Get Paid Forum - Get Paid Discussion > HELPPPPPPPPPPPPPPPPPP!!!!!!!!

ruhappytoseeme

Feb 13 2005, 02:06 PM

Ok I have the elite toolbar (never got this on my cvomputer before, the kids have and I could get rid of it on theirs but I cant on mine GRRRR) I ahve used the elite toolbar remover (in safe mode) 25 times since last night GRRRRRRRR also I have some kind of weird search thing that makes certain words on thsi forum turn into LINKS

the search thing is called search miracle and it is turning all kinds of words into links

the words that were links last night arent now, its new ones. I have spyware guard, (updated) I ahve adaware(updated) I have search and deestroy (up dated) I ahve spywareblaster (updated) I have nortons pro updated, I have system suit (updated) I ahve started my computer in safe mode and ran all of the above, I have used remove programs and they keep comming back , I have a pop up killer (plus the windows xp one) and it keeps disabling them , I am ready to cry

I have been working on this for 2 days, my emails have pilled up and half are probably no good now

HELPPPPP I am begging you PLEASEEEEEEEE (LOL sorry lost it for a minute!!!!) oh plus on top of this keep getting a message I have a trojan doppler???? but tis been deleted, yet I run my anti virus protecter and theres nothing there grrrrrrrr, I miss pccilian, never got anything with that sighsss, any ideas before I throw the puter out the window then go out and stomp on it to death???????????????

2kids2pets

Feb 13 2005, 02:14 PM

Are you running your spyware and anti virus programs in safe mode? These things run invisibily in the background and running in normal mode won't do much. Try http://housecall.trendmicro.com/ free online scan/cleaner in safe mode.

Clean all your temp files online and offline and your cookies first. When you run the online scan, make sure your not running your firewall or other spyware virus guards.

Download editted cleaner (remove the *'s cause that's really it's name) from Major Geeks and run the issues scan.

That works for me and I've had some doozies find their way into my system.

ruhappytoseeme

Feb 13 2005, 02:18 PM

I cant get online in safe mode ( are you supposed to be able to?) I did all the other things in safe mode, took me hours after hours too lol. I will try running the online version, will delete cookies and temp (again, did that 3 times since yesterday ) see what happens, I think its all because of the elite bar wich I ran the cleaner for that (wich I got from major geeks lol, I love that place) Will come back after I try more stuff

thanks

roadrunner

Feb 13 2005, 02:18 PM

If that doesn't work, try posting in technical paradise - you may can get some additional help there.

Starlite

Feb 13 2005, 02:55 PM

I am no expert but download Hijack this Spyware info from here.

Make sure you put hjthis in it's own folder.. not just in C: Run the program and post the results here and see if some of us can get rid of the garbage you have. There will be a list of things after hjthis runs so don't worry.

Also have you run CWShredder? Dunno if that toolbar is a cs varient or not

catnip

Feb 13 2005, 05:39 PM

Try this one it's free to download and use anitvir

http://www.free-av.com/

I use this one and remove alot virus and trojan than AVG did.

firebyrd10

Feb 13 2005, 05:42 PM

Safe mode -> run ad-aware/spyblaster -> Hijack This! -> antivirus scan by two differnt vendors. (mabye you main one and housecall.)

strolly

Feb 13 2005, 06:04 PM

QUOTE(ruhappytoseeme @ Feb 13 2005, 08:18 PM)

I cant get online in safe mode ( are you supposed to be able to?) I did all the other things in safe mode, took me hours after hours too lol. I will try running the online version, will delete cookies and temp (again, did that 3 times since yesterday ) see what happens, I think its all because of the elite bar wich I ran the cleaner for that (wich I got from major geeks lol, I love that place) Will come back after I try more stuff

thanks

[right][snapback]3231213[/snapback][/right]

Hope you get it sorted you might like to try panda online virus scan that has found stuff for me others hasnt. Another thing I have just installed is the microsoft antispyware (beta) I have found that to be excellent and its free.

ruhappytoseeme

Feb 13 2005, 06:23 PM

thanks all, I have been trying things for the second day straight, used 5 different online anti viruses plus the 2 I have on this computer, I have been in safe mode for most of today, nothing is helping

my emails so full, and a lot are now no good, sighs I will try more tomorrow, the family is sick of me sitting here for 2 days getting nothing done with the computer. Hugsss guys, I miss yas

catnip

Feb 13 2005, 06:35 PM

when you are on safe mode and can not online at all.

