FRIHOST • FORUMS • SEARCH • FAQ • TOS • BLOGS • COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Virus Problem





NuniPio
hi, just wandering if anyone has a Download.Trojan virus in the files:

st3.dll and q15823743.dll

i cant seem to delete them and when i run antivirus from boot disc it wont detect my drives (i think coz ive got some sata problems)

any1 got some suggestion?
Naif
Whenever you come across a file which you feel contains malware, go to google and do a search for it. All you need to type would be: assuming you want to know if whether st3.dll contains a virus, type "st3.dll" without the quotes in the search box. If the file indeed contains malware, pages which flag it will appear in the search results.
Sunny
Here the solutions that can be tried in order

a) If you have xp..First thing I'll suggest you is to try and restore your pc to an older date when you didnt had this problem. To do this click start>run>type restore>new window will come up>dbl click rstrui.exe>>check resore my pc>>on left side select the date.

b)Try booting the PC in safe mode and then try to delete the files.

c)Search for a program "hijackthis" and download it, It has a feature which can delete the files on boot before they load.You can also do a system scan using hijackthis and paste log here as I suspect you might be affected by other malwares/spywares.

if you still can't get rid of it, you can pm me
jmanjman47
Put a search on that for google. There should be many sites that will help you solve your problem. In my opinion, you should run your antivirus software again and check one more time. What program do you use?, That could also be the case.....
otiscom
Make sure you anti-virus prog is always up to date and run a scan regularly, if you download a lot this should be once a week minimum!

Install a prog called Spybot S&D this will prevent unwanted registry changes made by these problem programs.

Also get Adaware and run this often.

These apps are all free.

Between them these apps will keep you fairly clean.

As to removing the ones you mention, then yes look on Google there is bound to removal info on there.



.
technology.sponge
YES! I have 34 copies of the virus in quarantine!!!!
Unfortunately, u cannot remove it very well.
I've tried AVG, NORTON, VET
SPYBOT S&D, ADAWARE, SPYWARE DOCTOR
but none r able to even in safe mode or booted from a recovery iso

to put it simply, quarantine the file and live with it
abhinav_shah
Quarantine it and hope for the best
bananaphone
johanfh
Either one of these:
- YOU wrote the virus and instructed it to just copy itself 32 times
- or you know Nick
- or you have yust hacked into his pc
- or you΄re clairvoyant
- or you're bluffing Smile

Wich one of thes is right? Laughing

JohanFH
eliasr
ok, a virus can be easy to get rid off.

1. seach for mboot, its a porgram as delete files on the boot (no it cant delete your antivirus files ,because it dont got acces)

its maybe because the dll is in use, then mboot should could do it

2. if you cant stop the dll file from running, try a program named hijackthis, it should could find it and then can you delete it

3 the anitivirus can find it, it should give som info on what virus it is, try to find a repair tool on www.pandasoftware.com
also try the program, but i use avg, because panda so sometimes leave some files left ,grr, i did use a hell of time to get rid of them
elektronikevi
search in google
gnomme
sometimes is better to format the disk! save all your data first and format C:
KemikadaM
easy way FORMAT C:
windows setup Smile
yjwong
Hey, Formatting your drive is not always a solution.
IceCameron
http://forums.majorgeeks.com/showthread.php?t=35407


Try following these instructions. Often gets rid of 70-80% of uncanny funny igonrant thingymebobs hiding in your computer.
Lloydie_gb
I have just deleted a Trojan from my pc.
But when it hijacked my pc it put a IE page as my background, i deleated the IE page but now i have a white square in the top left of my screen. I can right click on it and view its source.
Its file name is-
C:__WINDOWS_warnhp[1].txt

I used XoftSpy to deleat the Trojan but it cant find the txt document.

Iv done a search for the file on my pc and cant find it.

Any ideas??

P.S.

