HELP!!! Spyware is killing me and I'm not a computer genius!





Click here to go to the NEW College Discussion Forum

Discus: College Confidential Café: 2004 Archive: HELP!!! Spyware is killing me and I'm not a computer genius!
By Smartblond (Smartblond) on Thursday, August 12, 2004 - 09:31 pm: Edit

Ok... I downloaded Ad-Aware to get rid of spyware cuz my b/f told me it works. It works ok, but I can't escape from that dumb about:blank thing! Every time I log into my email, before the whole page gets loaded it redirects to about:blank and pops up tons of spyware warning pages. What do I do???

By Arthurd (Arthurd) on Thursday, August 12, 2004 - 09:36 pm: Edit

Ad-Aware SUCKS... don't let anyone tell you different. A few versions ago, it was probably one of the best (or THE best), but Lavasoft has been slacking lately. Get SpySweeper by Webroot. It is by far the best, and you'll see proof of that by the many traces of spyware/adware it finds lurking on your PC. It may or may not fix your particular problem, but it surely does much better than Ad-Aware.

Good Luck!

By Peacefulchaos (Peacefulchaos) on Thursday, August 12, 2004 - 09:37 pm: Edit

ya go to download.com and spysweeper is like the top download.

btw, has anybody used ghostsurf pro, what's their opinion of it?

By Arthurd (Arthurd) on Thursday, August 12, 2004 - 09:41 pm: Edit

I'm not big on proxies, myself. A good firewall and other precautions do the job for me, but ghostsurf pro does what it sets out to do very well from what I've seen.

By Peacefulchaos (Peacefulchaos) on Thursday, August 12, 2004 - 09:53 pm: Edit

Arthurd: from what you've seen? where have you observed it... I'm just wondering cuz my dad saw ghost surf pro at costco and just randomly bought it so we can experiment with it....spyware always manages to finds it way to our computers and we've had to reformat our computers multiple times

By Arthurd (Arthurd) on Thursday, August 12, 2004 - 09:57 pm: Edit

Ghostsurf was used at a company whose computers I used to manage. Its main objective is to act as a proxy. That is: to cover your internet tracks as much as possible by acting as a sort of filter between your computer and the internet. It is not supposed to be a major spyware stopper, although they did throw that feature in there. You can't depend on a proxy to stop all (or even most) spyware.

By Waffle (Waffle) on Thursday, August 12, 2004 - 10:16 pm: Edit

my spyware problem got so bad that I had to wipe out all of drive c and reinstall my OS, but you should only do this if you have files backed up, back up CDs, and no important programs on there where you don't want to lose data, such as games. You can e-mail a technical support person to get info on this, since many times the spyware just keeps coming back and getting worse no matter what you do. It's not too hard to wipe out your hardrive and reinstall everything; you just have to type DOS commands. Wiping out a drive and reinstalling your OS can take an hour or more, depending on how much you are deleting and how good you are with computers. The more tedious part is reinstalling everything else.

By Legendofmax (Legendofmax) on Thursday, August 12, 2004 - 10:19 pm: Edit

I can't stand it. I can't go anywhere online anymore without spyware being crammed into my system.

By Vancat (Vancat) on Thursday, August 12, 2004 - 10:20 pm: Edit

best advice: back up your important files and reformat your hard drive. Get a computer savy friend to help or just read the manual that your computer came with.

Its really a simple process, the only hard part is knowing what DOS commands to type. But you can figure that out pretty easily. Once the reformat is done, just reinstall all of your drivers( like for video and sound) and bring back all of your backed up files.

Piece of cake

By Waffle (Waffle) on Thursday, August 12, 2004 - 10:31 pm: Edit

same thing happened to me legend. just do what vancat (he put it into simpler terms than i could) and I said, and don't give any information out to any site unless you absolutely have to.

By Peacefulchaos (Peacefulchaos) on Friday, August 13, 2004 - 01:39 am: Edit

i dont think you need to know any DOS commands.... i have a comp that originally has windows millenium edition...but i got my hands on a windows xp cd and i installed that OS...from now on, all i do to reformat is just put the windows xp cd back in and say i want a full re-installation (i already backup everything into a external hard drive or copy it to another computer on the family network)

usually your computer comes with an installation cd to do the reformatting for you

By Alphamom (Alphamom) on Friday, August 13, 2004 - 02:12 am: Edit

Consumer Reports just did an ariticle on spyware this month. Spybot was listed as a good free download. Just paid to have spyware removed, and new safeguards installed. What a pain.

