a-2 Squared FREE

Too late now. :angry:

Lesson learned then - don't just automatically click next without reading the details. Wouldn't have killed Windows updates though.

Should have ticked the box stating "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable."

Well I have to admit I didn't check that but I didn't see it either. When I blocked their address in Yahoo Mail they kept sending me stuff and using different Panda addresses. I swear I blocked like 7 different addresses before the spam stopped.

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner

  • Read and Accept the Agreement

  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • If you see a Windows dialog asking if you want to install this software, click the Install button.

  • The program will launch and then begin downloading the latest definition files,

  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.

  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.

  • Under "Please select a target to scan:", click My Computer to start the scan.

  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

  • Paste kaspersky log onto forum.

Its possible that those are real infections so its good to get a second opinion.

I don't think they are though.

I had to do a sytem restore today because my Update Browzer wouldn't open. Well anyway my update browzer works again. I had to first install activex (Which worked) before I could get access to the updates. Since ActiveX installed here I figured I would try Housecall online scanner and it installed Activex successfully so I ran a scan and it found 2 (Two) items. They are as follows:

ADWARE_BHOT_TEHELPER

Aliasnames Adware-BHO-gen (McFee);

IEHIpr (PestPatrol)

ADWARE_MEMWATCHER

Descripion Alias:Backdoor.VB.nb

(PestControl) Advertising.Com(SpyBot)

Adware.Quadro(Symantic)Classification

Registry Key

HKEY_LOCAL_MACHINE\%Registry Run Key

%\4A5XRZW5NJ6@@

%System%\Ebg6yiN.exe

" " " \Fya24W. "

" " " \TGatr8. "

" " " \GcoK1B4A. "

" " " \bTPBts. "

" " " \HswVd25s. "

" " " \duvGY79j. "

" " " \PqpGZ2P. "

" " " \Sfze5IMu. "

" " " \UdgrYPnp. "

I was unable to copy and paste it. I tried but it didn't work so I did this manually. What does this tell you. Let me know. I deleted them.

Please just start a new topic with a hijackthis log.

Please just start a new topic with a hijackthis log.

Here's my log file from hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 4:18:53 PM, on 5/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\NoAdware5.0\NoAdware5.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [RCAutoLiveUpdate] "C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" -AUTO

O4 - HKLM\..\Run: [RCSystemTray] "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023861750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1180023847671

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

NOTE: I noticed that that highjackthis log reads BitDefender10 (file missing) in different places so I emailed this hijackthis log to their tech. support and here's a copy below of their reponse.

> Dear Kenneth,

>

> We assure you that there is no reason to worry, BitDefender runs (and will

> continue to run) fine.

>

> On the HijackThis report, you can see that BitDefender is a running

> application (in the first part of the report). If the specified files were

> missing BitDefender would not have launched.

>

> Furthermore, the status 'file missing' do not actually refer to a missing

> file

> as such. HijackThis cannot by itself establish if an application is complete

> or if some specific files are missing.

>

> Thank you for your interest in our BitDefender security solution.

>

> Best regards,

>

> Adrian Refca

> BitDefender Technical Support Engineer

> -------------------------------------

> e-mail: support@bitdefender.com

> http://www.bitdefender.com

> -------------------------------------

> secure your every bit

> -------------------------------------

I could have told you that it wasn't a problem.

Your hijackthis log is fine.

I could have told you that it wasn't a problem.

Your hijackthis log is fine.

I didn't know for sure that's why I emailed Bitdefender Support. THANKS FOR EVERYTHING. ;)

I had to do a sytem restore today because my Update Browzer wouldn't open. Well anyway my update browzer works again. I had to first install activex (Which worked) before I could get access to the updates. Since ActiveX installed here I figured I would try Housecall online scanner and it installed Activex successfully so I ran a scan and it found 2 (Two) items. They are as follows:

ADWARE_BHOT_TEHELPER

Aliasnames Adware-BHO-gen (McFee);

IEHIpr (PestPatrol)

ADWARE_MEMWATCHER

Descripion Alias:Backdoor.VB.nb

(PestControl) Advertising.Com(SpyBot)

Adware.Quadro(Symantic)Classification

Registry Key

HKEY_LOCAL_MACHINE\%Registry Run Key

%\4A5XRZW5NJ6@@

%System%\Ebg6yiN.exe

" " " \Fya24W. "

" " " \TGatr8. "

" " " \GcoK1B4A. "

" " " \bTPBts. "

" " " \HswVd25s. "

" " " \duvGY79j. "

" " " \PqpGZ2P. "

" " " \Sfze5IMu. "

" " " \UdgrYPnp. "

I was unable to copy and paste it. I tried but it didn't work so I did this manually. What does this tell you. Let me know. I deleted them.

"Ad-Aware?" This is a good one and it's free and very stable. Use it along with---------->

http://dw.com.com/redir?edId=3&siteId=...4-10701900.html

<--------> "AVG Anti Virus?" http://www.grisoft.cz/filedir/inst/avg75iswt_476a1043.exe ...........This, and you'll be fine. Also free and very stable. I like it as a part of the "Arsenal" because it's very light weight and fast. (Unlike "Snorton" that I am forced to use as my backstop....... =(.....)

PS: When the AVG page apears scroll down half a page to the "Chritical Updates" area for some windoze update stuff you may need. ;)

<--------> "AVG Anti Virus?" "http://www.grisoft.cz/filedir/inst/avg75iswt_476a1043.exe"...........This, and you'll be fine. Also free and very stable. I like it as a part of the "Arsenal" because it's very light weight and fast. (Unlike "Snorton" that I am forced to use as my backstop....... =(.....)

I don't think Grisoft would be too happy with a hotlink directly to the download. Anyways there's tons of sites to download AVG Free from.

I don't think Grisoft would be too happy with a hotlink directly to the download. Anyways there's tons of sites to download AVG Free from.

?

Or you can help here.

http://forum.piriform.com/index.php?showto...amp;#entry75290

Digit, your post in the link above is for the recuva beta software.

This part of the forum here is not really for Recuva problems or questions.

Digit, your post in the link above is for the recuva beta software.

This part of the forum here is not really for Recuva problems or questions.

Ya, I did realize that, however. It apeared as tho that this area of the forum was getting all kinds of attention from the bored gentlemen flaming me for a hotlink, all the while not actually providing anybody any help of any kind. As the topic in hand seemed well in hand and I did actually provide 2 solid leads towards ending the issue....baahhh. I thought that I might hyjack Mr. Metal and see if he could put a dent in my issue. Meh...seemed fair at the time. Clearly I was assuming a lot, sorry. :unsure:

EDIT: Yup, nothing back @ my "Recuva" question but tumbleweed....... :(

It apeared as tho that this area of the forum was getting all kinds of attention from the bored gentlemen flaming me for a hotlink, all the while not actually providing anybody any help of any kind.

The gentleman you refer to, Andavari, is a very valuble member of this forum who provides many with great advice. The way you ask for help may be partly responsible for the lack of replies in your original recuva thread.

"As the topic in hand seemed well in hand and I did actually provide 2 solid leads towards ending the issue..."

This post was weeks old when you answered it.