I can only think of Formating C: but i thought i would ask around first!
progman89
NuniPio wrote:
hi, just wandering if anyone has a Download.Trojan virus in the files:

st3.dll and q15823743.dll

i cant seem to delete them and when i run antivirus from boot disc it wont detect my drives (i think coz ive got some sata problems)

any1 got some suggestion?

I don't know anything about the second DLL. However, the first one is supposedly a trojan (I've heard of it being a couple different ones so I can't give you the name). Try updating your antivirus software and running it one last time to see if you can get rid of the trojan that way. If you cannot, I would download RootkitRevealer. Run the program and get rid of any malicious rootkits you see listed. Then try deleting the file st3.dll.
You can download RootkitRevealer at http://www.sysinternals.com/Utilities/RootkitRevealer.html
I would make sure you are only deleting rootkits that are actually there for malicious reasons; some things show up as rootkits even when they are not harmful.
COTC
The problem with many of these suggestions is that though antivirus software may find the virus, as of late there seem to be a lot of viruses with an undetectable source file. I have often (on my own and clients' computers) had to do research on the file detected as a virus, find out what the source file is, boot in safe mode and start deleting that way. Many times it involved ugly registry work as well.

Indeed try the AV methods first. If this does not work, do research on the file and usually you can find removal instructions as well.

I actually have my system restore turned off for various reasons. Not the least of which is the resources it eats.
710ths
Hi, these other guy's posting seem to be giving the right advise. All I can add is download a free beta copy of Microsoft's spyware at http://www.microsoft.com/athome/security/spyware/software/default.mspx

I've been using it for the last two months and its quite good. You get automatic updates included etc. Supprisingly for Microsoft its FREE, good old Bill.
cycu
you instaling avast http://avast.com
technology.sponge
bananaphone wrote:
technology.sponge wrote:
YES! I have 34 copies of the virus in quarantine!!!!
Unfortunately, u cannot remove it very well.
I've tried AVG, NORTON, VET
SPYBOT S&D, ADAWARE, SPYWARE DOCTOR
but none r able to even in safe mode or booted from a recovery iso

to put it simply, quarantine the file and live with it


Hang on Nick - how on Earth did you get 34 copies of the virus on your computer, when I know for a fact you only have 32 at last count??


whoa! duz it reeli matter? i dun seem to think u stalk me 24/7
NuniPio
technology.sponge wrote:
YES! I have 34 copies of the virus in quarantine!!!!
Unfortunately, u cannot remove it very well.
I've tried AVG, NORTON, VET
SPYBOT S&D, ADAWARE, SPYWARE DOCTOR
but none r able to even in safe mode or booted from a recovery iso

to put it simply, quarantine the file and live with it


i cant put it in quarantine
NuniPio
progman89 wrote:
NuniPio wrote:
hi, just wandering if anyone has a Download.Trojan virus in the files:

st3.dll and q15823743.dll

i cant seem to delete them and when i run antivirus from boot disc it wont detect my drives (i think coz ive got some sata problems)

any1 got some suggestion?

I don't know anything about the second DLL. However, the first one is supposedly a trojan (I've heard of it being a couple different ones so I can't give you the name). Try updating your antivirus software and running it one last time to see if you can get rid of the trojan that way. If you cannot, I would download RootkitRevealer. Run the program and get rid of any malicious rootkits you see listed. Then try deleting the file st3.dll.
You can download RootkitRevealer at http://www.sysinternals.com/Utilities/RootkitRevealer.html
I would make sure you are only deleting rootkits that are actually there for malicious reasons; some things show up as rootkits even when they are not harmful.


it is detected with antivirus but there is no way of deleting coz it is in use or something..but i have tried various progs and methods, and i do not want to format..any other suggestions?
Sparky666
Just go to safe mode and delete the file
COTC
NuniPio wrote:
progman89 wrote:
NuniPio wrote:
hi, just wandering if anyone has a Download.Trojan virus in the files:

st3.dll and q15823743.dll

i cant seem to delete them and when i run antivirus from boot disc it wont detect my drives (i think coz ive got some sata problems)

any1 got some suggestion?