(((((ruhappytoseeme)))))

ruhappytoseeme

Feb 13 2005, 06:35 PM

k d/l hykackthis and cw shredder,

heres the list from hyjacker

Logfile of HijackThis v1.99.0
Scan saved at 7:35:07 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\winupdt.exe
C:\WINDOWS\system32\Pwpnxt.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\winbcgk32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MidTen Media\KERClink\KERclink.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\VPC32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h+tp://us.f545.mail.yahoo.com/ym/login?.rand=5mvnfdq
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = ht+p://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = ht+p://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;<local>
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vsmzja.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Pwpnxt.exe
O4 - HKLM\..\Run: [vcmpin] C:\WINDOWS\system32\Cache\adl_mteststub.exe
O4 - HKLM\..\Run: [qwtxcc] C:\WINDOWS\system32\qwtxcc.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteiun32.exe
O4 - HKLM\..\RunServices: [MSys32] "C:\Program Files\Tetris 2000\morfitwebentrance.exe"
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: KERclink.lnk = C:\Program Files\MidTen Media\KERClink\KERclink.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ht+p://bar.mywebsearch.com/menusearch.html?p=ZH
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Fill Without Asking &9 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillWithoutAsking.html
O8 - Extra context menu item: Identities &, - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: Rf Options &O - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Fill NoAsk - {320AF880-6646-11D3-ABEE-C5DBF3571F57} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillWithoutAsking.html
O9 - Extra 'Tools' menuitem: Fill Without Asking &9 - {320AF880-6646-11D3-ABEE-C5DBF3571F57} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillWithoutAsking.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities &, - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards &. - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Summersun-Online - {E958B910-6F9B-401d-B00E-AA42C4869B92} - C:\Program Files\Internet Explorer\PLUGINS\toolbar1983232.dll
O9 - Extra 'Tools' menuitem: Summersun-Online - {E958B910-6F9B-401d-B00E-AA42C4869B92} - C:\Program Files\Internet Explorer\PLUGINS\toolbar1983232.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7936F65B-5993-4CB3-96E2-E2DB0B781E10} - ht+++tp://download.kerclink.com:8080/KERclinkInstall.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - ht+p://w++++ww.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - ht+p://ecardslovingyou.com/ecampl.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - ht+p://www.alwaysupdatednews.com/install/aun_0009.exe
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - h+tp://www.pcpitstop.com/antivirus/PitPav.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

grr I see elite bar still there grrrr

strolly

Feb 13 2005, 06:52 PM

QUOTE(ruhappytoseeme @ Feb 14 2005, 12:35 AM)

k d/l hykackthis and cw shredder,

heres the list from hyjacker

Logfile of HijackThis v1.99.0
Scan saved at 7:35:07 PM, on 2/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\winupdt.exe
C:\WINDOWS\system32\Pwpnxt.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\sysmonnt.exe
C:\WINDOWS\system32\winbcgk32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\MidTen Media\KERClink\KERclink.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\VPC32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h+tp://us.f545.mail.yahoo.com/ym/login?.rand=5mvnfdq
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = ht+p://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = ht+p://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;<local>
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\system32\winupdt.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vsmzja.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Pwpnxt.exe
O4 - HKLM\..\Run: [vcmpin] C:\WINDOWS\system32\Cache\adl_mteststub.exe
O4 - HKLM\..\Run: [qwtxcc] C:\WINDOWS\system32\qwtxcc.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteiun32.exe
O4 - HKLM\..\RunServices: [MSys32] "C:\Program Files\Tetris 2000\morfitwebentrance.exe"
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: KERclink.lnk = C:\Program Files\MidTen Media\KERClink\KERclink.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ht+p://bar.mywebsearch.com/menusearch.html?p=ZH
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Fill Without Asking &9 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillWithoutAsking.html
O8 - Extra context menu item: Identities &, - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: Rf Options &O - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Fill NoAsk - {320AF880-6646-11D3-ABEE-C5DBF3571F57} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillWithoutAsking.html
O9 - Extra 'Tools' menuitem: Fill Without Asking &9 - {320AF880-6646-11D3-ABEE-C5DBF3571F57} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillWithoutAsking.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities &, - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards &. - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Summersun-Online - {E958B910-6F9B-401d-B00E-AA42C4869B92} - C:\Program Files\Internet Explorer\PLUGINS\toolbar1983232.dll
O9 - Extra 'Tools' menuitem: Summersun-Online - {E958B910-6F9B-401d-B00E-AA42C4869B92} - C:\Program Files\Internet Explorer\PLUGINS\toolbar1983232.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7936F65B-5993-4CB3-96E2-E2DB0B781E10} - ht+++tp://download.kerclink.com:8080/KERclinkInstall.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - ht+p://w++++ww.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - ht+p://ecardslovingyou.com/ecampl.cab
O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - ht+p://www.alwaysupdatednews.com/install/aun_0009.exe
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - h+tp://www.pcpitstop.com/antivirus/PitPav.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

