Posts by 'Stein

Hey, welcome to Daniweb. Heh ya, ya got several more infections on your computer, but all can be fixed. Begin by installing Ewido, SpySweeper, and Ewido (links are located below in my signature). Update definitions for these, but DO NOT run yet. After doing this, go into Add/Remove programs, and uninstall WeatherBug if its in there. Then, run HJT, close all other windows, and fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
O4 - HKCU\..\Run: [WinRoll] -
O4 - HKCU\..\Run: [Yz Shadow] -
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxmk144DHUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab

After running HJT, reboot into safe mode. While in safe mode, run SpySweeper, Ewido, and CCleaner, saving both the SpySweeper and Ewido logs.

After the scans, reboot back into normal mode. Run HJT again, and post a log back here, along with the Ewido and Spysweeper logs.

Thanks.

ALRITE, lets work on that log, Mike49. I apolegize for all the confusion.

Let's begin by verifying that mistakes made CAN be corrected.

Open HJT and click the 'Config' bar. Inside this, under the 'Main' tab, be sure that 'Make backups before fixing items is checked. If it isn't, recheck it, close HJT, open it, and verify it stays checked.

Ok, time to fix some entries. Be sure to close ALL OTHER WINDOWS before hitting 'Fixed Checked'. Run HJT, and check the following:

R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =

Also, do you know anything about this entry?

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

OR

Do you know about the IP address below? If you don't recognize it, check it in HJT and have HJT fix it.
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBB56F14-3CB2-4DC2-A999-CEDDEC55FD1E}: NameServer = 195.92.195.95 195.92.195.94

After running this, and fixing the entries, restart your computer, run HJT, and post a new log back.

After this, are ya still having problems?

Thanks.

Demented, are ya sure? If ya look at CastleCops (searching nwix.exe), ya find several entries, one of which is :
nwiz.exe /installquiet
, which is the same listing as in the log.

Well, jus look at the site, and I'm not tryin to go against ya, I'm jus curious :cheesy:

EDIT: Also, do ya kno anything about:

O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe

S3tray.exe (without the 2), is part of a taskbar for S3 based chipset graphics cards. Do ya think its the same thing?

EDIT2: Im also suspicious of :

O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

Any ideas?

Alrite, that sounds like a good virus. Fix the following:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [Microsoft System Support] spool.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com

After this, install Ewido and CCleaner (both links are in my signature below) and update definitions for both, but DON'T run them yet.

After doing this, reboot into safe mode, and first, delete this folder if found:

C:\Program Files\Common Files\VCClient

Then, run Ewido and CCleaner, fixing everything that's found. Save the Ewido log.

Then, reboot into normal mode again, run HJT, and post a new log along with the saved Ewido log.

Then, we'll work from there.

Thanks.

(justdrw, ignore this below)
Also (to Mods): Anybody know anything about:

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\gplql3351.dll

Looks REAL suspicious to me.

Yep, alrite, Tayspern found the same thing as me

About the eMule...I apolegize, there's spyware that uses nearly the same *.exe file.

NOTE: Tayspern, you have hit 700 replies. I think that deserves a hi-five..*holding arm up* Good job dude :D

Ya, you could post a new log, holla2me920, and we'll look at it if ya want.

Thanks.

Ahh, you're right on both parts... my bad

First off, about the fixing mistakes....the way this works, ya need to be in a PERMENANT folder to have it save changes. So, what ure gonna have to do is first create a new folder in Program Files.

To do this, open My Computer > Local Disk (C: ) > Program Files. While in here, right click, choose 'New Folder' , and rename it HJT.

Then, after this, you need to find the current location of HJT and drag it into this new folder. From looking at your log, its located at:

C:\Documents and Settings\Owner\Local settings\Temp\Temporary Directory 2

To access this, however, you will need to unlock the files. To do this, go (inside the My Computer window) to Tools > Folder Options > View > Show Hidden Files and Folders

After finding HJT, drag it into its new folder inside Program Files.

About the Alcxmntr.exe... Yes, you're right, it IS in fact part of Realtek sound. However, its also 'slyware'--although it's installed with the program, it sends usage data back to the Realtek corporation....so YES, to answer your question, you can leave it be.

After doing all of this, post a new HJT log, and we'll work from there.

EDIT: Outta curiosity, how/why do ya think ya have that virus?