I don't know anything about the second DLL. However, the first one is supposedly a trojan (I've heard of it being a couple different ones so I can't give you the name). Try updating your antivirus software and running it one last time to see if you can get rid of the trojan that way. If you cannot, I would download RootkitRevealer. Run the program and get rid of any malicious rootkits you see listed. Then try deleting the file st3.dll.
You can download RootkitRevealer at http://www.sysinternals.com/Utilities/RootkitRevealer.html
I would make sure you are only deleting rootkits that are actually there for malicious reasons; some things show up as rootkits even when they are not harmful.


it is detected with antivirus but there is no way of deleting coz it is in use or something..but i have tried various progs and methods, and i do not want to format..any other suggestions?


Safemode (during boot-up, tap F8 until options appear).
Find the file.
Delete.
REboot.
Scan.
Repost if it is still there.
benjamincblunt
Okay hey nick after looking at your problem people were butts when trying to answer it so i appologize for them. Ok first off norton and all that crap aren't the most stable programs now i'm gonna tell you first to of course try these two more program to get the viruss removed then if that doesn't work i'd just go for the approach of getting a program like a data scrambler or permanant file deleter that would take care of those. First for virus programs two more of the best out there are Mcafee & Zonealarm security suite. if both of those don't work i'd only suggest getting mcafee shredder and/or mcafee quick clean and that should take care of your problem. hope that helps
COTC
benjamincblunt wrote:
Okay hey nick after looking at your problem people were butts when trying to answer it so i appologize for them. Ok first off norton and all that crap aren't the most stable programs now i'm gonna tell you first to of course try these two more program to get the viruss removed then if that doesn't work i'd just go for the approach of getting a program like a data scrambler or permanant file deleter that would take care of those. First for virus programs two more of the best out there are Mcafee & Zonealarm security suite. if both of those don't work i'd only suggest getting mcafee shredder and/or mcafee quick clean and that should take care of your problem. hope that helps


*blink*

Ok.. well, this butt shall speak again.
I don't recommend mcafee unless you do, in fact, enjoy extra resources being eaten unnecessarily as well as extra space being used without need. McAfee and Norton are both resource hogs. But again, as I stated previously, this is a matter of preference, of course and should be taken as such.

Zonealarm is a good proggie.

But none of these will delete many of the viruses that have been coming out. I was not trying to be a 'butt' when I said research the virus, find the file name, and go into safe mode and registry as indicated by the directions you will most likely find. I was being honest. If you don't, a lot of times with the newer viruses, you will get rid of the symptoms... not the virus.
NuniPio
COTC wrote:
NuniPio wrote:
progman89 wrote:
NuniPio wrote:
hi, just wandering if anyone has a Download.Trojan virus in the files:

st3.dll and q15823743.dll

i cant seem to delete them and when i run antivirus from boot disc it wont detect my drives (i think coz ive got some sata problems)

any1 got some suggestion?

I don't know anything about the second DLL. However, the first one is supposedly a trojan (I've heard of it being a couple different ones so I can't give you the name). Try updating your antivirus software and running it one last time to see if you can get rid of the trojan that way. If you cannot, I would download RootkitRevealer. Run the program and get rid of any malicious rootkits you see listed. Then try deleting the file st3.dll.
You can download RootkitRevealer at http://www.sysinternals.com/Utilities/RootkitRevealer.html
I would make sure you are only deleting rootkits that are actually there for malicious reasons; some things show up as rootkits even when they are not harmful.


it is detected with antivirus but there is no way of deleting coz it is in use or something..but i have tried various progs and methods, and i do not want to format..any other suggestions?


