Changes in IE default pages, etc.. - Detected by SpySweeper.

>> then Run them one by one in SAFEMODE to delete everything they detect !!!!
>> After that reboot back in Normal Mode.

Could you please tell me what does SAFEMODE and Normal Mode here?

Thanks.

Normal Mode is that mode in which u are running ur system now, with all devices and background applications and services :)

and Safemode means there will be no additional devices, background services and applications... this mode is basically for troubleshooting windows problems..... and as most of the spywares and viruses run their files in background in normal mode, they can interrupt with the Removal tools and cannot be deleted easily.... so we run those tools in Safemode :)

How to get into safemode >> http://www.computerhope.com/issues/chsafe.htm

Also one more thing,,,,, in ur msconfig>Startup section, untick all applications, and just leave the ones which are for ur Antivirus and Firewall softwares.... :)

oh, yeah Ok...its system safemode and normal mode...

will back soon, thanks again.

Hi,

With Spybot, I removed some spywares and adwares.

but everytime, i scan with Spybot, it shows me 'DSO Exploit'. Even though i removed it, if i scan again, i get the same problem.

Pls tell me how i cna get rid of it.

Thanks.

Now as u have scanned with the above tools... can u post here the LOG from hijakcthis scan :)
and these DSO Exploits are nothing but just a BUG in Spybot..... visit this page for some solutions to this problem.

Spybot keeps finding DSO exploit
http://www.computing.net/windowsxp/wwwboard/forum/104837.html

I am getting the problem still....(i thought a spy toolbar went out if i disabled some things in SystemStart, but its still there) :-(

Please have a look at this:

http://jaggybala.clawz.com/CalendarTool/SpywareProblem.JPG

( A toolbar below 'Google' pop-up blocker and error page which is weird.)

This is my Log File.

Logfile of HijackThis v1.98.2
Scan saved at 02:28:45, on 08/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
D:\Backups\Phone-Applications\hotfoon4.exe
C:\Programme\Webroot\Shredder\spshredder.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\SmartFTP\SmartFTP.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\jaggy\Desktop\protect-computer\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ozpteqhxwdglyzw.com/Xb/Kg89Ik0_z_L8LKd0zYlU2DbYQOtVZohCG3GWNpFejqsT_mAZ30feuuBG0zMHQ.html
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [OnlineCdrom] C:\PROGRA~1\ATOMDE~1\32third.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [HOTFOON2] D:\Backups\Phone-Applications\hotfoon4.exe /h
O4 - HKCU\..\Run: [Spam Shredder] "C:\Programme\Webroot\Shredder\spshredder.exe" -tray
O4 - HKCU\..\RunOnce: [unPopUpWasher] unPopUpWasher.exe rm
O4 - Startup: WinMySQLadmin.lnk = C:\Dokumente und Einstellungen\jaggy\Desktop\mysql4\mysql-4.1.1a-alpha\bin\winmysqladmin.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1805A68D-44FB-49C5-A9E6-1E9EE9AD81AF}: NameServer = 141.44.1.2,141.44.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB873E8C-D6D6-4749-8FF7-93D8DD601200}: NameServer = 141.44.1.2,141.44.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1805A68D-44FB-49C5-A9E6-1E9EE9AD81AF}: NameServer = 141.44.1.2,141.44.1.1


Thanks.

with Hijackthis, delete:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ozpteqhxwdglyzw.com/Xb/Kg89Ik0_z_L8LKd0zYlU2DbYQOtVZohCG3GWNpFejqsT_mAZ30feuuBG0zMHQ.html

then run CWShredder again, and if that doesnt help, I suggest you use StartpageGuard ( http://www.webattack.com/get/startpageguard.shtml )

Happy (and safe) Surfing

Extortioner15 ..... repeating what an Expert has already suggested is not Allowed :)

I did not repeat an answer, I suggested you were right and I said if that didnt work, he had to install Startpageguard!
Now lets stay ontopc shall we?

>>  I suggested you were right and I said if that didnt work, he had to install Startpageguard!
well u didn't mention abt me even there..... but never mind,,,, leave it !!!! :)

If you still can't solve the problem, try the SpyBot Search&Destroy. You can find it at http://beam.to/spybotsd
Good luck