KS-FINN

I'M REMOVING MYSELF FROM THIS FORUM. THIS SHOULD MAKE EVERYONE HAPPY.!!!!!!!

Message Received. Won't happen anymore.

DISREGARD THIS POST. PLEASE NO MORE REPLYS. THANKS

Thanks for the very informative information. I didn't know that if I keep allowing NoAdware to keep removing Spyware Blaster and Spybot blocked Zones that I may start getting spyware because of it. That's why I keep posting these threads because at times I don't know what to do so I COME TO THIS FORUM FOR HELP. I don't mean to be a bother. Thanks Again.

THANK YOU VERY MUCH FOR ANSWERING MY QUESTION. EDIT Uncalled for remark edited out by moderator

SURE THING. JDPOWER.!!!!!!!

I ran NoAdware v5.0 and it detected the following: Is this a False/Positive.? Removing Spyware Hijacker.InternetExplorerZoneHijack... Removing Registry Hijacker.InternetExplorerZoneHijack... [Deleting Key...] Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com [Key Deleted] Key : HKEY_USERS\S-1-5-21-2897968377-2843162198-137514011-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\defaultbar.com Removing RegValues Hijacker.InternetExplorerZoneHijack... Fixing RegValue dataHijacker.InternetExplorerZoneHijack... Removing Cookies Hijacker.InternetExplorerZoneHijack... Removing Files Hijacker.InternetExplorerZoneHijack... Removing Folders Hijacker.InternetExplorerZoneHijack..

I didn't know for sure that's why I emailed Bitdefender Support. THANKS FOR EVERYTHING.

Here's my log file from hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 4:18:53 PM, on 5/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\NoAdware5.0\NoAdware5.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [RCAutoLiveUpdate] "C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" -AUTO O4 - HKLM\..\Run: [RCSystemTray] "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023861750 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023847671 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) NOTE: I noticed that that highjackthis log reads BitDefender10 (file missing) in different places so I emailed this hijackthis log to their tech. support and here's a copy below of their reponse. > Dear Kenneth, > > We assure you that there is no reason to worry, BitDefender runs (and will > continue to run) fine. > > On the HijackThis report, you can see that BitDefender is a running > application (in the first part of the report). If the specified files were > missing BitDefender would not have launched. > > Furthermore, the status 'file missing' do not actually refer to a missing > file > as such. HijackThis cannot by itself establish if an application is complete > or if some specific files are missing. > > Thank you for your interest in our BitDefender security solution. > > Best regards, > > Adrian Refca > BitDefender Technical Support Engineer > ------------------------------------- > e-mail: support@bitdefender.com > http://www.bitdefender.com > ------------------------------------- > secure your every bit > -------------------------------------

I had to do a sytem restore today because my Update Browzer wouldn't open. Well anyway my update browzer works again. I had to first install activex (Which worked) before I could get access to the updates. Since ActiveX installed here I figured I would try Housecall online scanner and it installed Activex successfully so I ran a scan and it found 2 (Two) items. They are as follows: ADWARE_BHOT_TEHELPER Aliasnames Adware-BHO-gen (McFee); IEHIpr (PestPatrol) ADWARE_MEMWATCHER Descripion Alias:Backdoor.VB.nb (PestControl) Advertising.Com(SpyBot) Adware.Quadro(Symantic)Classification Registry Key HKEY_LOCAL_MACHINE\%Registry Run Key %\4A5XRZW5NJ6@@ %System%\Ebg6yiN.exe " " " \Fya24W. " " " " \TGatr8. " " " " \GcoK1B4A. " " " " \bTPBts. " " " " \HswVd25s. " " " " \duvGY79j. " " " " \PqpGZ2P. " " " " \Sfze5IMu. " " " " \UdgrYPnp. " I was unable to copy and paste it. I tried but it didn't work so I did this manually. What does this tell you. Let me know. I deleted them.

Too late now.

That might expain why I was unable to Open Windows Updates, I had to do a system restore to fix it. PS: I first had to install ActiveX to install the Microsoft update page and it installed ActiveX just fine.? GO FIGURE.!!

I am using Internet Explorer 7

SAME PROBLEM WITH BOTH Panda and House call. Unable yo install ActiveX. I GIVE UP TRYING. THANKS FOR ALL YOUR HELP ANYWAY.!!