Safemode (during boot-up, tap F8 until options appear).
Find the file.
Delete.
REboot.
Scan.
Repost if it is still there.


cant delete through safe mode
NuniPio
benjamincblunt wrote:
Okay hey nick after looking at your problem people were butts when trying to answer it so i appologize for them. Ok first off norton and all that crap aren't the most stable programs now i'm gonna tell you first to of course try these two more program to get the viruss removed then if that doesn't work i'd just go for the approach of getting a program like a data scrambler or permanant file deleter that would take care of those. First for virus programs two more of the best out there are Mcafee & Zonealarm security suite. if both of those don't work i'd only suggest getting mcafee shredder and/or mcafee quick clean and that should take care of your problem. hope that helps


i think the problem is not with detecting the file with progs but deleting it altogether, its being used by internet explorer, i know that much as i disabled it from the addons.
COTC
Can you post a hijackthis log?

You candownload Hijackthis from:

http://www.majorgeeks.com/download3155.html


EDIT: When you get the log, copy/paste the content into a message here.
NuniPio
COTC wrote:
Can you post a hijackthis log?

You candownload Hijackthis from:

http://www.majorgeeks.com/download3155.html


EDIT: When you get the log, copy/paste the content into a message here.


Logfile of HijackThis v1.99.1
Scan saved at 6:30:33 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\MSI\LockBox\LockBox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\1337\LOCALS~1\Temp\Rar$EX00.692\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nunipio.frih.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.4 www.vparivalka.com
O1 - Hosts: 127.0.0.4 iframeprofit.com
O1 - Hosts: 127.0.0.4 www.iframeprofit.com
O1 - Hosts: 127.0.0.4 topsearch10.com
O1 - Hosts: 127.0.0.4 www.topsearch10.com
O1 - Hosts: 127.0.0.4 statscash.biz
O1 - Hosts: 127.0.0.4 www.statscash.biz
O1 - Hosts: 127.0.0.4 vxiframe.biz
O1 - Hosts: 127.0.0.4 www.vxiframe.biz
O1 - Hosts: 127.0.0.4 crazy-toolbar.com
O1 - Hosts: 127.0.0.4 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.4 topcash.biz
O1 - Hosts: 127.0.0.4 www.topcash.biz
O1 - Hosts: 127.0.0.4 loadcash.biz
O1 - Hosts: 127.0.0.4 www.loadcash.biz
O1 - Hosts: 127.0.0.4 txiframe.biz
O1 - Hosts: 127.0.0.4 www.txiframe.biz
O1 - Hosts: 127.0.0.4 procounter.biz
O1 - Hosts: 127.0.0.4 www.procounter.biz
O1 - Hosts: 127.0.0.4 advadmin.biz
O1 - Hosts: 127.0.0.4 www.advadmin.biz
O1 - Hosts: 127.0.0.4 trafficbest.net
O1 - Hosts: 127.0.0.4 www.trafficbest.net
O1 - Hosts: 127.0.0.4 besthvac.com
O1 - Hosts: 127.0.0.4 www.besthvac.com
O1 - Hosts: 127.0.0.4 traff4.com
O1 - Hosts: 127.0.0.4 www.traff4.com
O1 - Hosts: 127.0.0.4 ambush-script.com
O1 - Hosts: 127.0.0.4 www.ambush-script.com
O1 - Hosts: 127.0.0.4 beehappyy.biz
O1 - Hosts: 127.0.0.4 www.beehappyy.biz
O1 - Hosts: 127.0.0.4 tracktraff.cc
O1 - Hosts: 127.0.0.4 www.tracktraff.cc
O1 - Hosts: 127.0.0.4 allcount.net
O1 - Hosts: 127.0.0.4 www.allcount.net
O1 - Hosts: 127.0.0.4 onedayoffer.biz
O1 - Hosts: 127.0.0.4 www.onedayoffer.biz127.0.0.1 downloads1.kaspersky-labs.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O2 - BHO: (no name) - {F5A05730-E156-4D92-9B5D-5E20C5ADB646} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\WINDOWS\NV2360736.TMP\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: docent0 - docent0.dl (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q15823743.dll
O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
NuniPio
so..is there a fix with the previous info i posted?
motamedi
if yoyr PC have virus do the below:
1- install an antivirus (for example : Norton , macafee , Kaspersky and etc )
2- Scan your PC
3- delete file(s) that your antivirus found.
4- now you clean your Pc Successesfully .
deus
You definetely have spyware on your computer!

