Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows error service: Spyware? Virus?

Posted on 2004-05-02
31
Medium Priority
?
8,890 Views
Last Modified: 2008-02-01
Hi,

I recently started getting an error message:

Title: Windows error service
Message: Windows detected Spyware on your computer. Download free spyware scanner & Remover.

Theres an OK and CANCEL button, i have not up until now clicked on the "OK" button because i have a feeling it is not an original windows error message. It pops up occasionally.

Can someone tell me what it's about and is it a legal message? Could it be a potential virus of some kind? If so how can i get rid of it or find it's executing source on my PC?

Thanks,
Zephyr__

0
Comment
Question by:Ravi Singh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 11
  • 7
  • +2
31 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 100 total points
ID: 10972605
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972609
Download HijackThis from here, run it and Post the Log File here:
http://www.softpedia.com/public/cat/10/17/10-17-69.shtml
0
 
LVL 44

Assisted Solution

by:CrazyOne
CrazyOne earned 100 total points
ID: 10972614
Windows on its own usually doesn't throw these kind of errors so...

Check for adware and sypware all are free except Spycop: http://www.spycop.com/

Also use SpyBot and AdAware in tandem. Neither is 100% accurate but the two of them together get pretty close to 100% accuracy.

spybot here
http://www.safer-networking.org/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download

AdAware
http://www.lavasoftusa.com/

Not Free
Spycop:
http://www.spycop.com/
==========================

Could be a Broweser high jacker behind the problem

This little didy will get rid of some of the more well known Home page Hijackers.
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html 
here is a description of what it does
http://www.softpedia.com/public/cat/10/17/10-17-143.shtml
Features:

· Redirections to CoolWebSearch related pages
· Redirections when mistyping URLs
· Redirections when visiting Google
· Enormous IE slowdowns when typing
· IE start page/search page changing on reboot
· Sites in the IE Trusted Zone you didn't add
· Popups in Google and Yahoo when searching
· Errors at startup mentioning WIN.INI or IEDLL.EXE
· Unable to change or see certain items in IE Options
· Unable to access IE Options at all

download here
http://www.spychecker.com/download/download_coolwebshredder.html
----------------------------------

Could be a Broweser high jacker behind the problem
Hijack This and BHODemon and Browser Hijack Blaster

Hijack This http://www.spywareinfo.com/~merijn/files/hijackthis.zip | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.

http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon http://www.spywareinfo.com/downloads/bhod/ | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster http://www.wilderssecurity.net/bhblaster.html | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.
=======================

General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972631
>>>Theres an OK and CANCEL button, i have not up until now clicked on the "OK" button because i have a feeling it is not an original windows error message. It pops up occasionally.

Very wise not to click the OK button like you said it doesn't appear to be legit Windows message. Perhaps it is coming from a web site you are visiting or something go installed on your system. Are you using Kaaza, if so then that is probably the culprit.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972633
CrazyOne, can u plzz have a look at this question >> http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20975227.html

Either im not getting what he is asking, or he is not getting what im telling :-\
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972671
Logfile of HijackThis v1.97.7
Scan saved at 19:22:29, on 02/05/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Winterbottom\Desktop\hijackthis1977\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://svcs.microsoft.com/svcs/mms/addin.asp?Plcid=0409&Version=4.7&CLCID=0409&BrandID=WindowsMessenger&Country=UK
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\IEXPLORE.EXE
O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O15 - Trusted Zone: http://*.flingstone.com
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexGB562.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A23A6ED3-B9A1-44A8-9C9B-CD052DDBD006}: NameServer = 62.241.160.200 158.43.240.3

0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972681
At the moment there are about 4 people sharing my pc with me, ive asked them and one of them actually said it could have been him who accidentally downloaded something from the internet yesterday. Is there anyway of seeing what files were opened yesterday (1/05/2004)

0
 
LVL 7

Expert Comment

by:rhrowson
ID: 10972686
Turn on the Firewall and only allow the services you need
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972688
This one looks fishy O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972696
Not sure about this one HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972699
O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe

adn these two also look suspisious to me :-\
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972711
When the message pops up i click on ctrl+alt+delete click on the process for the message and services.exe in the process tab.

Is this of any help
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972712
> O15 - Trusted Zone: http://*.flingstone.com
> O15 - Trusted Zone: http://*.mt-download.com
> O15 - Trusted Zone: http://*.xxxtoolbar.com


Have u added these sites to Trusted Zones urself ??
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972719
> O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe

And im sure this is that entry :)

Right Crazy ??
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972723
sorry that wasnt clear,

when i right click on the process it gives an option saying "go to process", when i click that it highlights the "services.exe" file in the processes tab.
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972727
Them sites were'nt added by me, it might have been one of my flat mates.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972737
How many services.exe do you see listed? There is a legit services.exe but it doesn't run from this folder "C:\WINDOWS\system32\inetsrv\services.exe" it runs from the "C:\WINDOWS\system32\" folder
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972744
i deleted the services.exe from

"C:\WINDOWS\system32\inetsrv\services.exe"

but the message still seems to pop up
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972749
Ok now when i check the process it takes me to the csrss.exe
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972752
in the windows task manager there are two processes named csrss.exe
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972760
O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
O15 - Trusted Zone: http://*.flingstone.com
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexGB562.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
 

Run hijacthis, check these entries, and click on FIX
reboot the amchine and now check for the problem.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972785
Ok end one of the csrss.exe. If your system doesn't complain about the one you killed then go to C:\WINDOWS\system32\drivers\ and delete csrss.exe
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972794
Actually you should really run an antivirus scanner and AdAware/Spybot.
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10972933
Hi,


O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe


I used HiJackThis to fix these files, restarted pc and same error happens. I also deleted these files manually myself but when i restart the pc they come back! And when i run the sysconfig utility both of them files are selected on startup. when i untick them and restart they seem to appear again as selected.

Could it be another file which is somehow generating these two files?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972948
Downlaod these softwares and scan the system with them !!

AdAware==> http://www.webattack.com/download/dladaware.shtml
SpyBot ==> http://www.webattack.com/download/dlspybot.shtml
CoolWebShredder ==> http://www.spychecker.com/program/coolwebshredder.html 
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10972954
and run them in safemode !!
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10973266
Hi SheharyaarSaahil,

I scanned the computer using the software your recommended and i also allowed the software to fix any problems it found. But still i seem to get the error message.

Any more ideas?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10973421
run hijackthis again, and post the log here !!
0
 
LVL 18

Author Comment

by:Ravi Singh
ID: 10973495
Hi SheharyaarSaahil,


I seem to have got ridden of the message, i'm assuming one of the programs you recommended must have done it some how! I'm not sure what caused the error or exactly which software did the trick. Anyway thanks for your patience and help, appreciated.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10973502
that's good :)

!! HAVE A NICE TIME !!
0
 

Expert Comment

by:dew100
ID: 11526344
Logfile of HijackThis v1.97.7
Scan saved at 11:54:54 PM, on 11/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\system32\arpa.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\WINDOWS\system32\arpa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\cleaner.exe
C:\WINDOWS\cleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LocalService\Application Data\laeb.exe
C:\WINDOWS\System32\hza.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\tlryo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\Old HDD\My Documents\DOC's\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tbaytel.net/templates/main_template.asp?section_id=3&page_id=3
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6CFA4B7D-E868-29CF-8652-10550CA5286B} - C:\WINDOWS\System32\xhobome.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdRotator.Application] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SuperBar.Component] C:\WINDOWS\system32\inetsrv\services.exe
O4 - HKLM\..\Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:\WINDOWS\system32\wbem\svchost.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://*.flingstone.com
O15 - Trusted Zone: http://*.mt-download.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1089154018877
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.375150463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{083BA8C2-77A8-4E8E-9AA4-2B7D4BCB0986}: NameServer = 216.211.26.14 216.211.26.15


Spy Sweeper got Purity Scan, go2net.com which always show up----Spybot got Purity
 and DSO Exploit but couldnot fix Exploit---Webshredder was clean ---Stinger clean too
But on deleteing cookies  and temporary internet files a DATFile 48K would not delete
it was being used by another person or program-- so far the sme popup show but the Explorer initialization error doesnot--  what is next
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question