Unable to install ActiveX. I keep getting a warning message. Please read WARNING MESSAGE below. I don't recall ever installing Kaspersy Beta online scanner. This oviously must be the problem because it won't install ActiveX. Now what can we try.? PS: I went to my Add/Remove Programs and Kaspersky does not exit. Welcome to the Kaspersky Online Scanner! Use it to scan your PC for viruses and other malware for free Warning: if you have installed Kaspersky Online Scanner BETA, please manually uninstall it using "Add/Remove Programs" before installing this version! Otherwise this version will not function correctly. Benefits: Kaspersky Anti-Virus exceptional detection rates and thorough scanning Hourly AV database updates available each time the Online Scanner is launched Heuristic analysis to detect unknown viruses Simple installation (just click on a link) Requirements and limitations:

I followed your instructions as you indicated but was unable to finish the task. Problem: I only got a far as do you want to install active x and I clicked yes and it wouldn't install active x. I tried 5 times and gave up. Do you think one of my programs is stopping active x from being installed.? Is their another way to try this.?

Thanks very much for your help.

I just ran another scan with a-2 Squared and it detected a Worm. IS THIS ANOTHER FALSE/POSITIVE.? If it's a false/positive SHOULD I DELETE/ RETORE/OR QUARANTINE THEM.? If this continues I'm going to remove the program. Do you agree with removing a-2 Squared.? Their are 6 files infected all listed below. If I decide to remove a-2 Squared should I first retore all the items that it detected from Quarantine.? NET-WORM.Win32.Theals.b c:\WINDOWS\system32\dllcache\convert c:\WINDOWS\$NTServicePackUninstall$\cis c:\WINDOWS\$system32\dllcache\chglogon c:\WINDOWS\system32\convert.exe c:\WINDOWS\I386\AVTOFMT.EXE C:\WINDOWS\$NtServicePackUninstall$\au YOUR INPUT WILL BE GREATLY APPRECEIATED.!!

Thanks you much for your help. !! Theirs really got a lot that I got to learn about computers. I'm completely self taught. So please excuse me for my ignorance. When I first got my computer I didn't even know how to turn it on and that's really bad.!! So you can take it from their. I learn a little each day and Piriform Forums has taught me alot. I never even took typing in High School which I deeply regret to this day. It just makes every thing that much more difficult. I have a question about False/Positives. How do you know if it's false/positive.? Where do you go to find out this information.? Any information you can send my way that would help me understand this would be greatly appreaciated.!

This is all the information that I have. I click on to them but it won't give me a file report. This is the only other information that I'm able to give you. I hope this is what your asking for. c:\hp\bin\corelWP\src\intro.exe: Trojan.Win32.RC5_Dropp c:\hp\bin\Killwind.exe: Riskware.RiskTool.Win32

These are the 2 items that it detected: Trojan.Win32.RC5_Drop >>: Riskware.RiskTool.Win32. Do you think that these are false detections.?

I've been reading different posts about a-2 Squared FREE so I decided to give it a try. I'm very glad that I did because it detected 1-Trojan and 1-Riskware that my Bitdefender Antivirus v10 > AVG > SUPERAntiSpyware Professional did not dectect. To anyone interested give it a try. Why not It's FREE.?

I also got about 90% FREEWARE except for a couple commercial. Bitdefender Antivirus v10 is one of the commercial programs. I must have tried at least 8 (Eight) or more FREE antivirus programs but for some reason or the the other they were not compatable with my system or other software so I would have to remove them do to constant problems. I realize Bitdefender is a bit hard on the rescources but I wouldn't go with out once having it. It's the only Antivirus program that I found that causes NO PROBLEMS.!! It's a excellent program once you learn how to configurate it.

Don't you feel that you need a program that offers real time protection. ???????

Thanks for the very informative information.!! XsoftSpySE will be expiring in a month and I was going to renew my subscription. I changed my mind. That's not going to happen. CAN YOU RECOMMEND A PROGRAM WITH REAL TIME PROTECTION.? How about taking my FREE SUPERAntispyware program and getting the paid version.? I was thinking about AVG but with all their update problems and poor support it leans me away from getting the paid version. Maybe you have another suggestion. If so please let me know. THANKS AGAIN.!!