worry about making a mistake here, if any are legit they will come back next time you visit the site.

After you have HJT fix the things HawkeVIPER suggested, reboot into Safe Mode and go to:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup and delete hphunn.exe
C:\Program Files and delete the Viewpoint folder

Close all browser windows, scan with HJT, and post a new log please.

Butchcombs, I merged your threads, please post all replies within this thread.

Is Ameritech your ISP?

If it is, I don't see any problems in your log; are you still having trouble? Did you check Black Viper's site for recommendations?

It could be the firewall settings, or there is a patch for an issue similar to this. Read through this thread to see if there's anything helpful:
http://www.daniweb.com/techtalkforums/thread10031.html

Open Windows Explorer, Folder Options, Tools, View, and select "show hidden files and folders," and uncheck "Hide protected operating system files".

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:
Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire content of
C:\Windows\Temp folder
C:\Temp folder

Do a search for *.tmp and delete everything found

Empty your Recycle Bin

Go to Add/Remove Programs in your Control Panel and remove (if found):
Admilli Service
Internet Optimizer
BullsEye Network

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program …

SpyKiller and Spyware Begone probably aren't helping you much; before you get any anti-spyware programs, you should check them out at this site first:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

More info here:
http://startup.iamnotageek.com/srch-Spykiller.exe.html
http://startup.iamnotageek.com/srch-freescan.exe.html
http://www.hardavenue.com/startup/freescan.exe.php

1. Update your Ad-Aware 6 to Ad-Aware SE (http://www.lavasoftusa.com/software/adaware/), keeping the default options. However, some of the settings will need to be changed before your first scan

2. Close ALL windows except Ad-Aware SE

3. Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the Preferences/Settings window

A.) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

B.) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

I don't see anything bad in your log, other than the lack of "R" entries (http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#RDiag).

Did you try the winsock fix previously suggested?

I did all that you suggested with the following exceptions:
Weatherbug: I use this occasionally and it is something that I installed it myself. I've never had any problems with it. I didn't make any corrections or deletions related to this.
DIGStream: I visit ESPN's website quite often and enjoy thier "ESPN Motion" video clips, which uses DIGStream. I never had any problems with this and didn't make any corrections or deletions.
Homestead: Homestead.com is a site I use for filehosting. I didn't see any harm here either.

Sorry about the DIGStream, I looked it up and knew it wasn't a problem; I don't know why I included it. :confused:

You may want to reconsider WeatherBug, as it is reported to be associated with adware and spyware:
http://www.2-spyware.com/file-weather-exe.html
http://www.liutilities.com/products/wintaskspro/processlibrary/weather/

As far as the Homestead, I wasn't sure, and fixing it wouldn't have caused any problems, it would have just come back the next time you visited the site.

No, I searched several sites and found nothing about it. Doesn't even get a single hit on google.

In refrence to hkmtauvn.exe, usually when you can't find info on something with Google, it's a pretty good indication its bad (or very new). However, you can usually right-click on a file and go to Properties to get information about it. A lack of info there pretty much guarantees it's not good.

That's not a complete hijackthis log, it should show what version of hijackthis you're using. If you're not using 1.99, please update it.

In any case, please close all browser windows, scan with HJT (ver. 1.99), and post the complete log.

Hi Powder; first of all never click on a pop-up ad, no matter how enticing it maybe. Don't even click on the X to close it, either use Task Manager (as you did), or right-click on it and select Close.

Get SpywareBlaster and/or SpywareGaurd to help prevent this from happening again.

Get Ad-Aware SE and Spybot Search and Destroy to help remove most of what will get in anyway.

These are all free, and there are links to them in this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

Keep them all updated, along with your antivirus program, and run them at least once a week.

