|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Torrent101(Click here to view the original thread with full colors/images)Posted by: Tkey Sorry for double posting butit won lt e edit :P [u]Here is hijackk this log[/u] Logfile of HijackThis v1.99.1 Scan saved at 12:35:03, on 24/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\progra~1\intern~1\iexplore.exe C:\Program Files\Belkin\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\TechSmith\Camtasia Studio 4\TSCHelp.exe C:\Program Files\CoreFTP\coreftp.exe C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe C:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54729[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=55245&clcid=[/url]{SUB_CLCID} R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[/url] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing) O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: (no name) - {AE40EBA0-2D49-48C9-BA8D-E9F046240F5F}} - (no file) O2 - BHO: (no name) - {AE40EBA0-2D49-48C9-BA8D-E9F046240F5F} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.3\MOUSE32A.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Audiodev] C:\WINDOWS\SVCHOST.EXE audiodev O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [win32dll] C:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles O4 - HKLM\..\Run: [Vga Open Dart Start] C:\Documents and Settings\All Users\Application Data\UpFilmVgaOpen\blaheggs.exe O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [scvhost] C:\Program Files\OverSpy\OverSpy.exe O4 - HKCU\..\Run: [Audiodev] C:\WINDOWS\SVCHOST.EXE audiodev O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe O4 - HKCU\..\Run: [poll dart] C:\DOCUME~1\will\APPLIC~1\ACEBAG~1\64 PLUS.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\will\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - [url]http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab[/url] O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[/url] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url] O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url] O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - [url]http://www.helloworld.com/root.controls/ImageUploader4.cab[/url] O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - [url]http://ravenas.razorstream.com/eve-service/objects/RSControl40.cab[/url] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url] O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - [url]http://www.sibelius.com/download/software/win/ActiveXPlugin.cab[/url] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab[/url] O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [url]https://secure.logmein.com/activex/RACtrl.cab[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Posted by: Snake-Eyes Seems to me like a BHO. Also, if you ever need to delete something that won't get deleted, you can try booting into safe mode and deleting it there. Posted by: Enterpriser I am surprised, from what i saw in the screen shot; it is not asking for financial information. This must have been released from Red Cross, those dang volunteers! and there premptive strikes. Posted by: Warez Monster go thru my guide Posted by: Tkey Thanks for your help so far , a while back i did have a folder pop up in prg files called BHO so it may have been secretly gatharing info and now its launched all these ads .i just booted into safe and deleted it (as normally it was calling up the in use box) warez iv tried all the programs and swizzor came up as a regkey??? looked supicios but got rid of it , its still hapening , I thought it may have only ifected IE but it turns out te firefx is saying all its ports are wrong??? EDIT: This has just popped up [url]http://www.partypoker.com/marketing/index_fullscreen.htm?wm=2790423[/url] , i think that ending is a referal id is it not?? (i will post url of other popups when it happens) EDIT:Another url fr you to look at [url]http://www.misco.co.uk/promos/consumer/homepage.aspx?affiliate=2201&zanpid=3938087C1386394312[/url] and also here is the log info for a suspicious bho i found Attribute Value Blocked Load Attempts 0 Clsid {5CA3D70E-1895-11CF-8E15-00123REMOVED} Company Name Sonic Solutions Created Date Thursday, January 19, 2006 22:57:54 Desc * Investigating * DLL Path C:\WINDOWS\system32\dla\tfswshx.dll Enabled? Yes EnabledCount 65 File Description Drive Letter Access Component Last Load Time 25/12/2006 11:47:43 Legal Copyright Copyright © 2004 Sonic Solutions Load Attempts 6,519 MD5 Checksum 37943b990d318145d1efcbeef8fREMOVED Modified Date Monday, December 06, 2004 01:05:00 ReportsCount 125 Size (bytes) 118,842 Status Investigating EDIT: Turns out that it isnt dangerous its something to do with