grr I see elite bar still there grrrr[right][snapback]3231915[/snapback][/right]

Not sure how to do this but someone may be able to help but would you need to go into registry and take out the key/s manually? Have you tried system restore? not that it ever hardly works but may be worth a try. Another thing is to right click on start button and explore or explore all users if using xp and see if you can find it and delete it, it may be hiding somewhere strange

firebyrd10

Feb 13 2005, 07:43 PM

QUOTE(ruhappytoseeme @ Feb 13 2005, 08:35 PM)

Running processes:

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\WINDOWS\system32\Pwpnxt.exe

C:\Program Files\MidTen Media\KERClink\KERclink.exe

O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vsmzja.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Pwpnxt.exe
O4 - HKLM\..\Run: [vcmpin] C:\WINDOWS\system32\Cache\adl_mteststub.exe
O4 - HKLM\..\Run: [qwtxcc] C:\WINDOWS\system32\qwtxcc.exe

O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32

O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteiun32.exe

http://download.kerclink.com:8080/KERclinkInstall.cab

http://www.alwaysupdatednews.com/install/aun_0009.exe

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

grr I see elite bar still there grrrr
[right][snapback]3231915[/snapback][/right]

That stuff is iffy to me, you might want to reasearch it and decided what to do.
The bolded stuff I know is a problem.

Also on my last post, make sure you boot with network support if you have the option.

Opps, I just noticed I cut off some of the information on the some of the entires.

Qadeer

Feb 13 2005, 07:53 PM

How about re-installing the windows?

girrl88

Feb 13 2005, 08:01 PM

You can post your HijackThis log at CyberTech Help Forum

They understand how to read the log and will walk you through exactly what to do.

Makeandsave

Feb 13 2005, 08:17 PM

i have disabled the links

thankyou

stanne312

Feb 13 2005, 09:45 PM

Go to housecall, free online anti virus scanner. Maybe it can delete it for you.

ruhappytoseeme

Feb 14 2005, 03:31 PM

QUOTE(firebyrd10 @ Feb 13 2005, 08:43 PM)

That stuff is iffy to me, you might want to reasearch it and decided what to do.
The bolded stuff I know is a problem.

Also on my last post, make sure you boot with network support if you have the option.
Opps, I just noticed I cut off some of the information on the some of the entires.
[right][snapback]3232118[/snapback][/right]

Running processes:

C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe> not sure about these 2
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe

C:\WINDOWS\system32\Pwpnxt.exe this is power point

C:\Program Files\MidTen Media\KERClink\KERclink.exe had this a while, its a paid to play game
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
this is spywareguard

O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vsmzja.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Pwpnxt.exe
O4 - HKLM\..\Run: [vcmpin] C:\WINDOWS\system32\Cache\adl_mteststub.exe
O4 - HKLM\..\Run: [qwtxcc] C:\WINDOWS\system32\qwtxcc.exe
this stuff I dont know?
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32 comes with c*r*a*p* (is the actual name lol without the *)thing 2k2p had me get, to help get rid of the stuff at boot up
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteiun32.exe
THIS IS THE BIGGEST PROBLEM and I keep deleting it and it keeps comming back

its part of the elitebar and I have used the remover and everything and it just keeps comming back (and I do it in safe mode and in regular mode)
[kerclink:8080/KERclinkIn]kerclink:8080/KERclinkI] again this is a game that has not given me problems before
[alwaysupdatednews_0009]alwaysupdatednews_0009[/url].
tried to take out like the elite bar, wont budge
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - [://pcpitstopantivirus/PitPav.cab].pcpitstop.com/antivirus/PitPav.cab[/url] this is a online virus scanner, its the updates, pc pittstop, its safe

