Still having problems after running all online scans and virus removal programs

BJ,

Guitardaddy has 6 threads started in the Spyware Forum. All of which we have been answered and none of which has there been a reply to. I think we need to inform Guitardaddy to stop posting new threads and remain in one. And to also answere the reponses that have been given from now on.

 

You must remain in one thread for you problem and you never seem to respond to any of the procedures given to you. Look at each of your other posts.

 

Just like you are right now.

If each problem is different, it would be okay to work in new threads. But you should only work one problem thru to completion before starting others.

 

Just click reply in the thread to add a new message. You cannot edit messages after 5 minutes has elapsed since posting them.

 

Yes! There are only a few minor things to fix. I'll give that below. But explain what your problems is. You said you are trying to delete "files". What files?


If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {F1E3D6A6-4101-4707-8307-159C698A30B3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1E3D6A6-4101-4707-8307-159C698A30B3} - (no file) (HKCU)

I would also fix the below unless you recognize it to be valid.
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab

Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

No! We will normally tell you when you need to boot into different modes, so only do exactly what we write. If you have questions or are not sure (just like this one), just asked before continuing.

 

Where is the xdat.avi file located? And did you try booting in safe mode and deleting it?

For the iPod service, try the below.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to iPod Service (or iPodService). Then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, open up HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

iPod Service

If that does not work, use the short name without a space in it: iPodService

You may be told to reboot at this point so go ahead and reboot and look at your log after reboot to see if the service is gone.

 

Re: Setting ActiveX on Netscape 8.0.0.3

I don't use or have Netscape! This is not a malware topic either. You would be better off requesting help on this question in the Software Forum.