By Scorp (Scorp) on Friday, August 13, 2004 - 02:12 pm: Edit

first get rid of the spyware then go to:


www.mozilla.org

get Mozilla FireBird, stop using Internet Explorer.

By Vancat (Vancat) on Friday, August 13, 2004 - 02:38 pm: Edit

any compatibility issues with Mozilla and windows ME? Any bugs reported? Im thinking about getting rid of IE (piece of crap)

By Pookdogg (Pookdogg) on Friday, August 13, 2004 - 02:41 pm: Edit

Just started using Firefox on my ME machine a couple weeks ago, Vancat. Nothing major yet, although I've had some issues with foreign fonts (ie Korean).

Speed is marginally faster, and pop-ups are gone. It works great for me. And no spyware picked up in over two weeks: that's...so, so...beautiful...

By Smartblond (Smartblond) on Sunday, August 15, 2004 - 10:47 pm: Edit

Thanx! I hope it works... :D

By Number9 (Number9) on Sunday, August 15, 2004 - 11:24 pm: Edit

Firefox is a better bet for smarter browsing. If it doesn't suit you, go for Opera.

Ad-Aware should work fine. You need to update it everytime you load it. Make sure you go to the globe icon on the top and update it.

You might have Coolwebsearch, which is a bitch of spyware. Look for CWShredder on google, and download it, run it. Make sure you don't have any browsers up when you run any programs like Ad-Aware or CWShredder.

By Welshie (Welshie) on Monday, August 16, 2004 - 03:14 am: Edit

Ad-Aware SE (just recently released) is probably single handedly the best spyware destroyer. SpySweeper is good too, sure, but it takes much much longer than SE and doesn't catch a lot of the items SE does. My suggestion would be to get both. Scan with Ad-Adware when you feel your connection slowing down and use Spy-Sweeper late at night or during a time when you don't need the computer (it seriously takes a chunk of time). As others mentioned, FireFox and Opera allow good protection against Spyware-- use them.

By Ndbisme5 (Ndbisme5) on Monday, August 16, 2004 - 11:56 am: Edit

Man, seriously, Congress needs to start legislating against spyware and spam... quick.

By Xiggi (Xiggi) on Monday, August 16, 2004 - 12:01 pm: Edit

I second Welshie regarding Ad-Aware. It's a great piece of software. It is constantly updated and it is much better than most software that carries a price tag. I bought several commercial packages and they are not better and because of a smaller user base won't be updated that frequently.

Regarding CWS, you ought to know that the developer of CWShredder has given up in his battle with the Evil Empire. He simply cannot keep up with all the variants of CoolWeb that appear. It is amazing to me that our authorities are not able to stop the company behind CW and throw them in jail. I'm sure that anyone who has been infected will understand what I am saying! It is almost impossible to get rid of, unless you know your way around the Registry. CWShredder will not suffice.

By Mahras (Mahras) on Monday, August 16, 2004 - 12:09 pm: Edit

Xiggi and others,

Is cool web search that toolbar that appears in all the places and it seems to endorde pop ups. I have been trying to get rid of that for a month now. I used ad-aware, spybot everything. What happens is that in the background a Iexplorer.exe process keeps on running. I cannot stop it either. Ano ideas on how I can permanently get rid of it. What should I do in the registry? Please help. It takes up CPU capacity as my CPU is on 100% drive all the time and slows doen games like CS.

By Athlonmj (Athlonmj) on Monday, August 16, 2004 - 01:24 pm: Edit

Get HijackThis and post your log here.

By Xiggi (Xiggi) on Monday, August 16, 2004 - 01:32 pm: Edit

Darn!

I wrote a long post and it vanished before saving!

Anyhow, the shorter version is here. Download the CWSShredder. Use google to find a mirror site like Majorgeeks because CWS hacked the owner's site. Also find the HJT program but google HJT logs. There are several sites that allow people to post their logs and have volunteers help you correct the registry entries. With a bit of patience, you will locate quite a few.

By Mahras (Mahras) on Monday, August 16, 2004 - 09:14 pm: Edit

Here is my log file athlon. Thanks for helping Xiggi and Athlon. I appreciate it. :)

------------------------------
Logfile of HijackThis v1.98.2
Scan saved at 9:12:05 PM, on 8/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\zsxcwiac.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\documents and settings\owner.home-9kjyloa1r4\local settings\temp\ZDFzvAFQ.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\red{••••}\bin\iPodService.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\documents and settings\owner.home-9kjyloa1r4\local settings\temp\ZDFzvAFQ.exe
C:\DOCUME~1\MOHIM~1.HOM\LOCALS~1\Temp\II22.exe.exe
C:\Documents and Settings\Mohim.HOME-9KJYLOA1R4\Application Data\hdrt.exe
C:\WINDOWS\System32\shsob.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org1.1.1\program\soffice.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\XcnGf7S.exe
C:\WINDOWS\System32\SruM36.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\mplike.exe
C:\WINDOWS\System32\mrinv.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\mtxdm.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://static.vpptechnologies.com/playfulsearch/landing.html?s=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50093
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://static.vpptechnologies.com/playfulsearch/landing.html?s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {48AE6458-EC67-58B2-D353-15550BA07C39} - C:\WINDOWS\System32\gkmrhbbv.dll
O2 - BHO: (no name) - {4FA43558-E637-0DB7-8253-15550BA07B3F} - C:\WINDOWS\System32\jnx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\System32\winhot32.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [obbkzkizecd] C:\WINDOWS\System32\zsxcwiac.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ZDFzvAFQ] C:\documents and settings\owner.home-9kjyloa1r4\local settings\temp\ZDFzvAFQ.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [364SWQW58N6Z8L] C:\WINDOWS\SYSTEM32\BPAEG.EXE
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [ZDFzvAFQ.exe] C:\documents and settings\owner.home-9kjyloa1r4\local settings\temp\ZDFzvAFQ.exe
O4 - HKLM\..\Run: [Media Services] C:\DOCUME~1\MOHIM~1.HOM\LOCALS~1\Temp\II22.exe.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [t77i3tP] mplike.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe
O4 - HKCU\..\Run: [mtxdm] C:\WINDOWS\System32\mtxdm.exe
O4 - HKCU\..\Run: [cwosRjj3V] mrinv.exe
O4 - HKCU\..\Run: [Csor] C:\Documents and Settings\Mohim.HOME-9KJYLOA1R4\Application Data\hdrt.exe
O4 - HKCU\..\Run: [Dcxm] C:\WINDOWS\System32\shsob.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: OpenOffice.org 1.1.1.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Search.vbs
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=e92d611de8be57b7ce0f6e65a59b4aabd25fab1eca95e95258b5129dfa48e612c92bffd188f98fcbfa72f978f19fb906cb2e72:5e17f82db4671e0d17ebad4bf17236ad
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/223d867d8571f12f2f04/netzip/RdxIE601.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50019/QDow_AS2.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} (iiittt Class) - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

By Athlonmj (Athlonmj) on Tuesday, August 17, 2004 - 08:35 am: Edit

Holy ••••!! You have a crapload of spyware.

I'm pretty sure you have the Pepper trojan. First download the Pepper fix at http://downloads.subratam.org/PeperFix.exe
and run it.

Then have HijackThis fix these files:

C:\WINDOWS\System32\zsxcwiac.exe
C:\documents and settings\owner.home-9kjyloa1r4\local settings\temp\ZDFzvAFQ.exe
C:\WINDOWS\System32\shsob.exe
C:\WINDOWS\System32\XcnGf7S.exe
C:\WINDOWS\System32\SruM36.exe
C:\WINDOWS\System32\mplike.exe
C:\WINDOWS\System32\mrinv.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\WINDOWS\System32\mtxdm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://static.vpptechnologies.com/playfulsearch/landing.html?s=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50093
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://static.vpptechnologies.com/playfulsearch/landing.html?s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50093
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\CxtPls\CxtPls.dll
O2 - BHO: (no name) - {48AE6458-EC67-58B2-D353-15550BA07C39} - C:\WINDOWS\System32\gkmrhbbv.dll
O2 - BHO: (no name) - {4FA43558-E637-0DB7-8253-15550BA07B3F} - C:\WINDOWS\System32\jnx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: HotSearchBar.com Bar - {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} - C:\WINDOWS\System32\winhot32.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [obbkzkizecd] C:\WINDOWS\System32\zsxcwiac.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ZDFzvAFQ] C:\documents and settings\owner.home-9kjyloa1r4\local settings\temp\ZDFzvAFQ.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [364SWQW58N6Z8L] C:\WINDOWS\SYSTEM32\BPAEG.EXE
O4 - HKLM\..\Run: [ZDFzvAFQ.exe] C:\documents and settings\owner.home-9kjyloa1r4\local settings\temp\ZDFzvAFQ.exe
O4 - HKLM\..\Run: [t77i3tP] mplike.exe
O4 - HKCU\..\Run: [mtxdm] C:\WINDOWS\System32\mtxdm.exe
O4 - HKCU\..\Run: [cwosRjj3V] mrinv.exe
O4 - HKCU\..\Run: [Dcxm] C:\WINDOWS\System32\shsob.exe
O4 - Global Startup: Search.vbs

By Mellowmom (Mellowmom) on Tuesday, August 17, 2004 - 06:31 pm: Edit

I had that problem with all the spyware and tried different programs to block it or remove it but it only made it worse. so I removed all I could and then went to microsoft home page and registered with them and after I downloaded all the updates of Windows 2000 I have never had a problem again.(it's free) Just delete files in the "tools" bar after you use the internet and the computer seems to stay clean of all that trash.

By Mellowmom (Mellowmom) on Tuesday, August 17, 2004 - 06:36 pm: Edit

oh yeah, first delete all offline content in your temporary internet files folder (in "Tools")

By Smartblond (Smartblond) on Tuesday, August 17, 2004 - 10:12 pm: Edit

Well, I would update frequently and use multiple spyware thingies... but I have dial-up so it's really really really slow. Not to mention my computer is like... 6 years old.

By Mellowmom (Mellowmom) on Wednesday, August 18, 2004 - 11:10 am: Edit

smartblond- same with my computer- 6 years old with dial up. It takes a while to update windows but well worth it. Now my computer is way faster than it was with all that spyware on it. good luck

By Songman (Songman) on Wednesday, August 18, 2004 - 01:14 pm: Edit

I wrote Ad-Aware some nasty notes after they took my money but would not return it. Also you cannot call ANYWHERE in the USA to reach Ad-Aware. "Held up without a gun"!

Spyware solved the problem. Their FREE software! I had pop ups that were driving me crazy! So I would recommend Spyware. Although since my argument Ad-aware came out woth a new more friendlier software and communication program. Too late in my book they stink!

By Justperfect (Justperfect) on Wednesday, August 18, 2004 - 02:07 pm: Edit

i have kazaa a downloading p2p thing for songs and movies,but i am unable to find a good ad remover that wont disable the kazaa b/c its suported by ads and if you have ad remover it wont start, so am i just screwed?

By Xiggi (Xiggi) on Wednesday, August 18, 2004 - 02:52 pm: Edit

Spyware solved the problem. Their FREE software! I had pop ups that were driving me crazy! So I would recommend Spyware.

Songman, with all due respect, I'd like to point out that Spyware IS the problem.

FWIW, most people use the free version of Ad-Aware. The program has a cult-like following.

By Ndbisme5 (Ndbisme5) on Saturday, August 21, 2004 - 10:46 pm: Edit

At Wake all computers come already installed with the free version of Ad-Ware. It's very good, I got rid of 52 registry entrees, etc.

By Candi1657 (Candi1657) on Sunday, August 22, 2004 - 12:09 am: Edit

I can say that Ad-aware really helped me when my computer was suffering from acute ad-ware infection. I also had that crappy Kazaa, which I had to delete because it was contributing to the problem.

By Virginia2004 (Virginia2004) on Sunday, August 22, 2004 - 03:45 am: Edit

Sorry but ihad to ask this somewhere because for some reason i cant create a new conversation. everytime i get to the new message preview page and press post message i get a page that says internal server error, it happens everytime i dont know how to fix it.


Report an offensive message on this page    E-mail this page to a friend
Posting is currently disabled in this topic. Contact your discussion moderator for more information.

Administrator's Control Panel -- Board Moderators Only
Administer Page