sonic from what ican gather [url]http://www.neuber.com/taskmanager/process/tfswshx.dll.html[/url] Posted by: bewley I've just got exactly the same problem today. Torrent101 was downloaded onto my laptop. I've uninstalled it, which went quite happily, but now when I use internet explorer it keeps popping up with adverts in new windows, every couple of minutes. I've got the pop-up blocker on the highest settng to prevent all pop-ups - but it still happens, so the bug is obviously able to get past the normal security routes. The adverts are for regular well-known companies, nothing appears suspicious about them. It's really upsetting me. I'm normally good at keeping my computer clean of this rubbish, but this has got me stumped. Sadly, this forum is the only place on the web I've found any reference to the Torrent101 problem, so I don't know what I can do now. Posted by: bewley And if any techies are interested in other symptoms, the new "tab browser" feature on Internet Explorer & has been partially disabled - if I rightclick on a link and select "open in new tab" it just opens a new window instead. This used to work fine so I presume it's related to the same problem. Posted by: Tkey I think i have cured it (fingers crossed) , run this [url]http://www.trendmicro.com/spyware-scan/[/url] i just ran it less than 5mins ago and it cleared about 400 adware folers , reg keys , cookies etc , its one of the biggest adware thigs i have ever seen , however i think its gone now ;) thanks to everyone who has helped over these past few very stressfull days ;) (oh and to anyone who is going to download torrent 101: one thing , DONT BOTHER!) Posted by: Warez Monster sounds good.. Posted by: Tkey Thats why his post count is 16,392 ;) Posted by: bewley Sorry, Tkey, I ran your suggested Trend Mico spyware link three times (just to be sure), but the pop-up adverts are still coming. I've also run AVG spyware and virus checks several times each, but the problems remain. Anyone else got any suggestions? Posted by: Tkey humm there is only one other thing i ran and that was my im-names removal program as i added another regstry key to it , i doubt it will work but thats the only other thing that altered anything on my system its worth a go though [url]www.clevertutorial.com/DEL-IM-NAMES.bat[/url] (IE ONLY :P) (oviously you will get errors but it may delete 2search of its on your system ;) ) Posted by: vernong1992 400 adware entries? I got 4,095 adwares, 209 hijackers 406 keyloggers, and 4 browser helper objects when i got tAgaSaurus last September whule attempting to get VBA Emulators!! argh Posted by: Tkey and that is helping this thread in what way?... Posted by: fuzzybunny Looks like fixing this problem is simple - found this in the Torrent101 FAQ Section - all you have to do is uninstall the sponsor program i.e. CidHelp: How can I uninstall Torrent101 Torrent101 can be uninstalled like any other software on your computer. In Windows XP, click on "Start\Control Panel" and select "Add/Remove Programs". In the list that will be displayed, select "Torrent101", click on "Remove" and follow the instructions. Torrent101 will be uninstalled quickly from your system. How can I uninstall the sponsor program? To uninstall the sponsor, simply go in the "Add/Remove Programs" window, select "CidHelp" and follow the instructions. If the sponsor was installed but damaged by a third party program, the uninstaller will inform you of the problem. In that case, the easiest procedure is generally to disable your anti-adware/spyware, reinstall Torrent101 with its sponsor and launch the uninstaller again, this will ensure that nothing interferes with the proper uninstallation of the program. When launched, the sponsor's uninstaller will simply ask you to confirm the number displayed on screen and will then proceed with the uninstallation. You can then re-enable your anti-adware/spyware product and contact them about the problem you experienced because of their improper removal of Cidhelp files. Posted by: Tkey lol , techies dont seam to use add/remove programs , we like to to it the hard way , however seams i have been beten this time :P Posted by: Tkey in other words cidhelp hasnt been much help:P Posted by: bewley Here is the info from HijackFirst. Didn't run Rootkit Revealer as not sure how to work it. Logfile of HijackThis v1.99.1 Scan saved at 01:49:25, on 03/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\BT Yahoo! Internet\ModemLock.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\BT Yahoo! Internet\Watchdog.