Go to Add/Remove Programs in your Control Panel and remove (if found):

DIGStream
WeatherBug

Close all browser windows, scan with HJT, and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [hqclgc] C:\WINDOWS\system32\hmktauvn.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/...ive/HS_live.cab

Reboot into Safe Mode

Go …

I believe what you are referring to are called 'Molex' connectors, as seen here:
http://www.8ballshardware.com/articles/sunbeamrheo/molex.jpg

They can all be connected at the same time, the only problem may be if your power supply can't supply enough power if all devices happen to be running at the same time (not a very likely scenario).

The purpose of the two connectors at the end is to do exactly what you want to do, connect both a hard drive and a CD-ROM (or two hard drives, CD & DVD, etc.) that are next to each other:
http://www.grosbill.com/aides/techaide/montage/images/molex.jpg

This should fix your startup error:
http://www.cryer.co.uk/brian/windows/ie_artehodywtd.htm

Can't help with the display problem though :(

What email program are they using (Hotmail, Outlook, Yahoo, ...)?

Is there any message that comes up when they try to send an email?

If so, what does it say?

Has the computer been scanned recently for adware and spyware (not just antivirus)?

The advice in this thread may be helpful:
http://www.daniweb.com/techtalkforums/thread5690.html

Just noticed this has already been solved. :o

Info about winntold:
WinNTNew (Windows NT 4.0 or higher), WinNTOld (Windows NT 3.51) found here:
http://www.bris.ac.uk/is/services/computers/operatingsystems/winnt/deploy/abcpydoc.ini.txt

Did you fix the things I suggested? You'll have to wait for one of the mods to look at the rest because it appears to be beyond my capability (for now...)

Be sure all browser windows are closed before fixing anything with HJT (I've seen users before that said their log showed it when no windows were open -- not sure what causes this, but just make sure they're all closed). Scan with HJT and have it fix the following entries:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
(More info herehttp://www.liutilities.com/products/wintaskspro/processlibrary/WToolsA/)
O4 - HKLM\..\Run: [SStb.exe] SStb.exe
(More info here http://computercops.biz/startuplist-6561.html)
O4 - HKLM\..\Run: [kalvsys] C:\winntold\system32\kalvgva32.exe
O4 - HKLM\..\Run: [abu] abu.exe

Go to Start, point to Programs, point to Startup, delete kuyttk, if it's there.

Reboot into Safe Mode

Do a search for WToolsA.exe, and delete it, if found
Do a search for SStb.exe, and delete it, if found
Do a search for abu.exe, and delete it, if found
Go to C:\winntold\system32 and delete kalvgva32.exe, if found

Reboot normally, close all browser windows, scan with HJT, and post a new log please.

Some info on Cacheman.exe:
http://startup.iamnotageek.com/srch-Cacheman.exe.html

Before posting another HJT log, try running all your scans while in Safe Mode. Then reboot into Normal Mode, close all browser windows, scan with HJT, and post a new log.

You can try this:
http://www.snapfiles.com/get/restoration.html

I would suggest using Hijackthis on one of the offending computers and post the log in the Viruses forum. With that information we should be able to help you fix the problem and you can then go about cleaning up the others the same way. You can get the latest version of Hijackthis from here:
http://www.softpedia.com/progDownload/x-Download-5034.html

I don't use Trend Micro either, but when you open it there should be a Management Console or something similar where you can set it to show in the Task Tray. I don't know if this will help, but here is a link to the manual:
http://www.trendmicro.com/ftp/documentation/guides/pcc2005-qsg.pdf

Thykos, close all windows, scan with HJT and have it fix the following entries:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28bbcaa...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

I don't know if that will solve you're problem, but that's all I see. Maybe one of the pro's will spot something I missed.

Where does Spyware Doctor say the problem is? If it's in a restore folder, check this thread:
http://www.daniweb.com/techtalkforums/thread13362.html

C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

If you're using a Toshiba laptop (and it looks like you are), you should keep those entries. Check this link for info:
http://www.windowsstartup.com/wso/detail.php?id=22

Toshiba sure adds a lot of processes :eek:

Hey there dlh. Thanks for your input. I appreciate it. I will definitely consider adding a donate X form to the subscription page. However, I think you misunderstood me. As I said, I need about one dollar per signup. However, I don't plan on asking my members for this money. Instead, I plan on perhaps partnering with some company in that I would put their advertisement on the registration page or work some sort of partnership out where I end up making about one dollar per signup through advertising. Definitely not going to be charging the members.

Yes, I did misunderstand, and that sounds like a great idea if you can find someone to do it.

I had another thought to promote donations. A while back you had a contest where the winner got a cash reward; well, how about one where the prize is a 'Subscription' membership (for whatever period you deem appropriate)? This would increase awareness of the Donation section.

Hi Dani, I noticed you got the donation link at the top now (Help Us Out: Donate), I think that will help. I do have a couple of suggestions for you to consider.

I don't think charging everyone a dollar is going to work because some people don't have the means of paying online and some will be turned off just by asking for money (regardless of the amount). I think the donation route is the best way to go, but find ways to encourage more -- such as putting the link at the top.

I think the link should be reworded too, a few suggestions (instead of 'Help Us Out: Donate'):
Help us out by donating
Help us out by making a small donation
If we've helped you, help us out by making a small donation
It costs money to provide this service, please help us out by making a small donation

I also have a suggestion (yeah, I know, I'm full of It) for the donation page. Instead of just the two subscription options, add one more for the donater to specify any amount -- without a subscription.

These are just a few things to think about since you asked for ideas. :)

From Spywarewarrior, a reputable site that investigates alleged spyware removal tools;
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Like I said, I know that now -- thanks to the techs here -- but I didn't when I first came to this site and was desperate for a fix to the problem I was having.

Maybe an announcement could be put at the top of the Security forum stating that ads are not endorsed and/or to ask for advice/opinions before purchasing any?

As for this statement:

...word will spread VERY quickly among advertisers and that could be the demise of Daniweb.

I think it would only keep the rogue advertisers away.

And, as far as revenue is concerned, I think there would be more donations if the link were at the top of the forum pages instead of at the bottom. I was here for months before I even noticed it was there. I doubt donations will ever match advertising income, but it all helps, right? Also, unless I'm mistaken, I believe a small bit of income is derived every time someone just clicks on a google ad link; getting the word out about that could help some as well.

Thanks Alex, if I notice anything again, I'll be sure to do that!

Well, I've tried to remove the registry entries but I couldnt find them.
That's strange. Maybe its a newer version.

I scanned my system with trojanhunter and it removed the trojan, but when I rebooted the trojan was back again, and this keeps going.

It seems impossible to remove this one. I really dont understand....

I haven't seen one yet that couldn't be removed, but some take more perseverance then others. Go to this thread and get HijackThis and post a log here.
http://www.daniweb.com/techtalkforums/thread5690.html

Try this; right-click on a blank area of your desktop (someplace where there are no icons), in the menu that pops up, click on Properties. In the next window, click on the Desktop tab; down near the bottom, click on the Customize Desktop box. Click on the Web tab and let us know what is in the box under 'Web pages:'

Before you make any changes to the registry, you should first back it up. Here are the instructions for doing so:
http://support.microsoft.com/default.aspx?kbid=322756#2

In regards to this statement:

The last thing I need is to defragment my HD.

Defragging should be done on a regular basis (once a week in my opinion, but some people say twice a year is okay). I think you probably meant to say 'reformat.'

That's how I ended up purchasing xoftspy; since it was advertised here, I thought it was being 'recommended.' I know better now, but I've wondered myself if there isn't a way to screen the advertisers.

You should first try booting into Safe Mode and running the programs you mentioned. While in Safe Mode, delete the contents of all Temp and Temporary Internet folders for all users. Also, do a search for *.tmp and delete all those files as well.

Reboot normally and go to this thread and follow any of the recommendations you haven't already tried:
http://daniweb.com/techtalkforums/thread5690.html

After that, post a hijackthis log in the Security forum (even if it doesn't look 'normal').

NailX, start a new thread instead of tagging on to someone else's.