Hmmmm, the only thing I see in there is this, but that doesn't mean it isn't there. So run HJT and check:

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

Then, install Ewido and CCleaner (the links are located in my signature below), and update their definitions, but DON'T run them yet. Then, reboot into safe mode and delete this file:

C:\Program Files\eMule

After deleting it, run Ewido and CCleaner and clean anything they find. Also, save the Ewido log.

Then, reboot back into normal mode, run HJT, and post a new log, along with the Ewido log.

Thanks.

EDIT: Heh, we're all obcessed...let's see wat demented finds with this one. :D

Lol, but I'm sure as hell happy he does too... :D

By the way,, I jus thougt I might mention I like working with 2 other moderators.

Alrite, no more thread-wasting, back to the task on hand.

Ya here's some more to fix: Basically, tayspern already mentioned nearly all of them (except for the one O4 I listed). I'm just clarifying to fix everything.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R3 - URLSearchHook: (no name) - {9A592B60-E8D1-B274-F68E-E13B820722C3} - C:\WINDOWS\System32\fopeipbm.dll
O4 - HKCU\..\Run: [Lwra] "C:\WINDOWS\SKS~1\javaw.exe" -vt mt

After following tayspern's directions, reboot, and download Ewido and CCleaner (links for both are found in my signature below). After downloading, be sure to update definitons for both. Then, run both programs, and save the Ewido log to place into this thread.

After running both scans, fixing both, reboot the computer again, run HJT, and post a new scan, along with the Ewido scan data.

Thanks.

Heh roger that

Hmm, alrite, after completing tayspern's directions (if ya havn't so already), fix the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab

After this, reboot into safe mode (continoiusly hit F8 while starting up). When in safe mode, open My Computer > Tools > Folder Options. Open this, go under the 'View' tab, and click 'Show Hidden Files,' and uncheck 'Hide Protected Operating System Files.'

Then, find these files and delete them:

C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe

After this, restart the computer, and post a new HJT log.

By the way, how much spyware did Ewido find?

Thanks.

EDIT: Tayspern, ya see anythin else?

For help about this, there has been a post created about it:

It's reply #6

http://www.daniweb.com/techtalkforums/thread28196.html

Sorry it's such a big page, but I'd reccomend just hitting find (ctl + f), and typing in 'about:blank'

After running this, say so and post a new long. Then we'll work from there.

Thanks.

NOTE: Thanks to DMR for the thread I linked to. :cheesy:

EDIT: FOLLOW THE DIRECITONS ABOVE

Heh alrite, KILLIN TIME...if ya could, please reboot into safe mode. Then, open My Computer > Tools > Folder Options. Open this, go under the 'View' tab, and click 'Show Hidden Files,' and uncheck 'Hide Protected Operating System Files.'

Then, close out and find the following files and delete them if they're there:

C:\Program Files\Partypoker
C:\WINDOWS\SYSTEM32\winm32.dll

After this, reboot into normal mode, and install Ewido and CCleaner (links for both can be found in my signature). Update both, and run scans for both, fixing everything. Save the Ewido log for post here.

THEN, open this page and follow directions for clearing ALL temporary files (just do it).

http://www.daniweb.com/techtalkforums/thread27570.html

After all of this, restart you're computer, run a HJT scan, and post it along with the Ewido results in a reply.

Heh sry, its alotta stuff.

Thanks.

EDIT: FOLLOW DIRECTIONS ABOVE

Heh don't worry about it....there's a reason we're all here, everybody watching everybody :cheesy:

Couple more things to fix. The first file was added by the W32/Chode-J worm, so watch out for that.

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

Awsome, ya look clean in the log. Alrite, now for preventing all of this...

First off, I'd strongly recommend to begin using Firefox as an internet browswer if ya havn't done so already. FF provides a significant amount more of security. (the link for this is in my signature)

Also, I'd keep Ewido, and run it, say, every week or so. It's pretty effective at catching and removing spyware. After 2 weeks, its 'automatic updating' will expire, but the scanner itself will work after this. All it means is to be sure to update definitions before scanning.

Also, keep CCleaner on the computer, this helps keeping everything clean.

Glad I could help.

Thanks.

Yes, first off, which browser are ya using. Sometimes switching browsers solves the problem (heh PLEASE say ya use Firefox). ALSO, its also very possible the router is blocking the site (oftentimes they have internal firewalls).

If we do find that its the router blocking the websites, ya can always call the helpline, and I believe they can disable them.

Thanks.