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe c:\progra~1\intern~1\iexplore.exe C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\EXPLORER.EXE C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Tim\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Readme draw] C:\DOCUME~1\Tim\APPLIC~1\DRVSUR~1\Gram vga.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [url]https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab[/url] O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139245816920[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - [url]http://secure2.comned.com/signuptemplates/securelogin-devel.cab[/url] O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [url]http://www.trendmicro.com/spyware-scan/as4web.cab[/url] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab[/url] O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - [url]https://register.btinternet.com/templates/btwebcontrol024.cab[/url] O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - [url]http://207.226.177.98/dba1402.exe[/url] O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe Posted by: bewley And now I'm worried. Have just tried to reset my homepage on Internet Explorer, and it won't even let me open 'Internet Options'. Got an error message stating there is a restriction on my computer and to contact my system administrator. I've followed the Warez Monsters guide to the letter. I was not expecting my computer to lock up on basic tasks as a result. Anyone know what's happened here? Posted by: Jam3s-Zer0 @bewley Close IE if you have it running and fix these HijackThis entries: O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present 016 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - [url]http://207.226.177.98/dba1402.exe[/url] This should fix your restrictions, after this please rescan with HijackThis and post your new log. Posted by: baronvongogo lol I like the fact you call your spyware folder after warez monster :p C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe Posted by: Tkey Has he removed cidhelp yet? Posted by: baronvongogo yes he said he uninstalled it, and his hijackthis log is clean except for what Jam3s-Zer0 posted so all is well in the world of virus checking. Posted by: GangstaGRILLZ i had to sign up to say thanks for this thread. i had the same issue but got everything sorted out thanks to you guys. i'll just stick with utorrent Posted by: baronvongogo [QUOTE][i]Originally posted by GangstaGRILLZ [/i] [B]i had to sign up to say thanks for this thread. i had the same issue but got everything sorted out thanks to you guys. i'll just stick with utorrent [/B][/QUOTE] good choice :) and come back anytime if your in need of information, help or even to discuss topics everyone is welcome. Posted by: GangstaGRILLZ i definitely think i'll stick around! :D Posted by: Tkey Oh and for anyone that wants to download torrent101 the simple answer is "Don't" ;) Posted by: Jam3s-Zer0 Glad to see everything is ok. Hope it is the same with bewley. We are always here if needed. uTorrent is a good choice, arguable the best client around. Posted by: bewley Hi folks, afraid I'm still suffering from the evil Torrent101 pop-ups. Just been away for a couple of days - nice to be missed though! Jam3s-Zer0, I'd thank you for your suggestion, but I have to confess I don't know what you mean when you say to "fix the HijackThis entries". Fix how? Posted by: baronvongogo when you run hijackthis just using scan they have check boxes next to the entries you select the ones he mentioned and click fix. Posted by: Tkey "fix" basicaly "deletes" those entries that are there ;) Posted by: Jam3s-Zer0 [QUOTE][i]Originally posted by Tkey [/i] [B]"fix" basicaly "deletes" those entries that are there ;) [/B][/QUOTE] Baronvongogo just gave a full explaination of how to fix the entries and then you go post that :mad: :freak: BTW fixing an entry can do alot more than just delete it. @bewley, How is everything going mate? Have you been able to fix these entries? Posted by: bewley Jam3s-Zer0, I've fixed the three. That Spybot Search & Destroy program was worried about changing the line O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) but I ignored that and did it anyway! Have been able to reset my homepage again now, so thanks for that. As to ongoing problems: 1. Have still been getting the pop-ups, although none so far today. 2. Am definitely still suffering the other problem I outined earlier, about no longer being able to use the new Tab feature on Internet Explorer 7 - it will still open new tabs from the File menu, but not if I rightclick on a weblink, when it insists on opening a new window instead. It didn't do this before the Torrent101 download, so I assume it's related. 