I think the main problem is the slite bar, wich for some odd reson , no matter what I try, it will not go away

QUOTE(Qadeer @ Feb 13 2005, 08:53 PM)

How about re-installing the windows?
[right][snapback]3232159[/snapback][/right]

can I do that without reformatting? and will I lose things?

QUOTE(girrl88 @ Feb 13 2005, 09:01 PM)

You can post your HijackThis log at CyberTech Help Forum

They understand how to read the log and will walk you through exactly what to do.
[right][snapback]3232183[/snapback][/right]

thank you, will try that next

QUOTE(makeandsave @ Feb 13 2005, 09:17 PM)

i have disabled the links

thankyou
[right][snapback]3232218[/snapback][/right]

thanks, sorry bout that

QUOTE(stanne312 @ Feb 13 2005, 10:45 PM)

Go to housecall, free online anti virus scanner. Maybe it can delete it for you.
[right][snapback]3232414[/snapback][/right]

been there, done that, seems all the usual things that work just arent working this time

girrl88

Feb 14 2005, 03:47 PM

I think the ppl at CyberTech will be able to fix you up. They really understand all this tech stuff. I think this would go in the "Cyber Safety" part of their forum.

Good Luck.

ruhappytoseeme

Feb 14 2005, 03:50 PM

QUOTE(girrl88 @ Feb 13 2005, 09:01 PM)

You can post your HijackThis log at CyberTech Help Forum

They understand how to read the log and will walk you through exactly what to do.
[right][snapback]3232183[/snapback][/right]

is it ok to copy and paste this whole page over there? I wont get in trouble here or there for it will I? I will say its copied and give this forum the credit.

girrl88

Feb 14 2005, 03:55 PM

Just tell them what's going on - how you can't remove the toolbar and post your whole HijackThis log.

There is a locked "sticky" post, right now it's the 7th one from the top. it has links to make sure you've got the latest version of HijackThis and some other info.

Qadeer

Feb 14 2005, 07:21 PM

QUOTE

can I do that without reformatting? and will I lose things?

If you have multiple portions on your hard disk (like C, D, E, F) then you should move your important data from the drive in which windows is installed (usually C) to another one (like D, E, or F) and than format your C drive only and reinstall the windows. I do this all the time

Average life of my windows is 1 month

P.S. If you are not expert in these type of things than please do not try it as you may harm your important data if you dont know how to do it.

firebyrd10

Feb 14 2005, 07:26 PM

QUOTE(Qadeer @ Feb 14 2005, 09:21 PM)

If you have multiple portions on your hard disk (like C, D, E, F) then you should move your important data from the drive in which windows is installed (usually C) to another one (like D, E, or F) and than format your C drive only and reinstall the windows. I do this all the time

Average life of my windows is 1 month

P.S. If you are not expert in these type of things than please do not try it as you may harm your important data if you dont know how to do it.
[right][snapback]3235708[/snapback][/right]

1 month, wow, I'ved had my windows system running smoothly for 6 months of this PC, and over a year on my other.

ruhappytoseeme

Feb 15 2005, 04:11 PM

well mines been running 7 months on this installation, the last computer was over a year. But seems I got a new spyware tool microsoft anti spyware , and it got rid of most of my problems, got the idea from CyberTech Help Forum thanks girrl88. I dont have different drives this time, used to have one with windows 98 and then one with xp but then my computer went hay wire so I didnt do that this time lol I still have some problems , hopefully I get them worked out soon.

2kids2pets

Feb 15 2005, 04:18 PM

After you delete the elitebar, run c*cleaner the third tab, issues and it should clear out any remailning registry entries that are cropping up and triggering it.

girrl88

Feb 16 2005, 01:09 AM

glad you found some help there. I've learned a lot by lurking around

~penguin~

Feb 16 2005, 02:36 AM

Rescue!