Ahh my bad, 1 more mystical chicken:

O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

I dunno if ya already did this,, but did ya set it to show hidden files/microsoft window files?

Alrite ,Mystical Chicken, fix a couple more things:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

(to tayspern)
Do ya kno about
O4 - HKCU\..\Run: [Microsoft Server Applacations] qsosrv.exe ? It looks sorta suspicious.

Also (tayspern again), ya might wanna try using Pocket Killbox for 2 reasons.. 1) itl kill it if its there, and 2) it'l definitely tell ya if its not.

Thanks.

You could also uninstall some of the toolbars for added time.

Alrite, great. You'll begin by posting a HJT log here. Directions for this can be found here (be SURE to follow directions):

http://www.daniweb.com/techtalkforums/thread28196.html

Thanks.

Hmmm ya might. Download HijackThis and post a scan here. Directions for this can be found here:

http://www.daniweb.com/techtalkforums/thread28196.html

Thanks.

Alrite, I see several things. Fix the following:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

If ya recognize the O16 entries, and know that's not the problem, then ya don't have to fix them.

Next, after this, reboot the computer. After rebooting, install CCleaner and Ewido (both links are in my signature below). After installing them, be sure to update their definitions, and run scans for both. After the scans, post the Ewido log along with a new HJT log.

Lastly, are ya still having problems after this all?

Thanks.

Hmm, first off, I only see 1 thing wrong, and that doesn't even look like anything. Fix the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

After fixing, reboot the computer, and download both Ewido and CCleaner. The links are located in my signature below. After downloading both, be sure to update both and then run scans with both. Then, post the Ewido log and a new HJT log into a reply to this thread.

Lastly, include if ya still are having problems.

Thanks.

Looks clean to me. Are ya still having symptoms? If so, I'll thorougly scrutinize the log further. Also, it wouldn't hurt to download CCleaner if ya don't got it already (I already see Ewido running). The link for this is above.

Thanks

Heh outta curiosity, which FPSs do ya play?

Ahhh I see :o thanks.

Back to you, Cbbicace.

Alrite, several more things:

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Now what wouldn't hurt is to run CCleaner and Ewido.
Links for both can be found in my signature below.
After running and cleaning with both (be sure to update for both), restart and post a new log.

Thanks.

Great, thanks demented :cheesy:

Outta curiosity, why about:buster? I've never heard about it before, and am curious about it.

Also, what infections did ya see, and how did ya kno it was those infections?

(Heh, sry, I'm tryin to get better & learn this stuff)

Thanks.

Alrite, that might not be spyware, but let's double check that. To start, download HijackThis. Instructions for installing and running are located here:

http://www.daniweb.com/techtalkforums/thread28196.html

After you run a scan, save a log and copy/paste it into a reply inside this thread.

Also, BE SURE to follow the directions inside the thread above.

Thanks.

Heh, no, I don't see anything wrong with the log. Tayspern's incredible at this...and 2 times faster then me :cheesy:

But ya, seriously, are ya still having symptoms?

Thanks.

Alrite, I see several things wrong with the log...next time just start a new thread. Alrite, fix the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

After fixing these, reboot into safe mode (when restarting, continually tap F8). While in safe mode, find and delete these files:

C:\Program Files\Need2Find
C:\Program Files\RXToolbar
C:\Program Files\TBONbin

Lastly, restart, run HJT and post a new log. We'll work from there.

Thanks.

Several more to fix:

O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [SpySpotter] C:\Program Files\SpySpotter3\SpySpotter.exe -startup
O4 - HKLM\..\Run: [DownloadStudio] C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [1226345244.exexeg] C:\WINDOWS\system32\1226345244.exexeg
O4 - HKLM\..\Run: [1226345244.exehare.exetml4] C:\WINDOWS\system32\1226345244.exehare.exetml4
O4 - HKLM\..\Run: [1226345244.exe] C:\WINDOWS\system32\1226345244.exe
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - C:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.503.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/See.../bridge-c24.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/s...FreeInstall.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab

Alrite, ya still got several more things to fix, (except, fix these in normal mode, NOT safe mode):

O4 - HKLM\..\Run: [MS taskbar] taskbars.exe
O4 - HKLM\..\RunServices: [MS taskbar] taskbars.exe
O4 - HKCU\..\Run: [MS taskbar] taskbars.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...aploader_v6.cab

After fixing these, restart, run HJT and post a new log here.