3. Also, the Alps Touchpad on my laptop is acting up, and I wonder if that's also related as it went about the same time, so mention it for that reason. The sliders to skip up and down/left to right no longer work at all. The general use of the touchpad is fine. I wondered if there was just e.g. an on/off setting which had been somehow adjusted, but remarkably that option does not seem to exist. So it's a mystery - I hope it's related! Anyway, here is the new scan log you requested. Logfile of HijackThis v1.99.1 Scan saved at 21:34:53, on 07/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\BT Yahoo! Internet\ModemLock.exe C:\WINDOWS\system32\RegSrvc.exe C:\Program Files\BT Yahoo! Internet\Watchdog.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [Readme draw] C:\DOCUME~1\Tim\APPLIC~1\DRVSUR~1\Gram vga.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [url]https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab[/url] O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139245816920[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - [url]http://secure2.comned.com/signuptemplates/securelogin-devel.cab[/url] O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [url]http://www.trendmicro.com/spyware-scan/as4web.cab[/url] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab[/url] O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - [url]https://register.btinternet.com/templates/btwebcontrol024.cab[/url] O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - [url]http://207.226.177.98/dba1402.exe[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{24386D77-2348-45CE-A544-879FC7D94024}: NameServer = 194.168.4.100 194.168.8.100 O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe Cheers, Bewley Posted by: Jam3s-Zer0 [QUOTE][i]Originally posted by bewley [/i] [B]Jam3s-Zer0, I've fixed the three. That Spybot Search & Destroy program was worried about changing the line O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) but I ignored that and did it anyway! Have been able to reset my homepage again now, so thanks for that. As to ongoing problems: 1. Have still been getting the pop-ups, although none so far today. 2. Am definitely still suffering the other problem I outined earlier, about no longer being able to use the new Tab feature on Internet Explorer 7 - it will still open new tabs from the File menu, but not if I rightclick on a weblink, when it insists on opening a new window instead. It didn't do this before the Torrent101 download, so I assume it's related. 3. Also, the Alps Touchpad on my laptop is acting up, and I wonder if that's also related as it went about the same time, so mention it for that reason. The sliders to skip up and down/left to right no longer work at all. The general use of the touchpad is fine. I wondered if there was just e.g. an on/off setting which had been somehow adjusted, but remarkably that option does not seem to exist. So it's a mystery - I hope it's related! Cheers, Bewley [/B][/QUOTE] Well atleast one problem down now :D So these are your 3 remaining problems: 1. Popups. 2. Can't open new Tabs on IE7. 3. Laptop touchpad buttons are not working. Checking through your log now and will have instructions soon. Just got to finish some coursework for my first day back tomorrow. Posted by: Jam3s-Zer0 Please close IE if running and fix the following entries in HijackThis: O4 - HKCU\..\Run: [Readme draw] C:\DOCUME~1\Tim\APPLIC~1\DRVSUR~1\Gram vga.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 016 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - [url]http://secure2.comned.com/signuptem...login-devel.cab[/url] O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - [url]http://207.226.177.98/dba1402.exe[/url] After doing that, enable hidden files and folder (if you do not know how just ask) and go to: 1. My computer 2. C:\ 3. Documents and Settings 4. Tim 5. Application Data 6. Look for a folder called 'DRVSUR~1' and delete it. If you cannot delete it or it doesn't exist please post so. Finally rescan with HijackThis and repost a log and say if problems are still persisting. Posted by: bewley @Jam3s-Zer0, hope you had a good day back. Have done what you said. Found a folder called 'DRV SURF' which I figured was the one you meant. It contained two files, one called "Gram VGA" which I recognised from the list of HijackThis entries to fix. The other was called "Fork Ford Anti". Also found more Torrent101 folders on my travels, which were swiftly dispatched. RESULTS are encouraging: 2. Well, the tab feature is definitely back, so that problem is all over. :-) 1. No pop-ups yet - time will tell on that one but I'm keeping my fingers crossed! I'm hoping result 2 is a good sign... 3. Sadly the touchpad is still pretending not to have a horizontal/vertical wheel feature, while telling me it's working fine. I remain confused by that one. Anyone with ideas is most welcome to share them with me! Here is the latest log, as requested. Logfile of HijackThis v1.99.1 Scan saved at 20:52:15, on 08/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\1XConfig.