Here Today... Gone To Hell!

Just got some bad ones that won't go... Need a good program, free please, THANKS!!!

My advice to you: Get a mac. Since macs are less popular, they are less likely to get hit by viruses. This computer I've had for a couple years has never got hit by a virus.

That doesn't help my problem man...

I need something free too..

http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html

good luck : ok:

Best suggestion I can offer you is run any / all of your Virus & Spyware scanning apps in "Safe Mode" - they have a much better chance of being able to actually remove whatever you're infected with that way.

-darknemus

Uh.......how do I do that?

Safe mode - F8 at start up.

P.S. Everyone running WindowsXP should always be behind a good firewall. Zonealarm is a good choice.

P.S.S. Never use WindowsXP built in firewall, it's crap. : ok:

personally I like it....IMO it's just easier, if you are not a computer guru, to just use the built in one :peace:

Zonealarm is a piece of shit. Pure evil, it is! Ever tried to uninstall that nifty little software? You have to get all ninja on that mofo to get rid of it.

Neemo, thanks, it took care of half of my problems...

I'll have to do this safe-mode thing...

So, at the start up menu, I push F8 and run the programs from there?

Agree with dark
run the antyspyware and antivirus from safe mode, it's way better  : ok:

Did it.. Most of my stuff is gone but when my IE starts up, http://www.securitybulletin.net/ always comes up even if I change it...

DON'T CLICK ON THAT SITE... IT MIGHT  DO THE SAME TO YOU...

Anyone know how to fix this?

did you install....google tool bar or yahoo toolbar or anything toolbarish? if you did...unistall it : ok:

Easy use mozilla it's way fucking better than IE

again....if you don't know much about computers....stick with IE

Mozilla isn't compatible with all sites :peace:

Ive been using Mozilla for like 2 years and I've never had any problems with sites not being compatible with it. Besides Mozilla is alot better to use then IE. IE always gets spyware and viruses on your pc.

Amen on that, I havent got any problem with any pages, even the ones with lots of plguin

In my opinion the only good antivirus protection software are the ones you have to spend money on better yet the ones you have to  buy in a store. I bought one today and its PCcillin we payed 40$ for it : ok:

I've had good luck with Adaware and Spybot - both free.  I'm sure the paid ones are usually better, but if you are desperate and broke, they are better than nothing.  And one time I had a virus that Norton couldn't find, it was a home page hijacker, and spybot found it.  I don't use Norton anymore.

Your browser is hijacked... hmmm... lets see here... first thing you should do is hook up with Windows Defender.  I think it's the best free tool out there for spyware at the moment.  run a scan.  I wouldn't suggest ZoneAlarm as a firewall.  I've used it, Norton (garbage), and the one built in to my router, and I found that Windows Firewall beats them all (it's easier to configure, and doesn't slow down your surfing).  As for an antivirus, I've tried all the free ones.  Unfortunately, the free ones don't usually pick up on everything that the subscription ones do.

Hmm... Pick up Registry Mechanic here: http://www.pctools.com/registry-mechanic/.  Oh, and to fix your hijacked browser, go to Tools, Internet Options, and clear cookies, temporary files, and history, go to the advanced tab and hit Restore browser defaults.  then close out your browser.  Run a windows defender scan and let that go through.  once it's done, reopen the browser and see if your problem is solved.  if it isn't, go to http://www.majorgeeks.com/download3155.html and download hijack this and run it.  post the logfile from hijack this here and we'll see what you should get rid of.

God, I'm a nerd!!  haha... not really, I've just had some experience with this stuff in the past.

I've had to do exactly what you just described above.  But you definitely need someone to interpret your hijack this file unless you are a major computer nerd.  Anyway, I think I had a version of Cool Web Search, but no programs would remove it.  PC tools Spyware doctor was able to stop it from executing until I actually got it cleaned off. 

Thanks... Here's the log file

Logfile of HijackThis v1.99.1
Scan saved at 10:46:09 PM, on 4/28/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Common Files\AOL\1015154326\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compuserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compuserve.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hpA373.tmp
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - C:\WINDOWS\System32\pmnnl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1015154326\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142095534718
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmnnl - C:\WINDOWS\SYSTEM32\pmnnl.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

Well that makes two of us  :D
(http://70.84.190.115/6236/88/emo/dorky.gif)

Yeah and you gotta pay for that right? Basically if all else fails thats what you gotta do.....that program is pretty cool. (psst....if you look hard enough everything is free, i dunno where to look but I'm sure you can find someone to help you)

About Mozzilla....I never used it before, just what i was told by a very knowledgeable computer person. whatever, i use IE and outlook express....i never get viruses or major spyware problems....just gotta learn what is safe and what isn't...unfortunately it takes trial and error sometimes...not trying to pick a fight with mozzilla users, i was just stating my preferences for computer programs : ok:

adaware and spybot are cool IMO i use both regularily, and i use regestry mechanic too, but it's kinda only good if you use it after the problem has been solved i think. ?Dunno about the highjack....never tried that....give it ?whirl though majorgeeks.com has good stuff on there.

The reason i asked about the searchengine toolbars is cuz alot of those programs are spyware in themselves. the problem you got though...the program loads itself even if you go in safe mode...I've witnessed that problem before...and it sounds like a program that you actually inadvertantly installed....aka the search engine toolbars...never install those fucking things.


also a long way to do it is take evry process that is running and look on a search engine for problems with that file......ones that look suspicious to me are


look for info on these processes and see if they are malicious, if so DL a fix tool : ok: that last one looks to be the culprit though

Nah... HiJackthis is the program I used to get this log and PC-Cillin is my virus scanner... Not sure what this "plaxo" is...

One thing that has worked for me is to just google the name of the hijacking website.  For example, google "securitybulletin virus" .  If it is a common enough virus, you will probably find remove instructions somewhere.  Often they involve deleting something from your registry, so it depends on how brave you are feeling if you try that.

Sterling i was just gonna say that.... : ok:


basically go through each and every file listed in that thing and google them all...you'll find the problem area eventually and how to fix it

the alternative is to format and reinstall :-\

click these ones and remove them...most likely those popups will disappear, trust me ive done this many times

O20 - Winlogon Notify: pmnnl - C:\WINDOWS\SYSTEM32\pmnnl.dll
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hpA373.tmp
O2 - BHO: (no name) - {E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F} - C:\WINDOWS\System32\pmnnl.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Q is all knowing and all seeing

Can't find em... How do I get to them to delete em?

You have to edit your registry.  Someone here can probably give you directions on how to do it.  I've never been brave enough to do it myself.

didnt you run hijackthis to get the log?

you can delete them from hijackthis

run hijackthis
select "Do a system scan only"
in the list of items there is a box beside each one on the left hand side, click the box beside the ones ive mentioned above so that they have check marks beside them...(make sure you select the right ones)
click the button that says "fix checked" (at the bottom of the window) and hijackthis will remove the items...
close hijackthis
reboot your pc

do another scan with hijackthis to make sure these items have been permanently deleted

voila

no zone alarm
no internet explorer
no firefox
no windows

Did some scans and manually deleted all the junk in safe-mode, etc...

That site doesn't come up anymore but when I start of IE, it's blank and when I try to change it, it doesn't work... Anyone help?

Do you mean when you try to change your default home page, it doesn't work?  Or you can't go to a different site?

Also if it says "about:blank", that is sometimes virus. 

run hijackthis and post your log again