Quote:
O1 - Hosts: 127.0.0.4 www.vparivalka.com
O1 - Hosts: 127.0.0.4 iframeprofit.com
O1 - Hosts: 127.0.0.4 www.iframeprofit.com
O1 - Hosts: 127.0.0.4 topsearch10.com
O1 - Hosts: 127.0.0.4 www.topsearch10.com
O1 - Hosts: 127.0.0.4 statscash.biz
O1 - Hosts: 127.0.0.4 www.statscash.biz
O1 - Hosts: 127.0.0.4 vxiframe.biz
O1 - Hosts: 127.0.0.4 www.vxiframe.biz
O1 - Hosts: 127.0.0.4 crazy-toolbar.com
O1 - Hosts: 127.0.0.4 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.4 topcash.biz
O1 - Hosts: 127.0.0.4 www.topcash.biz
O1 - Hosts: 127.0.0.4 loadcash.biz
O1 - Hosts: 127.0.0.4 www.loadcash.biz
O1 - Hosts: 127.0.0.4 txiframe.biz
O1 - Hosts: 127.0.0.4 www.txiframe.biz
O1 - Hosts: 127.0.0.4 procounter.biz
O1 - Hosts: 127.0.0.4 www.procounter.biz
O1 - Hosts: 127.0.0.4 advadmin.biz
O1 - Hosts: 127.0.0.4 www.advadmin.biz
O1 - Hosts: 127.0.0.4 trafficbest.net
O1 - Hosts: 127.0.0.4 www.trafficbest.net
O1 - Hosts: 127.0.0.4 besthvac.com
O1 - Hosts: 127.0.0.4 www.besthvac.com
O1 - Hosts: 127.0.0.4 traff4.com
O1 - Hosts: 127.0.0.4 www.traff4.com
O1 - Hosts: 127.0.0.4 ambush-script.com
O1 - Hosts: 127.0.0.4 www.ambush-script.com
O1 - Hosts: 127.0.0.4 beehappyy.biz
O1 - Hosts: 127.0.0.4 www.beehappyy.biz
O1 - Hosts: 127.0.0.4 tracktraff.cc
O1 - Hosts: 127.0.0.4 www.tracktraff.cc
O1 - Hosts: 127.0.0.4 allcount.net
O1 - Hosts: 127.0.0.4 www.allcount.net
O1 - Hosts: 127.0.0.4 onedayoffer.biz
O1 - Hosts: 127.0.0.4 www.onedayoffer.biz127.0.0.1


I recommend using Spyware Doctor (trial) and Spybot S&D to scan your computer for spyware/adware.. These are the best tools! I use them very often, so my system stays clean...

Another good tool to clean your registry is Ace Utilities. This is to speed up your system. It deletes bad/invalid registry entries, cleans out your hard-drive, searches for invalid shortcuts, etc. Really good!

Please let us know how it turned out... Smile
Related topics
USB Problem
My computer restarts?
Virus Problem
My Computer hanging problem in Windows 2003.
ibm00001.exe and Virus problem
Brotok virus problem???
temporary internet files... problem
Weird Icon Problems ?? - Probally a Virus
Your takes on COPYING DVDs & Software.
Restrict By Bro Act Virus Problem
Files corrupted
Invisible Files in Windows, not MACs-NOT "HIDDEN FILES&
So, what anti virus protection do you use?
Computer not booting - and virus problem.
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.