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\BT Yahoo! Internet\ModemLock.exe C:\WINDOWS\system32\RegSrvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BT Yahoo! Internet\Watchdog.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://login.live.com/login.srf?id=2&vv=450&lc=2057[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [url]https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab[/url] O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url]http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139245816920[/url] O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [url]http://www.trendmicro.com/spyware-scan/as4web.cab[/url] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [url]http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab[/url] O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - [url]https://register.btinternet.com/templates/btwebcontrol024.cab[/url] O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe Cheers, all. Bewley Posted by: Jam3s-Zer0 Thanks, I had a great day back :) Nice and easy. Glad to see the tabs are back and hopefully the popups are gone. I do not think the problem with the touchpad is virus related as your Hijackthis log appears to be clean now. If you have drivers for the touchpad all I can suggest is try reinstalling them. Hope everything is ok, anymore problems and just post back and someone will be here to help :) Posted by: bewley Hallelujah! Have reinstalled my touchpad and it's back to normal. Internet Explorer tabs are running about like happy little bunnies, and my digital world has remained free of unwanted advert pop-ups. The nightmare has ended! Huge thanks to all you folks who've helped on this thread. And to echo TKey a couple of pages back, for those who've not been paying attention - nobody in their right mind should go anywhere near Torrent101. Laters, y'all. Posted by: Jam3s-Zer0 Glad to see its all cleared up, hope to see you back here on the forums soon but hopefully not with any problems. Posted by: solver I am using the torrent101 last version and is really good i try to download the same file in diferent torrent at the same time and i get my file 5 minutes before in the torrent101. The only problem in all torrents is the file we download. Good Luck . I like torrent101 Posted by: taffytafftaf Hey, sorry I wanted to let you know of my experiences today. I kept getting pop-ups yesterday and today but couldn't stop them using Mcafee or any other anti-spyware. I had 8months left on my Mcafee but my Antispyware had expired on 01/01/2007 so I had to go into town to buy new anti spyware. Sadly you can only get it combined now so had to purchase whole new Mcafee so this Torrent101 has cost me a few quid. Mcafee didn't fix it and I could not find any program that could. In the end, after all day trying I went to the torrent101 and tried to reinstall it to check the small print and there in the End User Licence was a tool to check for the program and uninstall it. So Torrent101 you owe me a day of heart ache and 30 quid for mcafee that I needn't have purchased. Cheers. I hope this helps others in simmilar bad moods. Never install Torrent 101 Posted by: talldude123 Why didn't you just install Spybot? It is the best spyware removal software out there, and it's 100% free. You can donate to it, but it's not [b]required[/b]. Same for antivirus, there are good free ones out there, I happen to use NOD32 that costs money, but there are good freebies out here that don't need to be activated every year! Posted by: taffytafftaf Spybot couldn't get rid of it. Adware SE couldn't neither could Mcafee. Posted by: Tkey Read the thread tall dude ! , we found the program causing the problem - for future readers go back to page 2 and read the advertising program thats causing the problem simply uninstall it and kazamm! , (oh and please dont buy anything!! , sorry to hear that mate ;)) Posted by: willydee i joined this just to share this info as none of the posts i read had a answer that worked well.... goto add/remove programs look down your list till you see CidHelp now click uninstall and then it will ask u to enter the code which will appear on your screen do this now your computer is free of this clever but annoying adware remember and remove torrent101 which is listed there also now go download bearshare lite torrents suck vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |