Topic awaiting preservation: SpyBot S&D Not Working (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21905" title="Pages that link to Topic awaiting preservation: SpyBot S&amp;D Not Working (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: SpyBot S&D Not Working <span class="small">(Page 1 of 1)</span>\$

Chesta Nervous Wreck (II) Inmate From: Insane since: Dec 2002	posted 05-23-2004 05:48 So, we got the new computer I've been looking for...and already it's beginning to be junked up with spyware of some sort (pop-ups all over the place). I downloaded both Spybot and Adaware, but neither seem to be doing the job. SpyBot scans the computer, finds stuff it says is spyware, and supposedly deletes it, but when I scan again, often just moments later it finds the same things. Now this problem, I'm ashamed to admit is most likely my fault, as I went to some sketchy sites, and I'd hate to mess up this computer this soon. Anyone had this problem? What can I do to clean the computer up even though it doesn't seem to want to. Thanks a lot. -Chesta
Skaarjj Maniac (V) Mad Scientist From: :morF Insane since: May 2000	posted 05-23-2004 05:56 Look for a program called 'hijack this'...that should help too Justice 4 Pat Richard
Sanzen Paranoid (IV) Inmate From: Raleigh, NC Insane since: Jan 2003	posted 05-23-2004 06:27 Spybot hasn't worked for a while. Lavasoft does everything I need it to do, and everything that Spybot did in a more thorough manner. Lavasoft updates Ad-aware VERY frequently. So check into if you haven't. My Artwork - BMEzine.com
tj333 Paranoid (IV) Inmate From: Manitoba, Canada Insane since: Oct 2001	posted 05-25-2004 22:06 Spybot, Adaware, and CWS shredder will get near any spyware that can be automaticaly removed. Faliing those do a search on google for the pages that it sends you to with the word remove. This had helped me find answers to some of my more persistent pieces of spyware. __________________________ "Show me a sane person and I will cure him for you."-Carl Jung Eagles may fly high, but beavers don't get sucked into jet engines. tj333- the semi-Christ
synax Maniac (V) Inmate From: Cell 666 Insane since: Mar 2002	posted 05-26-2004 15:43 Some spyware programs disguise themselves as certifiable applications (such as Internet Explorer) which can confuse some adware removal programs. Another problem might be that the spyware is currently an active process, in which case you'd need to run a scan next time you start your computer before it's executed. I also recommend getting HijackThis! but please use it with caution. If you don't know what you're doing, then you could seriously mess up your computer. Always make backups if you run HijackThis! A good practice is once your computer is clean, run HijackThis! and exclude everything you know is not spyware. That way when you run it again in the future, you have less of a chance of screwing with something that is valid. If after all this you still have spyware problems, post your log from HijackThis! and I'll take a look. "Nothin' like a pro-stabbin' from a pro." -Weadah (Edited by synax on 05-26-2004 15:43)
Sanzen Paranoid (IV) Inmate From: Raleigh, NC Insane since: Jan 2003	posted 05-28-2004 06:22 I got the newest version of Spybot S&D, after my old version stopped updating. This seems to be doing fine and it is updating (including the reference file). So if you're hellbent on running Spybot S&D it is downloadable from their website. My Artwork - BMEzine.com
Chesta Nervous Wreck (II) Inmate From: Insane since: Dec 2002	posted 05-29-2004 16:36 Heh, Sanzen, I'm not really hellbent on any particular program, just hoping to find one that will work :-). I have 1.3 at the moment, can't tell if that's the latest... Anyway, here's what's happened since my original post. Ad-aware turns up numerous tracking cookies and two things it calls "Roings". After taking care of those a re-scan (right away turns up nothing), but they'll be back within a day. SpyBot S&D turns up numerous things most commonly Advertising.com, Avenue A. Inc, BFast, Double Click, DSO Exploit, and DyFuCA.InternetOptimizer. The first four are tracking cookies from Firebird. This seems weird because the pop-ups load into IE (the default browser), and I'm the only one who uses Firebird. A manual clearing of cookies doesn't seem to help these. DyFuCA and eZula are user settings. These settings apparently cannot be fixed without a restart, but if I try that, when it scans at restart it doesn't even detect either of them, just the "DSO Exploit" which it supposedly fixed before. Guess that didn't work. I tried a program called bazooka based on a reccomendation from someone I was talking to. It turned up WebHancer and WeatherBug, but it's directions for uninstall didn't seem to apply to my computer (I couldn't figure them out). So at this point, I'd be extremely happy if someone would look over my HijackThis log to see if anything jumps out at you. I actually posted at their forums, but they appear to be bogged down in people seeking help like myself, and I didn't want to pry considering the short supply of help. quote: Logfile of HijackThis v1.97.7 Scan saved at 10:34:56 AM, on 5/29/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\WINDOWS\alwqrkp.exe C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Digital Line Detect\DLG.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Dana\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aroundmaine.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {5CA8FE39-02BC-4F1F-8BB0-FAF8653E19B1} - C:\WINDOWS\zpyaqwoe.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [aqcatv] C:\WINDOWS\alwqrkp.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Digital Line Detect.lnk = ? O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab There are a few in there that I'm pretty sure I should get rid of, but I'm just a little wary of doing it myself considering I wouldn't really know what I'm doing. Once again, I have sporadic pop-ups (loading in IE, the default browser), and don't know what to do with them. Thanks so much anybody that can help. -Chesta
synax Maniac (V) Inmate From: Cell 666 Insane since: Mar 2002	posted 05-30-2004 04:12 Before I dig into this, check your hosts file, located at: Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC Win 98\ME = C:\WINDOWS If there's anything in it other than the local host (127.0.0.1), delete those entries. "Nothin' like a pro-stabbin' from a pro." -Weadah
synax Maniac (V) Inmate From: Cell 666 Insane since: Mar 2002	posted 05-30-2004 04:22 Now, you log file: C:\WINDOWS\alwqrkp.exe <-- I don't know what this is and I couldn't find any information on it. Could be something unwanted, or it could be necessary. I'd try removing it (make sure you backup!!!) and see if anything changes, good or bad. R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) Check out the info in these, and unless you know they're needed, remove them. O2 - BHO: (no name) - {5CA8FE39-02BC-4F1F-8BB0-FAF8653E19B1} - C:\WINDOWS\zpyaqwoe.dll <-- Again, I don't know what this is and can't find any information on it. Try the remove/backup thing again. O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab <-- This is more Roings stuff. O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab <-- Spiggity spyware! Let me know how the adventure turns out. "Nothin' like a pro-stabbin' from a pro." -Weadah (Edited by synax on 05-30-2004 04:23)

Topic awaiting preservation: SpyBot S&D Not Working (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=21905" title="Pages that link to Topic awaiting preservation: SpyBot S&amp;D Not Working (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: SpyBot S&D Not Working <span class="small">(Page 1 of 1)</span>\$

Chesta
Nervous Wreck (II) Inmate

From:
Insane since: Dec 2002

posted 05-23-2004 05:48

So, we got the new computer I've been looking for...and already it's beginning to be junked up with spyware of some sort (pop-ups all over the place). I downloaded both Spybot and Adaware, but neither seem to be doing the job. SpyBot scans the computer, finds stuff it says is spyware, and supposedly deletes it, but when I scan again, often just moments later it finds the same things.

Now this problem, I'm ashamed to admit is most likely my fault, as I went to some sketchy sites, and I'd hate to mess up this computer this soon. Anyone had this problem? What can I do to clean the computer up even though it doesn't seem to want to.

Thanks a lot.

-Chesta

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted 05-23-2004 05:56

Look for a program called 'hijack this'...that should help too

Justice 4 Pat Richard

Sanzen
Paranoid (IV) Inmate

From: Raleigh, NC
Insane since: Jan 2003

posted 05-23-2004 06:27

Spybot hasn't worked for a while. Lavasoft does everything I need it to do, and everything that Spybot did in a more thorough manner. Lavasoft updates Ad-aware VERY frequently. So check into if you haven't.

My Artwork - BMEzine.com

tj333
Paranoid (IV) Inmate

From: Manitoba, Canada
Insane since: Oct 2001

posted 05-25-2004 22:06

Spybot, Adaware, and CWS shredder will get near any spyware that can be automaticaly removed.

Faliing those do a search on google for the pages that it sends you to with the word remove. This had helped me find answers to some of my more persistent pieces of spyware.

__________________________
"Show me a sane person and I will cure him for you."-Carl Jung
Eagles may fly high, but beavers don't get sucked into jet engines.
tj333- the semi-Christ

synax
Maniac (V) Inmate

From: Cell 666
Insane since: Mar 2002

posted 05-26-2004 15:43

Some spyware programs disguise themselves as certifiable applications (such as Internet Explorer) which can confuse some adware removal programs. Another problem might be that the spyware is currently an active process, in which case you'd need to run a scan next time you start your computer before it's executed.

I also recommend getting HijackThis! but please use it with caution. If you don't know what you're doing, then you could seriously mess up your computer. Always make backups if you run HijackThis!

A good practice is once your computer is clean, run HijackThis! and exclude everything you know is not spyware. That way when you run it again in the future, you have less of a chance of screwing with something that is valid.

If after all this you still have spyware problems, post your log from HijackThis! and I'll take a look.

"Nothin' like a pro-stabbin' from a pro." -Weadah

(Edited by synax on 05-26-2004 15:43)

Sanzen
Paranoid (IV) Inmate

From: Raleigh, NC
Insane since: Jan 2003

posted 05-28-2004 06:22

I got the newest version of Spybot S&D, after my old version stopped updating. This seems to be doing fine and it is updating (including the reference file). So if you're hellbent on running Spybot S&D it is downloadable from their website.

My Artwork - BMEzine.com

Chesta
Nervous Wreck (II) Inmate

From:
Insane since: Dec 2002

posted 05-29-2004 16:36

Heh, Sanzen, I'm not really hellbent on any particular program, just hoping to find one that will work :-). I have 1.3 at the moment, can't tell if that's the latest...

Anyway, here's what's happened since my original post. Ad-aware turns up numerous tracking cookies and two things it calls "Roings". After taking care of those a re-scan (right away turns up nothing), but they'll be back within a day.

SpyBot S&D turns up numerous things most commonly Advertising.com, Avenue A. Inc, BFast, Double Click, DSO Exploit, and DyFuCA.InternetOptimizer. The first four are tracking cookies from Firebird. This seems weird because the pop-ups load into IE (the default browser), and I'm the only one who uses Firebird. A manual clearing of cookies doesn't seem to help these. DyFuCA and eZula are user settings. These settings apparently cannot be fixed without a restart, but if I try that, when it scans at restart it doesn't even detect either of them, just the "DSO Exploit" which it supposedly fixed before.

Guess that didn't work.

I tried a program called bazooka based on a reccomendation from someone I was talking to. It turned up WebHancer and WeatherBug, but it's directions for uninstall didn't seem to apply to my computer (I couldn't figure them out).

So at this point, I'd be extremely happy if someone would look over my HijackThis log to see if anything jumps out at you. I actually posted at their forums, but they appear to be bogged down in people seeking help like myself, and I didn't want to pry considering the short supply of help.

quote:
Logfile of HijackThis v1.97.7
Scan saved at 10:34:56 AM, on 5/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\alwqrkp.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dana\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aroundmaine.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5CA8FE39-02BC-4F1F-8BB0-FAF8653E19B1} - C:\WINDOWS\zpyaqwoe.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [aqcatv] C:\WINDOWS\alwqrkp.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

There are a few in there that I'm pretty sure I should get rid of, but I'm just a little wary of doing it myself considering I wouldn't really know what I'm doing. Once again, I have sporadic pop-ups (loading in IE, the default browser), and don't know what to do with them.

Thanks so much anybody that can help.

-Chesta

synax
Maniac (V) Inmate

From: Cell 666
Insane since: Mar 2002

posted 05-30-2004 04:12

Before I dig into this, check your hosts file, located at:
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

If there's anything in it other than the local host (127.0.0.1), delete those entries.

"Nothin' like a pro-stabbin' from a pro." -Weadah

synax
Maniac (V) Inmate

From: Cell 666
Insane since: Mar 2002

posted 05-30-2004 04:22

Now, you log file:

C:\WINDOWS\alwqrkp.exe <-- I don't know what this is and I couldn't find any information on it. Could be something unwanted, or it could be necessary. I'd try removing it (make sure you backup!!!) and see if anything changes, good or bad.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Check out the info in these, and unless you know they're needed, remove them.

O2 - BHO: (no name) - {5CA8FE39-02BC-4F1F-8BB0-FAF8653E19B1} - C:\WINDOWS\zpyaqwoe.dll <-- Again, I don't know what this is and can't find any information on it. Try the remove/backup thing again.

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab <-- This is more Roings stuff.

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab <-- Spiggity spyware!

Let me know how the adventure turns out.

"Nothin' like a pro-stabbin' from a pro." -Weadah

(Edited by synax on 05-30-2004 04:23)