Ya kno, if ya ever were curious about your HJT log, ya could learn to do it yourself (like me).
Here's a site for major help:
http://castlecops.com/HijackThis.html#o7

Thanks.

O ya, last thing, could ya mark the thread as solved?

Thanks a ton.

Hmm, yea, I think ya should be fine while updating now. The only problems ya are experiencing now (I think) are just common aging. I guess if ya were worried, ya could run some online virus scans:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Personally, I think Kaspersky works the best.

But ya, if it was me, I'd run Kaspersky, have it fix whatever it found, and then after that, upgrade Windows.

And then after it all, post back here, cause now I'm curious haha

Thanks.

O, sorry, heh. The IP is listed under the O17 category.

Wait, first off, are ya using dialup? With dialup, oftentimes connection problems are due to faulty connections rather then spyware. That's always a large possibility.

Lastly tho, do you experience any problems when NOT using the internet (ie, when using Word documents, etc)? IF the answer to this is no, then I question whether spyware is at fault in this case.

Thanks.

Haha awsome.
Time for some recomendations:
First off (if ya havn't already), switch and use Firefox instead of IE. It's significantly safer.

Next, download Ewido as a spyware cleaner. It's what I've used for a while with much success.

Also, download Microsoft Defender (formerly known as Microsoft Anti-Spyware). Although it isn't as good at catching spyware, it's a good 'active' catcher.

Antivirus: Personally, I use Norton Antivirus. However, the supposed current best is Nod32. However, these both cost money. For free (and these arn't that bad), I would download AVG. (NOTE: Be sure to only run 1 antivirus)

Firewall: Personally, I have a hardware router built into my router, with Norton Internet Security as a software firewall. However, again, this costs money. For free, the best (at least I feel it is) is ZoneAlarm.

Lastly, I would download CCleaner. This utility is helpful in keeping the computer in an overal good state.

Links for all of these:

Firefox – http://www.mozilla.org/products/firefox/
AVG – http://free.grisoft.com/doc/2/lng/us/tpl/v5
Nod32 – http://www.nod32.com/home/home.htm
Ewido - http://www.ewido.net/en/
Zone Alarm – http://www.zonelabs.com/store/conte...lid=selector_za
CCleaner - http://www.ccleaner.com/

Thanks.

Here we are:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xml2lib.dll (file missing)
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\winadvt.dll
O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdcc...oad/tgctlsr.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/min...ransporter.cab?

Based on several entries, it is believed that you have a trojan: Trojan.StartPage.O
Help is here :
http://www.sarc.com/avcenter/venc/data/pf/trojan.startpage.o.html

Thanks.

EDIT: Arrg, u win this one hahah.

Hmm alrite, fix the following things:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.companion.yahoo.com/slv/y...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/y...com/search?p=%s
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

This is all I see, with several 'mabe' spyware possibilities.
First off, do ya kno the server 206.74.254.2 204.116.57.2? I ask this because you're connected to it.

Now I question whether its spyware, or just an overload of other things.

After fixing those i mentioned, run a new HJT log and post it please.

Thanks.

Hmm a couple more:

O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Thats all I really see mostly. Are ya still having symptoms?

If yes, post another log after the changes.

Thanks.

Lol thanks alot...if only I was good at this stuff...Ive learned by watchin all u guys. Also, I'd have a membership to ure site, Dani, BUT...I'm not even old enough to have a credit card :mrgreen:

Thanks again, anytime I can help I do.

I apolegize its taken us this long to reach you. With that said, are ya still having problems? If so, post back and we'll work from there.

Thanks.

Sorry its taken us this long to reach ya. With that said, are ya still having problems? If so, post back and we'll work from there.

I'm very sorry its taken us this long to reach ya. With that said, do ya still have symptoms? If so, post a new log and we'll work from there.

Thanks.

I'm awfully sorry it's taken us this long to reach ya. With that said, are ya still having symptoms? If so, post a new log, and we'll work from there.

Thanks.

Hey, are ya still having problems with it all? I'm sorry its taken us so long to reach ya..its been a hectic month. If you're still having symptoms, post a new long (heh INSIDE the message this time please) and we'll work from there.

Thanks.

Hi I'm sorry its taken us this long to reach you...its been a hectic month.
Are ya still having problems? If so, post a new long and we'll work from there.

Thanks.

Man sorry its taken so long to respond...its been an awful month
But ya, are ya still having problems? If so, post a new log and we'll work from there.